fedora 25
format weakness #29


Weakness Breakdown


A format string exploit occurs when the data of an input string is evaluated as a command by the program. This class of attacks is very similar to buffer overflows since an attacker could execute code, read the stack or cause new behaviors that compromise security. Learn more about format string attacks on OWASP attack index.

Warning code(s):

Potential format string problem.

File Name:



The highlighted line of code below is the trigger point of this particular Fedora 25 format weakness.

	if(errno != ENOTSUP) return -1;	// error updating (don't report ENOTSUP);
    return 0;

 *** page-level interface

int af_get_page_raw(AFFILE *af,int64_t pagenum,uint32_t *arg,
		    unsigned char *data,size_t *bytes)
    char segname[AF_MAX_NAME_LEN];

    int r = af_get_seg(af,segname,arg,data,bytes);
    if(r < 0 && errno == ENOENT)
	/* Couldn't read with AF_PAGE; try AF_SEG_D.
	 * This is legacy for the old AFF files. Perhaps we should delete it.
	r = af_get_seg(af,segname,arg,data,bytes);
    /* Update the counters */
    if(r==0 && bytes && *bytes>0) af->pages_read++; // note that we read a page
    return r;

/* af_get_page:
 * Get a page from its named segment.
 * If the page is compressed, uncompress it.
 * data points to a segmenet of at least *bytes;
 * *bytes is then modified to indicate the actual amount of bytes read.
 * Return 0 if success, -1 if fail.

int af_get_page(AFFILE *af,int64_t pagenum,unsigned char *data,size_t *bytes)
    uint32_t arg=0;
    size_t page_len=0;

    if (af_trace){

    /* Find out the size of the segment and if it is compressed or not. 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.