iox-eclipse-iceoryx#960 Fix format string issues

The prettyPrint() function no longer uses the unsanitized input string as format string for wprintw(), which is potentially dangerous if that string happens to contain '%' signs. The printMemPoolInfo() now correctly uses '%zd' instead of '%d' to format an output value of type size_t.
roehling · Nov 2, 2021 · a2d75d3 · a2d75d3
1 parent 2749f89
commit a2d75d3
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/tools/introspection/source/introspection_app.cpp b/tools/introspection/source/introspection_app.cpp
@@ -240,7 +240,7 @@ void IntrospectionApp::waitForUserInput(int32_t timeoutMs)
 void IntrospectionApp::prettyPrint(const std::string& str, const PrettyOptions pr)
 {
     wattron(pad, prettyMap.find(pr)->second);
-    wprintw(pad, str.c_str());
+    wprintw(pad, "%s", str.c_str());
     wattroff(pad, prettyMap.find(pr)->second);
 }
 
@@ -288,7 +288,7 @@ void IntrospectionApp::printMemPoolInfo(const MemPoolIntrospectionInfo& introspe
         auto& info = introspectionInfo.m_mempoolInfo[i];
         if (info.m_numChunks > 0u)
         {
-            wprintw(pad, "%*d |", memPoolWidth, i + 1u);
+            wprintw(pad, "%*zd |", memPoolWidth, i + 1u);
             wprintw(pad, "%*d |", usedchunksWidth, info.m_usedChunks);
             wprintw(pad, "%*d |", numchunksWidth, info.m_numChunks);
             wprintw(pad, "%*d |", minFreechunksWidth, info.m_minFreeChunks);