Revision: 14394 http://harbour-project.svn.sourceforge.net/harbour-project/?rev=14394&view=rev Author: druzus Date: 2010-04-26 09:44:13 +0000 (Mon, 26 Apr 2010)
Log Message: ----------- 2010-04-26 11:44 UTC+0200 Przemyslaw Czerpak (druzus/at/priv.onet.pl) * harbour/src/common/hbtrace.c ! fixed potential GPF/memory corruption due to direct passing formatted string as format to syslog() function. Please remember to never create code like 'printf( str );' if str can contain printf escape characters because it may cause any unpredictable results. Always use 'printf( "%s", str);' in such context. BTW It's one of the most common bug used by hackers in buffer/stack overflow attacks, i.e. using str with %n conversion specifier. % eliminated unnecessary buffer conversion in *nix builds Modified Paths: -------------- trunk/harbour/ChangeLog trunk/harbour/src/common/hbtrace.c This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. _______________________________________________ Harbour mailing list (attachment size limit: 40KB) Harbour@harbour-project.org http://lists.harbour-project.org/mailman/listinfo/harbour