Re: [PATCH] gnu: doxygen: Use sh from the store.

guix-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] gnu: doxygen: Use sh from the store.

From:	Thomas Danckaert
Subject:	Re: [PATCH] gnu: doxygen: Use sh from the store.
Date:	Tue, 03 Jan 2017 13:51:40 +0100 (CET)

From: Danny Milosavljevic <address@hidden>
Subject: Re: [PATCH] gnu: doxygen: Use sh from the store.
Date: Tue, 3 Jan 2017 13:28:37 +0100

Thanks for the patch! Looks good to me.
In any case, if we search for "portable_system", we find that thereare lots of other things that don't use in-store names:
./cite.cpp: if((exitCode=portable_system("perl","\""+bib2xhtmlFile+"\""+bibOutputFiles+" \""+./dia.cpp: if((exitCode=portable_system(diaExe,diaArgs,FALSE))!=0) // from config
[...]


AFAIU those could work, because "portable_system()" runs “sh -c” with
the specified command.  So if the executables can be found on the
current PATH, I suppose it will work.

Aaaah found sprintf without max length specifier.
Dear god is doxygen unsafe. I should refrain from reading thesource code of some popular packages - it doesn't end well.

:-) Perhaps this is not so critical, because users likely don't rundoxygen on arbitrary unverified input data?


Thomas

[Prev in Thread]

Current Thread

[Next in Thread]

[PATCH] gnu: doxygen: Use sh from the store., Thomas Danckaert, 2017/01/03
- Re: [PATCH] gnu: doxygen: Use sh from the store., Danny Milosavljevic, 2017/01/03
  - Re: [PATCH] gnu: doxygen: Use sh from the store., Thomas Danckaert <=
  - Re: [PATCH] gnu: doxygen: Use sh from the store., Thomas Danckaert, 2017/01/09
    - Re: [PATCH] gnu: doxygen: Use sh from the store., Leo Famulari, 2017/01/09

Prev by Date: Re: [PATCH 5/5] gnu: assword: Update to 0.10.
Next by Date: Re: Empty file in hydra store?
Previous by thread: Re: [PATCH] gnu: doxygen: Use sh from the store.
Next by thread: Re: [PATCH] gnu: doxygen: Use sh from the store.
Index(es):
- Date
- Thread