Open MPI logo

Open MPI Development Mailing List Archives

  |   Home   |   Support   |   FAQ   |   all Development mailing list

From: Brian Barrett (brbarret_at_[hidden])
Date: 2006-10-13 10:56:36


Because I'm silly. I shall make it so - Thanks!

Brian

On Oct 13, 2006, at 5:44 AM, Ralf Wildenhues wrote:

> Hello Brian, all,
>
> | r12094 | brbarret | 2006-10-11 20:40:21 +0200 (Wed, 11 Oct 2006)
> | 11 lines
> | Changed paths:
> | M /trunk/opal/util/output.c
> |
> | Use write() instead of fprintf() for output to stdout / stderr.
> Fixes an issue
> | I was running into where if a string in the argument list
> contains a printf
> | escape sequence, we would segfault. In particular, I was using
> opal_output
> | to print the environment and had something like:
> |
> | LESSOPEN=|/usr/bin/lesspipe.sh %s
> |
> | in my environment. So I called opal_output(0, "%s", environ[i]) and
> | got a segfault because the fprintf tried to expand the %s in the
> | environment variable
>
> This looks weird to me. Unless that function is the only one
> producing
> output on stdout/stderr (or all of them do a flush after each
> output, or
> you also flush before each output -- yuck), I think things may be
> reordered. Why not just use fputs instead to avoid the format string
> vulnerability?
>
> Cheers,
> Ralf
> _______________________________________________
> devel mailing list
> devel_at_[hidden]
> http://www.open-mpi.org/mailman/listinfo.cgi/devel