mysqlnd FTBFS when -Wformat-security is enabled

Bug #60948

Submitted:

2012-02-01 13:10 UTC

Modified:

2012-03-05 23:57 UTC

Votes:	1
Avg. Score:	3.0 ± 0.0
Reproduced:	0 of 0 (0.0%)

From:

ondrej@php.net

Assigned:

mysql (profile)

Status:

Closed

Package:

MySQL related

PHP Version:

5.4.0RC6

OS:

Any

Private report:

CVE-ID:

None

[2012-02-01 13:10 UTC] ondrej@php.net

Description:
------------
$ svn diff
Index: ext/mysqlnd/mysqlnd_wireprotocol.c
===================================================================
--- ext/mysqlnd/mysqlnd_wireprotocol.c	(revision 322993)
+++ ext/mysqlnd/mysqlnd_wireprotocol.c	(working copy)
@@ -500,7 +500,7 @@
 			const char * const msg = "Authentication data too long. 
"
 				"Won't fit into the buffer and will be 
truncated. Authentication will thus fail";
 			SET_CLIENT_ERROR(*conn->error_info, CR_UNKNOWN_ERROR, 
UNKNOWN_SQLSTATE, msg);
-			php_error_docref(NULL TSRMLS_CC, E_WARNING, msg);
+			php_error_docref(NULL TSRMLS_CC, E_WARNING, "%s", msg);
 			DBG_RETURN(0);
 		}

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2012-02-01 13:34 UTC] johannes@php.net

-Status: Open +Status: Assigned -Assigned To: +Assigned To: mysql

[2012-02-01 13:34 UTC] johannes@php.net

Patch looks good, checking with RM before committing.

[2012-02-01 13:37 UTC] johannes@php.net

As a remark: The patch is not strictly needed - the msg is a const char* without any risk of injecting anything ... therefore not critical.