Home | Docs | Forums | Lists | Bugs | Planet | Store | GMN | Get Gentoo!
Not eligible to see or edit group visibility for this bug.
View Bug Activity | Format For Printing | XML | Clone This Bug
There are more format string bugs than those reported by 'c0ntex': Index: src/xitk/main.c =================================================================== RCS file: /cvsroot/xine/xine-ui/src/xitk/main.c,v retrieving revision 1.308 retrieving revision 1.309 diff -u -p -r1.308 -r1.309 --- src/xitk/main.c
There are more format string bugs than those reported by 'c0ntex': Index: src/xitk/main.c =================================================================== RCS file: /cvsroot/xine/xine-ui/src/xitk/main.c,v retrieving revision 1.308 retrieving revision 1.309 diff -u -p -r1.308 -r1.309 --- src/xitk/main.c 24 Jul 2005 02:40:37 -0000 1.308 +++ src/xitk/main.c 1 Aug 2005 23:49:53 -0000 1.309 @@ -456,7 +456,7 @@ static void print_formatted(char *title, int len; char *blanks = " "; - printf(title); + printf("%s", title); sprintf(buffer, "%s", blanks); plugin = *plugins++; @@ -469,7 +469,7 @@ static void print_formatted(char *title, sprintf(buffer, "%s%s%s", buffer, (strlen(buffer) == strlen(blanks)) ? "" : ", ", plugin); } else { - printf(buffer); + printf("%s", buffer); printf(",\n"); snprintf(buffer, sizeof(buffer), "%s%s", blanks, plugin); } @@ -478,7 +478,7 @@ static void print_formatted(char *title, } if(strlen(buffer)) - printf(buffer); + printf("%s", buffer); printf(".\n\n"); } Index: src/xitk/xine-toolkit/xitk.c --- src/xitk/xine-toolkit/xitk.c 2005-05-21 00:02:05.000000000 +0200 +++ src/xitk/xine-toolkit/xitk.c 2006-02-20 12:10:58.000000000 +0100 @@ -1877,7 +1896,7 @@ sprintf(buffer, "%s%s", buffer, " ]-"); if(verbosity) - printf(buffer); + printf("%s", buffer); gXitk->wm_type = xitk_check_wm(display); Index: src/xitk/main.c =================================================================== RCS file: /cvsroot/xine/xine-ui/src/xitk/main.c,v retrieving revision 1.311 diff -u -p -r1.311 main.c --- src/xitk/main.c 24 Dec 2005 09:56:24 -0000 1.311 +++ src/xitk/main.c 20 Apr 2006 15:04:04 -0000 @@ -1219,7 +1219,7 @@ static void event_listener(void *user_da } if(strlen(buffer)) - report(buffer); + report("%s", buffer); } break; -- (o_ Ludwig Nussel //\ SUSE LINUX Products GmbH, Development V_/_ http://www.suse.de/
Any pointer to "those by C0ntex" ?
Only the last one is missing from our patchset, the rest, coming out of 1.309, is my own patch. I'll provide a bumped revision immediately.
Thx Diego.
xine-ui-0.99.4-r5 with patchset 10 is out with the last format fixed. It also fixes a few warnings that I was working on trying to fix something else.
Arches please test and mark stable.
stable on ppc64
stable on alpha.
stable on amd64
ppc stable
SPARC, it does an ebuild good
Looks ok to mark this stable on x86 to me - it compiles, runs and plays something with the several USE flag combinations I tried, and I tested it a lot with +X +aalib +curl +libcaca -lirc +ncurses +nls +readline -vdr -xinerama (DVDs, CDs, various videos, mp3s, several video drivers, subtitles fiddled about with settings and did various things using the UI and keyboard shortcuts. aaxine and xine-check work ok. I don't have the hardware to test lirc, vdr or xinerama) So, looks good to me...
(sorry tsunam ;-)) emerge --info: Portage 2203-svn (default-linux/x86/2006.0, gcc-3.4.5, glibc-2.3.5-r3, 2.6.16-gentoo-r3 i686) ================================================================= System uname: 2.6.16-gentoo-r3 i686 Intel(R) Pentium(R) M processor 1.86GHz Gentoo Base System version 1.6.14 dev-lang/python: 2.4.2 sys-apps/sandbox: 1.2.12 sys-devel/autoconf: 2.13, 2.59-r7 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r1 sys-devel/binutils: 2.16.1 sys-devel/libtool: 1.5.22 virtual/os-headers: 2.6.11-r2 ACCEPT_KEYWORDS="x86" AUTOCLEAN="yes" CBUILD="i686-pc-linux-gnu" CFLAGS="-O2 -march=pentium3 -pipe" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3/share/config /usr/share/X11/xkb /usr/share/config /var/qmail/control" CONFIG_PROTECT_MASK="/etc/eselect/compiler /etc/gconf /etc/revdep-rebuild /etc/terminfo /etc/texmf/web2c /etc/env.d" CXXFLAGS="-O2 -march=pentium3 -pipe" DISTDIR="/usr/portage/distfiles" FEATURES="autoconfig collision-protect distlocks sandbox sfperms strict" GENTOO_MIRRORS="ftp://www.mirrorservice.org/sites/www.ibiblio.org/gentoo/ http://ftp.mirrorservice.org/sites/www.ibiblio.org/gentoo/ ftp://gentoo.blueyonder.co.uk http://mirrors.blueyonder.co.uk/mirrors/gentoo" LC_ALL="en_GB.utf8" MAKEOPTS="-j2" PKGDIR="/usr/portage/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/local/portage" SYNC="rsync://rsync.gentoo.org/gentoo-portage" USE="x86 X a52 aac aalib acpi alsa asf audiofile avi bash-completion berkdb bitmap-fonts bzip2 cdda cddb cdparanoia cdr cjk cli crypt cscope cups curl daap dbus dlloader dri dvd dvdr emboss encode exif expat fbcon ffmpeg firefox flac foomaticdb fortran ftp gd gdbm gif glut graphviz gstreamer gtk2 hal imagemagick imap isdnlog jack jpeg lcms libcaca libg++ libwww live lua mad maildir matroska mbox mikmod mmx mng motif mp3 mp4 mpeg ncurses nls nptl ogg opengl pam pcre pdf pdflib perl png pppd python quicktime readline real reflection ruby samba sdl session spell spl sse sse2 ssl svg svga tcpd theora tiff truetype truetype-fonts type1-fonts udev unicode usb userlocales vcd vidix vorbis win32codecs x264 xine xorg xv xvid xvmc zlib video_cards_radeon video_cards_fglrx video_cards_vesa video_cards_ati input_devices_keyboard input_devices_mouse userland_GNU kernel_linux elibc_glibc" Unset: ASFLAGS, CTARGET, INSTALL_MASK, LANG, LDFLAGS, LINGUAS
x86 done, sorry about the delay.
GLSA 200604-15
