Re: [AD] Untranslated string: ALLEGRO_WINDOW_CLOSE_MESSAGE

[ Thread Index | Date Index | More lists.liballeg.org/allegro-developers Archives ]


Eric Botcazou wrote:
I meant that with an additional "%s" in a translated string, an extra
and undefined argument will be read from the stack, which can refer
to any random place in memory. It's not related to using bound-checking
sprintfs.

But you were talking about corrupting memory, weren't you ? Assuming
uszprintf() properly checks its arguments, I don't see how you can corrupt
memory by only reading from it.

Right, so it's probably doesn't count as a security problem? I
nevertheless think it's good if a user of a bug-free program is
not able to crash it just by giving it bad input. OTOH, looking
at those strings, it seems that some of them need the formats in
order to be translatable, so I guess it's ok after all.

--
Sven Sandberg   svsa1977@xxxxxxxxxx   home.student.uu.se/svsa1977



Mail converted by MHonArc 2.6.19+ http://listengine.tuxfamily.org/