proc/alloc.c: Use vfprintf(), not fprintf().
This can disclose information from the stack, but is unlikely to have a security impact in the context of the procps utilities: user@debian:~$ w 2>&1 | xxd 00000000: a03c 79b7 1420 6661 696c 6564 2074 6f20 .<y.. failed to 00000010: 616c 6c6f 6361 7465 2033 3232 3137 3439 allocate 3221749 00000020: 3738 3020 6279 7465 7320 6f66 206d 656d 780 bytes of mem 00000030: 6f72 79 ory
This commit is contained in:
parent
7941bb512a
commit
98b79d1ef1
@ -30,7 +30,7 @@ static void xdefault_error(const char *restrict fmts, ...) {
|
|||||||
va_list va;
|
va_list va;
|
||||||
|
|
||||||
va_start(va, fmts);
|
va_start(va, fmts);
|
||||||
fprintf(stderr, fmts, va);
|
vfprintf(stderr, fmts, va);
|
||||||
va_end(va);
|
va_end(va);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user