alpine 3.8
format weakness #3


Weakness Breakdown


A format string exploit occurs when the data of an input string is evaluated as a command by the program. This class of attacks is very similar to buffer overflows since an attacker could execute code, read the stack or cause new behaviors that compromise security. Learn more about format string attacks on OWASP attack index.

Warning code(s):

If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always 0-terminate.

File Name:



The highlighted line of code below is the trigger point of this particular Alpine 3.8 format weakness.

// Windows CE has no C library. The abort() function is used in
// several places in Google Test. This implementation provides a reasonable
// imitation of standard behaviour.
void Abort();
inline void Abort() { abort(); }

}  // namespace posix

// MSVC "deprecates" snprintf and issues warnings wherever it is used.  In
// order to avoid these warnings, we need to use _snprintf or _snprintf_s on
// MSVC-based platforms.  We map the GTEST_SNPRINTF_ macro to the appropriate
// function in order to achieve that.  We use macro definition here because
// snprintf is a variadic function.
// MSVC 2005 and above support variadic macros.
# define GTEST_SNPRINTF_(buffer, size, format, ...) \
     _snprintf_s(buffer, size, size, format, __VA_ARGS__)
#elif defined(_MSC_VER)
// Windows CE does not define _snprintf_s and MSVC prior to 2005 doesn't
// complain about _snprintf.
# define GTEST_SNPRINTF_ _snprintf
# define GTEST_SNPRINTF_ snprintf

// The maximum number a BiggestInt can represent.  This definition
// works no matter BiggestInt is represented in one's complement or
// two's complement.
// We cannot rely on numeric_limits in STL, as __int64 and long long
// are not part of standard C++ and numeric_limits doesn't need to be
// defined for them.
const BiggestInt kMaxBiggestInt =
    ~(static_cast<BiggestInt>(1) << (8*sizeof(BiggestInt) - 1));

// This template class serves as a compile-time function from size to
// type.  It maps a size in bytes to a primitive type with that
// size. e.g.
//   TypeWithSize<4>::UInt
// is typedef-ed to be unsigned int (unsigned integer made up of 4
// bytes).
// Such functionality should belong to STL, but I cannot find it
// there. 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.