[DTrace-devel] [PATCH v2 2/7] cmd, libdtrace: fix potentially unsafe printf-like calls
Kris Van Hees
kris.van.hees at oracle.com
Tue Dec 6 22:17:03 UTC 2022
GCC 12 flagged some calls to printf-style functions for using a dynamic
string as format without arguments. If the dymanic string somehow can
be made to contain a substitution sequence (%<something>) this would be
unsafe.
Signed-off-by: Kris Van Hees <kris.van.hees at oracle.com>
---
cmd/dtrace.c | 4 ++--
libdtrace/dt_printf.c | 2 +-
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/cmd/dtrace.c b/cmd/dtrace.c
index 732150df..58325921 100644
--- a/cmd/dtrace.c
+++ b/cmd/dtrace.c
@@ -521,7 +521,7 @@ prochandler(pid_t pid, const char *msg, void *arg)
static int
errhandler(const dtrace_errdata_t *data, void *arg)
{
- error(data->dteda_msg);
+ error("%s", data->dteda_msg);
return DTRACE_HANDLE_OK;
}
@@ -529,7 +529,7 @@ errhandler(const dtrace_errdata_t *data, void *arg)
static int
drophandler(const dtrace_dropdata_t *data, void *arg)
{
- error(data->dtdda_msg);
+ error("%s", data->dtdda_msg);
return DTRACE_HANDLE_OK;
}
diff --git a/libdtrace/dt_printf.c b/libdtrace/dt_printf.c
index d060670a..6ee317e6 100644
--- a/libdtrace/dt_printf.c
+++ b/libdtrace/dt_printf.c
@@ -1305,7 +1305,7 @@ dt_printf_format(dtrace_hdl_t *dtp, FILE *fp, const dt_pfargv_t *pfv,
memcpy(tmp, pfd->pfd_prefix, pfd->pfd_preflen);
tmp[pfd->pfd_preflen] = '\0';
- if ((rval = dt_printf(dtp, fp, tmp)) < 0)
+ if ((rval = dt_printf(dtp, fp, "%s", tmp)) < 0)
return rval;
if (pfv->pfv_flags & DT_PRINTF_AGGREGATION) {
--
2.37.2
More information about the DTrace-devel
mailing list