libusb-win32 icon indicating copy to clipboard operation
libusb-win32 copied to clipboard

Published 20 hours ago verified publisher icon mcuee

Fix potentially insecure use of format strings

Open ikspress opened this issue 1 year ago • 1 comments

install-filter can change wait_string, so it may insecure.

ikspress avatar Apr 16 '24 13:04 ikspress

One notable thing is that puts() outputs '\n' at the end of line, do you think it is good?

ikspress avatar Apr 16 '24 13:04 ikspress

Can't you just do printf("%s", filter_context->wait_string); ?

tormodvolden avatar May 12 '24 20:05 tormodvolden

Can't you just do printf("%s", filter_context->wait_string); ?

I'm sorry for my late reply. The reason why I use fputs() is it is more efficient than printf().

Additionally, I think there should be a better implementation here which don't pause that stdin is directed to a file (same as the pause in cmd.exe), so please don't merge this PR. Do you think it is useful? If so, I will submit a better implementation some days later.

ikspress avatar Jun 05 '24 14:06 ikspress