mirrors/rufus
1
0
Fork 0
mirror of https://github.com/pbatard/rufus.git synced 2025-06-04 08:29:50 -04:00
Code Issues Projects Releases Packages Wiki Activity

[misc] harden usage of uprintf()

Browse source 
* Passing a non-formatting buffer as first parameter of uprintf() can lead
  to an exception if this buffer happens to contain a '%' character, so
  usage of uprintf() with string buffers that may contain '%' should be
  sanitized.
* Also drop the _uprintf/_uprintfs aliases as they are no longer required.
This commit is contained in:
Pete Batard 2023-04-20 17:43:24 +01:00
parent 1a3a155e8c
commit fffd4d1160
No known key found for this signature in database
GPG key ID: 38E0CF5E69EDD671
12 changed files with 37 additions and 31 deletions
Download patch file Download diff file Expand all files Collapse all files

4
src/stdfn.c
View file

@ -762,8 +762,8 @@ DWORD RunCommand(const char* cmd, const char* dir, BOOL log)
output = malloc(dwAvail + 1);
if ((output != NULL) && (ReadFile(hOutputRead, output, dwAvail, &dwRead, NULL)) && (dwRead != 0)) {
output[dwAvail] = 0;
// coverity[tainted_string]
uprintf(output);
// output may contain a '%' so don't feed it as a naked format string
uprintf("%s", output);
}
free(output);
}