29 Nov
2011
29 Nov
'11
12:10 a.m.
On Monday 28 November 2011 14:24:49 Wolfgang Denk wrote:
common/menu.c used printf() in a number of places to print user provided, constant strings (like the "title" string). printf() is dangerous here for example in case the user unwittingly embeds some '%' caracters that printf() would interpret as formatting and then pick up random arguments. Use puts() instead.
i'm not seeing this problem based on your patch below ...
--- a/common/menu.c +++ b/common/menu.c
- if (!m->item_data_print)
printf("%s\n", item->key);
putc(item->key);putc('\n');
item->key is not passed as the first arg, so % sequences would not get interpreted
printf("%s:\n", m->title);
puts(m->title);putc('\n');
same here
printf("^C\n");
puts("^C\n");
this change makes sense, but not for any of the reasons cited in the changelog; this looks like a simple optimization ... -mike