GNU bug report logs - #50155
don't use the conversion specifier %n in emacsclient

Previous Next

Package: emacs;

Reported by: Omar Polo <op <at> omarpolo.com>

Date: Sat, 21 Aug 2021 21:39:01 UTC

Severity: normal

Tags: patch

Fixed in version 28.1

Done: Lars Ingebrigtsen <larsi <at> gnus.org>

Bug is archived. No further changes may be made.

To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 50155 in the body.
You can then email your comments to 50155 AT debbugs.gnu.org in the normal way.

Toggle the display of automated, internal messages from the tracker.

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to bug-gnu-emacs <at> gnu.org:
bug#50155; Package emacs. (Sat, 21 Aug 2021 21:39:01 GMT) Full text and rfc822 format available.
Acknowledgement sent to Omar Polo <op <at> omarpolo.com>:
New bug report received and forwarded. Copy sent to bug-gnu-emacs <at> gnu.org. (Sat, 21 Aug 2021 21:39:01 GMT) Full text and rfc822 format available.

Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Omar Polo <op <at> omarpolo.com>
To: bug-gnu-emacs <at> gnu.org
Subject: don't use the conversion specifier %n in emacsclient
Date: Sat, 21 Aug 2021 23:38:04 +0200

[Message part 1 (text/plain, inline)]
Tags: patch

Hello,

The usage of the %n conversion specifier for printf(3) is widely
discouraged (see [0] for instance).  The OpenBSD libc in particular
logs to syslog every time an application tries to use %n.

Now, in this specific case it's used in a completely safe manner, but
avoiding it seems pretty easy.

Another option would be

	char *emacsdirend = strchr(sockname + tmpdirlen + 1, '/');

but I'm not sure it would be cleaner.

Thanks,

Omar Polo

[0]: https://man.bsd.lv/Linux-5.06/printf.3#BUGS



In GNU Emacs 28.0.50 (build 11, x86_64-unknown-openbsd6.9, X toolkit, cairo version 1.16.0, Xaw scroll bars)
 of 2021-08-17 built on venera
Windowing system distributor 'The X.Org Foundation', version 11.0.12010000
System Description: OpenBSD venera 6.9 GENERIC.MP#158 amd64

Configured using:
 'configure --prefix=/home/op/opt/emacs --with-x-toolkit=lucid CC=cc'


[0001-don-t-use-n.patch (text/patch, attachment)]
Information forwarded to bug-gnu-emacs <at> gnu.org:
bug#50155; Package emacs. (Sun, 22 Aug 2021 14:25:01 GMT) Full text and rfc822 format available.

Message #8 received at 50155 <at> debbugs.gnu.org (full text, mbox):

From: Lars Ingebrigtsen <larsi <at> gnus.org>
To: Omar Polo <op <at> omarpolo.com>
Cc: 50155 <at> debbugs.gnu.org
Subject: Re: bug#50155: don't use the conversion specifier %n in emacsclient
Date: Sun, 22 Aug 2021 16:24:15 +0200

Omar Polo <op <at> omarpolo.com> writes:

> Now, in this specific case it's used in a completely safe manner, but
> avoiding it seems pretty easy.

Thanks; applied to Emacs 28.

-- 
(domestic pets only, the antidote for overdose, milk.)
   bloggy blog: http://lars.ingebrigtsen.no
bug marked as fixed in version 28.1, send any further explanations to 50155 <at> debbugs.gnu.org and Omar Polo <op <at> omarpolo.com> Request was from Lars Ingebrigtsen <larsi <at> gnus.org> to control <at> debbugs.gnu.org. (Sun, 22 Aug 2021 14:25:02 GMT) Full text and rfc822 format available.
bug archived. Request was from Debbugs Internal Request <help-debbugs <at> gnu.org> to internal_control <at> debbugs.gnu.org. (Mon, 20 Sep 2021 11:24:06 GMT) Full text and rfc822 format available.
This bug report was last modified 3 years and 274 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.