log_info is a C function that takes printf style variadic arguments as a parameter. SWIG by default does not wrap variadic arguments. It always calls log_info as:
log_info(param1, NULL)
This means that all string parameters have to be cooked down into param1. This is the python way of doing things, so it itself is not a problem. However '%' is a special character in printf, and cannot be sent safely in the first parameter. Therefore, no user data is safe to use with this logger by default.
For purpose of example, the following line will segmentation fault unbound when called from operate:
log_info("CRASH %s CRASH" % ("%40n"))
I think log_info and related functions exposed to python should be replaced with a stub that calls
log_info("%s", input)
We worked around this problem with the following python code:
def log(value):
unbound_log_info(value.replace("%", "%%"))
unbound_log_info = log_info
log_info = log
log_err = log
log_warn = log
log_info is a C function that takes printf style variadic arguments as a parameter. SWIG by default does not wrap variadic arguments. It always calls log_info as:
log_info(param1, NULL)This means that all string parameters have to be cooked down into param1. This is the python way of doing things, so it itself is not a problem. However '%' is a special character in printf, and cannot be sent safely in the first parameter. Therefore, no user data is safe to use with this logger by default.
For purpose of example, the following line will segmentation fault unbound when called from operate:
log_info("CRASH %s CRASH" % ("%40n"))I think log_info and related functions exposed to python should be replaced with a stub that calls
log_info("%s", input)We worked around this problem with the following python code: