Description/dev/humancontroller
2007-11-11 05:46:49 EST
Converting '%' to '.' is done for security reasons. However, it's not an option to have a game suffering from C's handling of format strings. In other words, one can defend from format string attacks by disabling '%', but that isn't professional, and it is better to remember a warning: never pass a raw string as fmt.
Even though there is some protection against format string type crashes, internal potential bugs should still be handled. The whole code should be checked for unsafe format strings, and corrected as needed, so that ultimately the %-protection can be removed. Later on, when adding new code and dealing with %'s, just apply caution.
Comment 1/dev/humancontroller
2007-11-11 05:59:12 EST
Created attachment 1564[details]
unraw the format strings
I've extensively grep'd the whole code, and found all the function calls with raw strings. Some of them are potential crashes, some are safe only because of the %-protection, and some are normally safe, but I've resecured them anyway.
There are some more at ui_main.c lines 3364, 3373, and 3401, but I'm not sure what to do about them.
Created attachment 1564 [details] unraw the format strings I've extensively grep'd the whole code, and found all the function calls with raw strings. Some of them are potential crashes, some are safe only because of the %-protection, and some are normally safe, but I've resecured them anyway. There are some more at ui_main.c lines 3364, 3373, and 3401, but I'm not sure what to do about them.