Skip to content

Avoid format string injection#135

Draft
xtexx wants to merge 2 commits intoloongson:loongarch-portfrom
xtexx:la64-va-list
Draft

Avoid format string injection#135
xtexx wants to merge 2 commits intoloongson:loongarch-portfrom
xtexx:la64-va-list

Conversation

@xtexx
Copy link

@xtexx xtexx commented Mar 1, 2025

xtexx added 2 commits March 1, 2025 12:04
@xtexx
LoongArch: Remove unused va_list to VMError::report_and_die
a7be43f 
VMError::report_and_die provides an overload that takes a variable-length
argument as the last argument, so we can use it instead of the overload
taking va_list as the last argument.

The implementation detail of va_list is compiler-defined and
constructing a va_list manually is not standardized which may not work
as expected.

This should resolve the warning saying that report_and_die uses the
uninitialized variable of va_dummy.

Signed-off-by: Bingwu Zhang <xtex@aosc.io>
@xtexx
LoongArch: Avoid formatter injection
4b931e1 
The sixth argument of VMError::report_and_die is a formatting string,
using detail_msg as the 6th arg leaves a location for formatter
injecting, although it is hard to be used because almost all detail_msg
point to static strings.

This should resolve the Clang warning saying that the formatter string
is not constant.

Signed-off-by: Bingwu Zhang <xtex@aosc.io>
@xtexx xtexx marked this pull request as draft March 1, 2025 04:07
@xtexx
Copy link
Author

xtexx commented Jan 31, 2026

#136 (comment)

@xtexx xtexx closed this Jan 31, 2026
@xtexx xtexx reopened this Feb 7, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@xtexx