[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH] gnu: doxygen: Use sh from the store.
From: |
Thomas Danckaert |
Subject: |
Re: [PATCH] gnu: doxygen: Use sh from the store. |
Date: |
Tue, 03 Jan 2017 13:51:40 +0100 (CET) |
From: Danny Milosavljevic <address@hidden>
Subject: Re: [PATCH] gnu: doxygen: Use sh from the store.
Date: Tue, 3 Jan 2017 13:28:37 +0100
Thanks for the patch! Looks good to me.
In any case, if we search for "portable_system", we find that there
are lots of other things that don't use in-store names:
./cite.cpp: if
((exitCode=portable_system("perl","\""+bib2xhtmlFile+"\"
"+bibOutputFiles+" \""+
./dia.cpp: if
((exitCode=portable_system(diaExe,diaArgs,FALSE))!=0) // from config
[...]
AFAIU those could work, because "portable_system()" runs “sh -c” with
the specified command. So if the executables can be found on the
current PATH, I suppose it will work.
Aaaah found sprintf without max length specifier.
Dear god is doxygen unsafe. I should refrain from reading the
source code of some popular packages - it doesn't end well.
:-) Perhaps this is not so critical, because users likely don't run
doxygen on arbitrary unverified input data?
Thomas