Use helper to validate printf formats.
Simgear contains a new helper to validate format strings for potentially dangerous replacements, use it to fix the issues raised by Debian bug trackers.
This commit is contained in:
James Turner
parent
9a7e32d4a9
commit
fda64d840e
2 changed files with 16 additions and 8 deletions
|
|
@ -52,6 +52,7 @@
|
|||
#include <boost/foreach.hpp>
|
||||
#include <simgear/debug/logstream.hxx>
|
||||
#include <simgear/misc/sg_path.hxx>
|
||||
#include <simgear/misc/strutils.hxx>
|
||||
#include <simgear/scene/model/model.hxx>
|
||||
#include <osg/GLU>
|
||||
|
||||
|
|
@ -1171,7 +1172,8 @@ FGTextLayer::recalc_value () const
|
|||
////////////////////////////////////////////////////////////////////////
|
||||
|
||||
FGTextLayer::Chunk::Chunk (const std::string &text, const std::string &fmt)
|
||||
: _type(FGTextLayer::TEXT), _fmt(fmt)
|
||||
: _type(FGTextLayer::TEXT),
|
||||
_fmt(simgear::strutils::sanitizePrintfFormat(fmt))
|
||||
{
|
||||
_text = text;
|
||||
if (_fmt.empty())
|
||||
|
|
@ -1181,7 +1183,11 @@ FGTextLayer::Chunk::Chunk (const std::string &text, const std::string &fmt)
|
|||
FGTextLayer::Chunk::Chunk (ChunkType type, const SGPropertyNode * node,
|
||||
const std::string &fmt, float mult, float offs,
|
||||
bool truncation)
|
||||
: _type(type), _fmt(fmt), _mult(mult), _offs(offs), _trunc(truncation)
|
||||
: _type(type),
|
||||
_fmt(simgear::strutils::sanitizePrintfFormat(fmt)),
|
||||
_mult(mult),
|
||||
_offs(offs),
|
||||
_trunc(truncation)
|
||||
{
|
||||
if (_fmt.empty()) {
|
||||
if (type == TEXT_VALUE)
|
||||
|
|
|
|||
|
|
@ -220,38 +220,40 @@ bool FGGeneric::gen_message_ascii() {
|
|||
generic_sentence += var_separator;
|
||||
}
|
||||
|
||||
string format = simgear::strutils::sanitizePrintfFormat(_out_message[i].format);
|
||||
|
||||
switch (_out_message[i].type) {
|
||||
case FG_INT:
|
||||
val = _out_message[i].offset +
|
||||
_out_message[i].prop->getIntValue() * _out_message[i].factor;
|
||||
snprintf(tmp, 255, _out_message[i].format.c_str(), (int)val);
|
||||
snprintf(tmp, 255, format.c_str(), (int)val);
|
||||
break;
|
||||
|
||||
case FG_BOOL:
|
||||
snprintf(tmp, 255, _out_message[i].format.c_str(),
|
||||
snprintf(tmp, 255, format.c_str(),
|
||||
_out_message[i].prop->getBoolValue());
|
||||
break;
|
||||
|
||||
case FG_FIXED:
|
||||
val = _out_message[i].offset +
|
||||
_out_message[i].prop->getFloatValue() * _out_message[i].factor;
|
||||
snprintf(tmp, 255, _out_message[i].format.c_str(), (float)val);
|
||||
snprintf(tmp, 255, format.c_str(), (float)val);
|
||||
break;
|
||||
|
||||
case FG_FLOAT:
|
||||
val = _out_message[i].offset +
|
||||
_out_message[i].prop->getFloatValue() * _out_message[i].factor;
|
||||
snprintf(tmp, 255, _out_message[i].format.c_str(), (float)val);
|
||||
snprintf(tmp, 255, format.c_str(), (float)val);
|
||||
break;
|
||||
|
||||
case FG_DOUBLE:
|
||||
val = _out_message[i].offset +
|
||||
_out_message[i].prop->getDoubleValue() * _out_message[i].factor;
|
||||
snprintf(tmp, 255, _out_message[i].format.c_str(), (double)val);
|
||||
snprintf(tmp, 255, format.c_str(), (double)val);
|
||||
break;
|
||||
|
||||
default: // SG_STRING
|
||||
snprintf(tmp, 255, _out_message[i].format.c_str(),
|
||||
snprintf(tmp, 255, format.c_str(),
|
||||
_out_message[i].prop->getStringValue());
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue