[ nedit-Patches-2858738 ] format string error
SourceForge.net
noreply at sourceforge.net
Mon Sep 14 20:15:41 CEST 2009
Patches item #2858738, was opened at 2009-09-14 13:15
Message generated for change (Tracker Item Submitted) made by eteran
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=311005&aid=2858738&group_id=11005
Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: None
Group: None
Status: Open
Resolution: None
Priority: 5
Private: No
Submitted By: Evan Teran (eteran)
Assigned to: Nobody/Anonymous (nobody)
Summary: format string error
Initial Comment:
nedit 5.5 has a format string error in preferences.c.
fprintf(stderr, "Could not read additional preferences file: ");
fprintf(stderr, filename);
fprintf(stderr, "\n");
This _should_ be
fprintf(stderr, "Could not read additional preferences file: %s\n", filename);
This is crashable/exploitable (though there is little to nothing to be gained by exploited it).
A demonstration of the crash is as simple as this:
nedit -import "%n"
----------------------------------------------------------------------
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=311005&aid=2858738&group_id=11005
More information about the Develop
mailing list