Commit 99eda421 authored by Emden R. Gansner's avatar Emden R. Gansner

Fix format string vulnerability in using agerr() to report errors during parsing.

We now use a fixed format %s, and pass the error string as an argument.
parent faf196c6
......@@ -225,6 +225,7 @@ ID ({NAME}|{NUMBER})
<hstring>([^><\n]*) addstr(yytext);
. return (yytext[0]);
%%
void yyerror(char *str)
{
unsigned char xbuf[BUFSIZ];
......@@ -273,7 +274,7 @@ void yyerror(char *str)
break;
}
agxbputc (&xb, '\n');
agerr(AGERR,agxbuse(&xb));
agerr(AGERR, "%s", agxbuse(&xb));
agxbfree(&xb);
}
/* must be here to see flex's macro defns */
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment