dev-ruby/ruby-gtk2/files/ruby-gtk2-0.16.0-format-string.patch


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15

This patch fixes a format string vulnerability that got reported in bug #200623.
It is already fixed in upstream SVN in an identical manner.

--- gtk/src/rbgtkmessagedialog.c
+++ gtk/src/rbgtkmessagedialog.c
@@ -28,7 +28,8 @@
                                RVAL2GFLAGS(flags, GTK_TYPE_DIALOG_FLAGS), 
                                RVAL2GENUM(type, GTK_TYPE_MESSAGE_TYPE), 
                                RVAL2GENUM(buttons, GTK_TYPE_BUTTONS_TYPE),
-                               (const gchar*)(NIL_P(message) ? "": RVAL2CSTR(message)));
+                               "%s",
+                               NIL_P(message) ? "": RVAL2CSTR(message));
     RBGTK_INITIALIZE(self, w);
     return Qnil;
 }