<br><br><div class="gmail_quote">On Sun, Apr 21, 2013 at 8:50 AM,  <span dir="ltr">&lt;<a href="mailto:cog@googlecode.com" target="_blank">cog@googlecode.com</a>&gt;</span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<br>
Status: New<br>
Owner: ----<br>
Labels: Type-Defect Priority-Medium<br>
<br>
New issue 129 by <a href="mailto:damien.c...@gmail.com" target="_blank">damien.c...@gmail.com</a>: Bad use of print() in cogit.c<br>
<a href="http://code.google.com/p/cog/issues/detail?id=129" target="_blank">http://code.google.com/p/cog/<u></u>issues/detail?id=129</a><br>
<br>
When using printf(), we should always make sure that the first argument is a literal (for security reasons). There is one line where this is not true in cogit.c, see this patch <a href="https://github.com/pharo-project/pharo-vm-ubuntu/blob/0b2b2c4e9a384107dfc4a4e19f396ec4aab8f2f7/debian/patches/source-hardening.patch" target="_blank">https://github.com/pharo-<u></u>project/pharo-vm-ubuntu/blob/<u></u>0b2b2c4e9a384107dfc4a4e19f396e<u></u>c4aab8f2f7/debian/patches/<u></u>source-hardening.patch</a></blockquote>
<div><br></div><div>Bollocks.</div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class="HOEnZb"><font color="#888888"><br>
<br>
-- <br>
You received this message because this project is configured to send all issue notifications to this address.<br>
You may adjust your notification preferences at:<br>
<a href="https://code.google.com/hosting/settings" target="_blank">https://code.google.com/<u></u>hosting/settings</a><br>
</font></span></blockquote></div><br><br clear="all"><div><br></div>-- <br>best,<div>Eliot</div>