alpine 3.6
format weakness #94

4

Weakness Breakdown


Definition:

A format string exploit occurs when the data of an input string is evaluated as a command by the program. This class of attacks is very similar to buffer overflows since an attacker could execute code, read the stack or cause new behaviors that compromise security. Learn more about format string attacks on OWASP attack index.

Warning code(s):

If format strings can be influenced by an attacker, they can be exploited.

File Name:

libinput/src/libinput-1.7.2/src/libinput.h

Context:

The highlighted line of code below is the trigger point of this particular Alpine 3.6 format weakness.

  * paragraph) shall be included in all copies or substantial portions of the
 * Software.
 *
 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.  IN NO EVENT SHALL
 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
 * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
 * DEALINGS IN THE SOFTWARE.
 */

#ifndef LIBINPUT_H
#define LIBINPUT_H

#ifdef __cplusplus
extern "C" {
#endif

#include <stdlib.h>
#include <stdint.h>
#include <libudev.h>

#define LIBINPUT_ATTRIBUTE_PRINTF(_format, _args) \
	__attribute__ ((format (printf, _format, _args)))
#define LIBINPUT_ATTRIBUTE_DEPRECATED __attribute__ ((deprecated))

/**
 * @ingroup base
 * @struct libinput
 *
 * A handle for accessing libinput. This struct is refcounted, use
 * libinput_ref() and libinput_unref().
 */
struct libinput;

/**
 * @ingroup device
 * @struct libinput_device
 *
 * A base handle for accessing libinput devices. This struct is
 * refcounted, use libinput_device_ref() and libinput_device_unref().
 */
struct libinput_device;

/**
 * @ingroup device
 * @struct libinput_device_group
 *
 * A base handle for accessing libinput device groups. This struct is 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.