[ nedit-Bugs-2858744 ] preferences.c contains a format string error
SourceForge.net
noreply at sourceforge.net
Mon Sep 14 20:28:26 CEST 2009
Bugs item #2858744, was opened at 2009-09-14 13:28
Message generated for change (Tracker Item Submitted) made by eteran
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=111005&aid=2858744&group_id=11005
Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: None
Group: None
Status: Open
Resolution: None
Priority: 5
Private: No
Submitted By: Evan Teran (eteran)
Assigned to: Nobody/Anonymous (nobody)
Summary: preferences.c contains a format string error
Initial Comment:
my original post was accidentally submitted to the patches section, Sorry if this ends up being a dup.
nedit 5.5 has a format string error in preferences.c.
fprintf(stderr, "Could not read additional preferences file: ");
fprintf(stderr, filename);
fprintf(stderr, "\n");
This _should_ be
fprintf(stderr, "Could not read additional preferences file: %s\n",
filename);
This is crashable/exploitable (though there is little to nothing to be
gained by exploited it).
A demonstration of the crash is as simple as this:
nedit -import "%n"
----------------------------------------------------------------------
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=111005&aid=2858744&group_id=11005
More information about the Develop
mailing list