mirrors/pipewire
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/pipewire/pipewire.git synced 2026-05-03 06:47:04 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

security: fix format string vulnerability in hook.h example code

Browse source 
Input Validation: Low

The documentation example code in hook.h passed the msg parameter
directly as the format string to printf() and fprintf(). If copied
by developers, this pattern creates a format string vulnerability
where specially crafted msg content with format specifiers (%x, %n,
etc.) could read/write memory. Use "%s" as the format string and
pass msg as a data argument instead.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Wim Taymans 2026-04-29 11:33:44 +02:00
parent 7982f52830
commit 9a4e0e4c85
1 changed files with 2 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

4
spa/include/spa/utils/hook.h
View file

@ -89,10 +89,10 @@ extern "C" {
* \code{.c} * \code{.c}
* *
* static void bar_stdout(struct foo *f, const char *msg) { * static void bar_stdout(struct foo *f, const char *msg) {
* printf(msg); * printf("%s", msg);
* } * }
* static void bar_stderr(struct foo *f, const char *msg) { * static void bar_stderr(struct foo *f, const char *msg) {
* fprintf(stderr, msg); * fprintf(stderr, "%s", msg);
* } * }
* *
* struct foo* get_foo_from_somewhere() { * struct foo* get_foo_from_somewhere() {