diff options
author | Ivan Maidanski <ivmai@mail.ru> | 2016-11-15 10:48:31 +0300 |
---|---|---|
committer | Ivan Maidanski <ivmai@mail.ru> | 2016-11-15 10:48:31 +0300 |
commit | f9948563d80a4b9da069b10eac46852763aacaec (patch) | |
tree | 1e611ca9640f43e1b56d1333b3bac9eeae3fde40 /misc.c | |
parent | 8946b1289b4ab976588274fb850e0afa1626b678 (diff) | |
download | bdwgc-f9948563d80a4b9da069b10eac46852763aacaec.tar.gz |
Suppress 'tainted string passed to vulnerable operation' false defects
* include/private/gc_priv.h (TRUSTED_STRING): New tagging macro; add
comment.
* misc.c (GC_init): Process the result of GETENV("GC_LOG_FILE") by
TRUSTED_STRING.
* tools/if_mach.c (main): Process argv[3] by TRUSTED_STRING (before
passing the string to execvp).
* tools/if_not_there.c (main): Declare "fname" local variable;
process argv[1] and argv[2] by TRUSTED_STRING (before passing the
strings to fopen/opendir and execvp, respectively).
Diffstat (limited to 'misc.c')
-rw-r--r-- | misc.c | 2 |
1 files changed, 1 insertions, 1 deletions
@@ -969,7 +969,7 @@ GC_API void GC_CALL GC_init(void) # if (defined(UNIX_LIKE) && !defined(GC_ANDROID_LOG)) \ || defined(CYGWIN32) || defined(SYMBIAN) { - char * file_name = GETENV("GC_LOG_FILE"); + char * file_name = TRUSTED_STRING(GETENV("GC_LOG_FILE")); # ifdef GC_LOG_TO_FILE_ALWAYS if (NULL == file_name) file_name = GC_LOG_STD_NAME; |