Re: [AD] Untranslated string: ALLEGRO_WINDOW_CLOSE

Re: [AD] Untranslated string: ALLEGRO_WINDOW_CLOSE_MESSAGE

[ Thread Index | Date Index | More lists.liballeg.org/allegro-developers Archives ]

To: Allegro Developer <conductors@xxxxxxxxxx>
Subject: Re: [AD] Untranslated string: ALLEGRO_WINDOW_CLOSE_MESSAGE
From: Sven Sandberg <svsa1977@xxxxxxxxxx>
Date: Tue, 04 Jun 2002 01:23:14 +0200

Eric Botcazou wrote:

I meant that with an additional "%s" in a translated string, an extra
and undefined argument will be read from the stack, which can refer
to any random place in memory. It's not related to using bound-checking
sprintfs.


But you were talking about corrupting memory, weren't you ? Assuming
uszprintf() properly checks its arguments, I don't see how you can corrupt
memory by only reading from it.


Right, so it's probably doesn't count as a security problem? I
nevertheless think it's good if a user of a bug-free program is
not able to crash it just by giving it bad input. OTOH, looking
at those strings, it seems that some of them need the formats in
order to be translatable, so I guess it's ok after all.

--
Sven Sandberg   svsa1977@xxxxxxxxxx   home.student.uu.se/svsa1977

Follow-Ups:
- Re: [AD] Untranslated string: ALLEGRO_WINDOW_CLOSE_MESSAGE
  - From: Eric Botcazou

References:
- Re: [AD] Untranslated string: ALLEGRO_WINDOW_CLOSE_MESSAGE
  - From: Sven Sandberg
- Re: [AD] Untranslated string: ALLEGRO_WINDOW_CLOSE_MESSAGE
  - From: Eric Botcazou
- Re: [AD] Untranslated string: ALLEGRO_WINDOW_CLOSE_MESSAGE
  - From: Sven Sandberg
- Re: [AD] Untranslated string: ALLEGRO_WINDOW_CLOSE_MESSAGE
  - From: Eric Botcazou

Messages sorted by: [ date | thread ]
Prev by Date: Re: [AD] Improvements for the chm documentation version
Next by Date: Re: [AD] Untranslated string: ALLEGRO_WINDOW_CLOSE_MESSAGE
Previous by thread: Re: [AD] Untranslated string: ALLEGRO_WINDOW_CLOSE_MESSAGE
Next by thread: Re: [AD] Untranslated string: ALLEGRO_WINDOW_CLOSE_MESSAGE

Mail converted by MHonArc 2.6.19+

http://listengine.tuxfamily.org/