Learn how easy it is to sync an existing GitHub or Google Code repo to a SourceForge project! See Demo

Close

#657 preferences.c contains a format string error

release
closed-fixed
nobody
Program (402)
5
2009-09-14
2009-09-14
Evan Teran
No

my original post was accidentally submitted to the patches section, Sorry if this ends up being a dup.

nedit 5.5 has a format string error in preferences.c.

fprintf(stderr, "Could not read additional preferences file: ");
fprintf(stderr, filename);
fprintf(stderr, "\n");

This _should_ be

fprintf(stderr, "Could not read additional preferences file: %s\n",
filename);

This is crashable/exploitable (though there is little to nothing to be
gained by exploited it).

A demonstration of the crash is as simple as this:

nedit -import "%n"

Discussion

  • Eddy De Greef
    Eddy De Greef
    2009-09-14

    We already had this fix in CVS. Thanks anyway.

     
  • Eddy De Greef
    Eddy De Greef
    2009-09-14

    • labels: --> Program
    • milestone: --> release
    • status: open --> closed-fixed