| 1234567891011121314151617 |
- $OpenBSD: patch-lib_cgraph_scan_l,v 1.2 2015/08/21 16:06:06 jasper Exp $
- Security fix for CVE-2014-9157, graphviz: format string vulnerability in yyerror()
- https://github.com/ellson/graphviz/commit/99eda421f7ddc27b14e4ac1d2126e5fe41719081.patch
- --- lib/cgraph/scan.l.orig2 Fri Aug 21 10:25:19 2015
- +++ lib/cgraph/scan.l Fri Aug 21 10:25:42 2015
- @@ -223,7 +223,7 @@ void yyerror(char *str)
- agxbput (&xb, buf);
- agxbput (&xb, yytext);
- agxbput (&xb,"'\n");
- - agerr(AGWARN,agxbuse(&xb));
- + agerr(AGWARN, "%s", agxbuse(&xb));
- agxbfree(&xb);
- }
- /* must be here to see flex's macro defns */
|
