Daniel Shahaf wrote: >> URL: http://svn.apache.org/r1476366 >> Log: >> * subversion/svn/props.c >> (svn_cl__check_svn_prop_name): Eliminate an unsafe printf format string >> by using svn_error_create() instead of svn_error_createf(). > > unsafe printf string == heap underflow == potential segfault == backport > candidate?
I couldn't find a way to trigger it, since putting '%' in a property name leads to the property name being rejected as invalid earlier on. So I don't think there is an actual security risk here. We might want to backport in order to avoid the compiler warning and avoid fear, uncertainty and doubt when people see this. I'll nominate it. - Julian >> - return svn_error_createf( >> + return svn_error_create( >> SVN_ERR_CLIENT_PROPERTY_NAME, NULL, >> wrong_prop_error_message(prop_use, propname, scratch_pool));
