#include "strutils.hxx"
+#include <simgear/debug/logstream.hxx>
+
using std::string;
using std::vector;
using std::stringstream;
return r;
}
+string sanitizePrintfFormat(const string& input)
+{
+ string::size_type i = input.find("%n");
+ if (i != string::npos) {
+ SG_LOG(SG_IO, SG_WARN, "sanitizePrintfFormat: bad format string:" << input);
+ return string();
+ }
+
+ return input;
+}
+
} // end namespace strutils
} // end namespace simgear
/**
* Like strcmp(), but for dotted versions strings NN.NN.NN
- * any number of terms are support.
+ * any number of terms are supported.
* @return 0 if versions match, -ve number if v1 is lower, +ve if v1
* is greater
*/
inline std::string unescape(const std::string& str)
{ return unescape(str.c_str()); }
+
+ /**
+ * Check a printf-style format string for dangerous (buffer-overflowing,
+ * memory re-writing) format tokens. If a problematic token is
+ * found, logs an error (SG_WARN) and returns an empty format string.
+ */
+ std::string sanitizePrintfFormat(const std::string& input);
} // end namespace strutils
} // end namespace simgear
#include <simgear/math/SGMath.hxx>
#include <simgear/misc/sg_path.hxx>
+#include <simgear/misc/strutils.hxx>
#include <osg/Geode>
#include <osg/MatrixTransform>
offset( aOffset ),
truncate( aTruncate ),
numeric( aNumeric ),
- format( aFormat )
+ format( simgear::strutils::sanitizePrintfFormat( aFormat ) )
{
if( format.empty() ) {
if( numeric ) format = "%f";
projects / simgear.git / commitdiff