New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

printf format string vulnerable by % in source files (Origin: bugzilla #655935) #4352

doxygen opened this Issue Jul 2, 2018 · 0 comments


None yet
1 participant

doxygen commented Jul 2, 2018

status RESOLVED severity normal in component general for ---
Reported in version unspecified on platform Other
Assigned to: Dimitri van Heesch

Original attachment names and IDs:

On 2011-08-03 23:20:24 +0000, wrote:

Created attachment 193206
source input to generate printf conversion specifiers in format string

The do_warn function (and maybe also others, like that in bug 643279) has a printf format string which may contain characters brought from input source files.

When the input source file is (im)properly written, this format string can contain printf conversion specifiers, and doxygen may crash.

Attached is an example of such source files. Your doxygen may not necessarily crash, but observe the format string transferred to do_warn --

fmt = warning: no matching file member found for
x f()Possible candidates:
x f(x)%g%s%s%s x

Segmentation fault

On 2011-08-08 17:02:18 +0000, Dimitri van Heesch wrote:

Confirmed. Should be fixed in the next subversion update.

On 2011-08-14 14:04:43 +0000, Dimitri van Heesch wrote:

This bug was previously marked ASSIGNED, which means it should be fixed in
doxygen version 1.7.5. Please verify if this is indeed the case. Reopen the
bug if you think it is not fixed and please include any additional information
that you think can be relevant.

@doxygen doxygen closed this Jul 2, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment