mirrors/dmd
1
0
Fork 0
mirror of https://github.com/dlang/dmd.git synced 2025-04-26 05:00:16 +03:00
Code Issues Projects Releases Packages Wiki Activity Actions 5

Fix format string injection in safe errors (#20712)

Browse source
This commit is contained in:
Dennis 2025-01-16 01:42:17 +01:00 committed by GitHub
parent 20090aba96
commit c0315897f6
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 4 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

8
compiler/src/dmd/safe.d
View file

@ -388,7 +388,7 @@ extern (D) void reportSafeError(FuncDeclaration fd, bool gag, Loc loc,
buf.writestring(" is not allowed in a `@safe` function");
else
buf.writestring(" is not allowed in a function with default safety with `-preview=safer`");
.error(loc, buf.extractChars());
.error(loc, "%s", buf.extractChars());
}
}
}
@ -471,7 +471,7 @@ bool setUnsafe(Scope* sc,
OutBuffer buf;
buf.printf(format, arg0 ? arg0.toChars() : "", arg1 ? arg1.toChars() : "", arg2 ? arg2.toChars() : "");
buf.printf(" can't initialize `@safe` variable `%s`", sc.varDecl.toChars());
.error(loc, buf.extractChars());
.error(loc, "%s", buf.extractChars());
return true;
}
@ -494,7 +494,7 @@ bool setUnsafe(Scope* sc,
OutBuffer buf;
buf.printf(format, arg0 ? arg0.toChars() : "", arg1 ? arg1.toChars() : "", arg2 ? arg2.toChars() : "");
buf.writestring(" is not allowed in a `@safe` function");
.error(loc, buf.extractChars());
.error(loc, "%s", buf.extractChars());
return true;
}
return false;
@ -555,7 +555,7 @@ bool setUnsafePreview(Scope* sc, FeatureState fs, bool gag, Loc loc, const(char)
OutBuffer buf;
buf.printf(format, arg0 ? arg0.toChars() : "", arg1 ? arg1.toChars() : "", arg2 ? arg2.toChars() : "");
buf.writestring(" will become `@system` in a future release");
deprecation(loc, buf.extractChars());
deprecation(loc, "%s", buf.extractChars());
}
}
else if (!sc.func.safetyViolation)