Skip to content
Snippets Groups Projects
Commit 10a13228 authored by Tomas Hoger's avatar Tomas Hoger
Browse files

Additional agerr() format string fixes 

Similar to commit 99eda421, ensure the second argument to agerr() is
fixed string with no user inputs.  Change applied to:

* cmd/tools/gmlscan.l - unclear if this can be exploited in practice, as
  only yytext can possibly hold format string
* lib/graph/lexer.c - format string can be injected via graph file
  content.  Note that libgraph is deprecated as of version 2.30.0, so
  this fix is more relevant for older graphviz versions.
parent 495f781f
No related branches found
No related tags found
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment