]> granicus.if.org Git - graphviz/commit
projects / graphviz / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 495f781) | patch
Additional agerr() format string fixes
authorTomas Hoger <thoger@redhat.com>
Wed, 20 May 2015 09:22:11 +0000 (11:22 +0200)
committerTomas Hoger <thoger@redhat.com>
Wed, 20 May 2015 09:22:11 +0000 (11:22 +0200)
commit10a132289ffe4ed9a398bebca13cb41c1006bd13
tree31c6fcd37e4959546f9b2feb06a7bbb233a2e8c7tree | snapshot
parent495f781f91dca1fb165bbaa6abc0ced1c09535c8commit | diff
Additional agerr() format string fixes

Similar to commit 99eda42, ensure the second argument to agerr() is
fixed string with no user inputs.  Change applied to:

* cmd/tools/gmlscan.l - unclear if this can be exploited in practice, as
  only yytext can possibly hold format string
* lib/graph/lexer.c - format string can be injected via graph file
  content.  Note that libgraph is deprecated as of version 2.30.0, so
  this fix is more relevant for older graphviz versions.
cmd/tools/gmlscan.l diff | blob | history
lib/graph/lexer.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.