Ludwig Nussel wrote: > donotre...@icculus.org wrote: >> Author: ztm >> Date: 2012-06-19 10:52:22 -0400 (Tue, 19 Jun 2012) >> New Revision: 2280 >> >> Modified: >> trunk/code/cgame/cg_main.c >> trunk/code/game/g_cmds.c >> trunk/code/game/g_main.c >> trunk/code/q3_ui/ui_atoms.c >> trunk/code/ui/ui_atoms.c >> trunk/code/ui/ui_main.c >> Log: >> remove a bunch of superfluous formatting calls >> >> >From /dev/humancontroller. >> >> Modified: trunk/code/cgame/cg_main.c >> =================================================================== >> --- trunk/code/cgame/cg_main.c 2012-06-19 14:51:02 UTC (rev 2279) >> +++ trunk/code/cgame/cg_main.c 2012-06-19 14:52:22 UTC (rev 2280) >> @@ -446,7 +446,7 @@ >> Q_vsnprintf (text, sizeof(text), error, argptr); >> va_end (argptr); >> >> - CG_Error( "%s", text); >> + trap_Error( text ); > > Don't do that. That's calling for format string issues ie security bugs. > May not be an issue with ioq3 builtin function (I didn't check) but in > general keeping the "%s" is correct. Please revert the change.
Ah, trap_Error isn't actually varargs. It expects the expanded string already and translates to Com_Error( ERR_DROP, "%s", ... later. So it's actually ok. cu Ludwig -- (o_ Ludwig Nussel //\ V_/_ http://www.suse.de/ SUSE LINUX Products GmbH, GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer, HRB 16746 (AG Nürnberg) _______________________________________________ ioquake3 mailing list ioquake3@lists.ioquake.org http://lists.ioquake.org/listinfo.cgi/ioquake3-ioquake.org By sending this message I agree to love ioquake3 and libsdl.
