[gtkada] Security patch: Format string vulnerability
Emmanuel Briot
briot at adacore.com
Thu Jul 16 09:36:49 CEST 2015
> The GCC option -Werror=format-security found a format string
> vulnerability in Glib.Messages.Log. The log message is passed to g_log
> as if it were a format string.
>
> If some code that uses Glib.Messages.Log can be tricked into logging a
> string containing percent characters, then this bug can make it
> vulnerable to various attacks, possibly including remote code execution.
>
> This patch adds a correct format string.
Bjorn,
Thank you for the patch, which I have now integrated into the development
version of GtkAda. We are also compiling with -Werror=format-security from
now on, which might help catch errors in the future.
regards
Emmanuel
More information about the gtkada
mailing list