[PATCH] ubi-utils: fix warning in fprintf() code

[PATCH] ubi-utils: fix warning in fprintf() code

[Mike Frysinger]

When building with gcc security warnings enabled, the ubimirror.c code
triggers this warning:
./src/ubimirror.c: In function 'main':
./src/ubimirror.c:206: error: format not a string literal and no format arguments

Since the buffer in question should be a straight string anyways, avoid
ugly printf exploits by outputting the string indirectly:
	printf("%s", buffer)

Signed-off-by: Mike Frysinger <vapier@gentoo.org>
---
 ubi-utils/src/ubimirror.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/ubi-utils/src/ubimirror.c b/ubi-utils/src/ubimirror.c
index 2cc4596..a20e1af 100644
--- a/ubi-utils/src/ubimirror.c
+++ b/ubi-utils/src/ubimirror.c
@@ -203,7 +203,7 @@ main(int argc, char **argv) {
 		       err_buf, sizeof(err_buf));
 	if( rc ){
 		err_buf[sizeof err_buf - 1] = '\0';
-		fprintf(stderr, err_buf);
+		fprintf(stderr, "%s", err_buf);
 		if( rc < 0 )
 			rc = -rc;
 	}
-- 
1.6.1

Re: [PATCH] ubi-utils: fix warning in fprintf() code

[Artem Bityutskiy]

On Mon, 2009-01-12 at 11:08 -0500, Mike Frysinger wrote:
> When building with gcc security warnings enabled, the ubimirror.c code
> triggers this warning:
> ./src/ubimirror.c: In function 'main':
> ./src/ubimirror.c:206: error: format not a string literal and no format arguments
> 
> Since the buffer in question should be a straight string anyways, avoid
> ugly printf exploits by outputting the string indirectly:
> 	printf("%s", buffer)
> 
> Signed-off-by: Mike Frysinger <vapier@gentoo.org>

Both patches are applied, thank you!

-- 
Best regards,
Artem Bityutskiy (Битюцкий Артём)