php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #60948 mysqlnd FTBFS when -Wformat-security is enabled
Submitted: 2012-02-01 13:10 UTC Modified: 2012-03-05 23:57 UTC
Votes:1
Avg. Score:3.0 ± 0.0
Reproduced:0 of 0 (0.0%)
From: ondrej@php.net Assigned: mysql
Status: Closed Package: MySQL related
PHP Version: 5.4.0RC6 OS: Any
Private report: No CVE-ID:
 [2012-02-01 13:10 UTC] ondrej@php.net
Description:
------------
$ svn diff
Index: ext/mysqlnd/mysqlnd_wireprotocol.c
===================================================================
--- ext/mysqlnd/mysqlnd_wireprotocol.c	(revision 322993)
+++ ext/mysqlnd/mysqlnd_wireprotocol.c	(working copy)
@@ -500,7 +500,7 @@
 			const char * const msg = "Authentication data too long. 
"
 				"Won't fit into the buffer and will be 
truncated. Authentication will thus fail";
 			SET_CLIENT_ERROR(*conn->error_info, CR_UNKNOWN_ERROR, 
UNKNOWN_SQLSTATE, msg);
-			php_error_docref(NULL TSRMLS_CC, E_WARNING, msg);
+			php_error_docref(NULL TSRMLS_CC, E_WARNING, "%s", msg);
 			DBG_RETURN(0);
 		}		
 		



Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2012-02-01 13:34 UTC] johannes@php.net
-Status: Open +Status: Assigned -Assigned To: +Assigned To: mysql
 [2012-02-01 13:34 UTC] johannes@php.net
Patch looks good, checking with RM before committing.
 [2012-02-01 13:37 UTC] johannes@php.net
As a remark: The patch is not strictly needed - the msg is a const char* without any risk of injecting anything ... therefore not critical.
 [2012-03-05 23:55 UTC] johannes@php.net
Automatic comment from SVN on behalf of johannes
Revision: http://svn.php.net/viewvc/?view=revision&revision=323929
Log: Fix bug #60948 mysqlnd FTBFS when -Wformat-security is enabled

# 5.3 not affected
 [2012-03-05 23:57 UTC] johannes@php.net
This bug has been fixed in SVN.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.

 For Windows:

http://windows.php.net/snapshots/
 
Thank you for the report, and for helping us make PHP better.


 [2012-03-05 23:57 UTC] johannes@php.net
-Status: Assigned +Status: Closed
 [2012-04-18 09:45 UTC] laruence@php.net
Automatic comment on behalf of johannes
Revision: http://git.php.net/?p=php-src.git;a=commit;h=4c4a33e7067c9909dbf54193db4e0fecc493b366
Log: Fix bug #60948 mysqlnd FTBFS when -Wformat-security is enabled
 [2012-07-24 23:36 UTC] rasmus@php.net
Automatic comment on behalf of johannes
Revision: http://git.php.net/?p=php-src.git;a=commit;h=4c4a33e7067c9909dbf54193db4e0fecc493b366
Log: Fix bug #60948 mysqlnd FTBFS when -Wformat-security is enabled
 [2013-11-17 09:33 UTC] laruence@php.net
Automatic comment on behalf of johannes
Revision: http://git.php.net/?p=php-src.git;a=commit;h=4c4a33e7067c9909dbf54193db4e0fecc493b366
Log: Fix bug #60948 mysqlnd FTBFS when -Wformat-security is enabled
 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Sun Apr 20 01:02:05 2014 UTC