Open MPI logo

Open MPI Development Mailing List Archives

  |   Home   |   Support   |   FAQ   |   all Development mailing list

From: Ralf Wildenhues (Ralf.Wildenhues_at_[hidden])
Date: 2006-10-13 07:44:47


Hello Brian, all,

| r12094 | brbarret | 2006-10-11 20:40:21 +0200 (Wed, 11 Oct 2006) | 11 lines
| Changed paths:
| M /trunk/opal/util/output.c
|
| Use write() instead of fprintf() for output to stdout / stderr. Fixes an issue
| I was running into where if a string in the argument list contains a printf
| escape sequence, we would segfault. In particular, I was using opal_output
| to print the environment and had something like:
|
| LESSOPEN=|/usr/bin/lesspipe.sh %s
|
| in my environment. So I called opal_output(0, "%s", environ[i]) and
| got a segfault because the fprintf tried to expand the %s in the
| environment variable

This looks weird to me. Unless that function is the only one producing
output on stdout/stderr (or all of them do a flush after each output, or
you also flush before each output -- yuck), I think things may be
reordered. Why not just use fputs instead to avoid the format string
vulnerability?

Cheers,
Ralf