Re: [AD] Untranslated string: ALLEGRO_WINDOW_CLOSE_MESSAGE |
[ Thread Index | Date Index | More lists.liballeg.org/allegro-developers Archives ]
Eric Botcazou wrote:
I meant that with an additional "%s" in a translated string, an extra and undefined argument will be read from the stack, which can refer to any random place in memory. It's not related to using bound-checking sprintfs.But you were talking about corrupting memory, weren't you ? Assuming uszprintf() properly checks its arguments, I don't see how you can corrupt memory by only reading from it.
Right, so it's probably doesn't count as a security problem? I nevertheless think it's good if a user of a bug-free program is not able to crash it just by giving it bad input. OTOH, looking at those strings, it seems that some of them need the formats in order to be translatable, so I guess it's ok after all. -- Sven Sandberg svsa1977@xxxxxxxxxx home.student.uu.se/svsa1977
Mail converted by MHonArc 2.6.19+ | http://listengine.tuxfamily.org/ |