1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
|
Description: Use %s as a formatting string to
compile with -Werror=format-security for hardening purposes
Bug-Debian: http://bugs.debian.org/752587
Author: Julián Moreno Patiño <julian@debian.org>
--- a/Tcl.xs
+++ b/Tcl.xs
@@ -1029,7 +1029,7 @@
/* sv_mortalcopy here prevents stringifying script - necessary ?? */
cscript = SvPV(sv_mortalcopy(script), length);
if (Tcl_EvalEx(interp, cscript, length, flags) != TCL_OK) {
- croak(Tcl_GetStringResult(interp));
+ croak("%s", Tcl_GetStringResult(interp));
}
prepare_Tcl_result(aTHX_ interp, "Tcl::Eval");
SPAGAIN;
@@ -1092,7 +1092,7 @@
PUTBACK;
Tcl_ResetResult(interp);
if (Tcl_EvalFile(interp, filename) != TCL_OK) {
- croak(Tcl_GetStringResult(interp));
+ croak("%s", Tcl_GetStringResult(interp));
}
prepare_Tcl_result(aTHX_ interp, "Tcl::EvalFile");
SPAGAIN;
@@ -1117,7 +1117,7 @@
{
Tcl_ResetResult(interp);
if (Tcl_Eval(interp, s) != TCL_OK)
- croak(Tcl_GetStringResult(interp));
+ croak("%s", Tcl_GetStringResult(interp));
append = 0;
}
}
@@ -1251,7 +1251,7 @@
}
if (result != TCL_OK) {
- croak(Tcl_GetStringResult(interp));
+ croak("%s", Tcl_GetStringResult(interp));
}
prepare_Tcl_result(aTHX_ interp, "Tcl::invoke");
@@ -1318,7 +1318,7 @@
}
if (result != TCL_OK) {
- croak(Tcl_GetStringResult(interp));
+ croak("%s", Tcl_GetStringResult(interp));
}
prepare_Tcl_result(aTHX_ interp, "Tcl::icall");
@@ -1393,7 +1393,7 @@
CODE:
if (!initialized) { return; }
if (tclKit_AppInit(interp) != TCL_OK) {
- croak(Tcl_GetStringResult(interp));
+ croak("%s", Tcl_GetStringResult(interp));
}
Tcl_CreateObjCommand(interp, "::perl::Eval", Tcl_EvalInPerl,
(ClientData) NULL, NULL);
|
