From 4e834964c95d4f3e300e3ccc776da8ff7877a293 Mon Sep 17 00:00:00 2001 From: Timothy Flynn Date: Tue, 8 Apr 2025 13:23:56 -0400 Subject: [PATCH] LibCore+LibJS+LibWasm: Always use a real format string It's generally considered a security issue to use non-format string literals. We would likely just crash in practice, but let's avoid the issue altogether. --- Libraries/LibCore/ArgsParser.cpp | 2 +- Libraries/LibJS/Print.cpp | 2 +- Libraries/LibWasm/Printer/Printer.cpp | 18 +++++++++--------- 3 files changed, 11 insertions(+), 11 deletions(-) diff --git a/Libraries/LibCore/ArgsParser.cpp b/Libraries/LibCore/ArgsParser.cpp index 9afbd5851b9..00ba12ac0b9 100644 --- a/Libraries/LibCore/ArgsParser.cpp +++ b/Libraries/LibCore/ArgsParser.cpp @@ -384,7 +384,7 @@ void ArgsParser::print_version(FILE* file) { // FIXME: Allow applications to override version string for --version. // Especially useful for Lagom applications - outln(file, Core::Version::read_long_version_string()); + outln(file, "{}", Core::Version::read_long_version_string()); } void ArgsParser::add_option(Option&& option) diff --git a/Libraries/LibJS/Print.cpp b/Libraries/LibJS/Print.cpp index 3c5e52fb454..0c77a3ccc63 100644 --- a/Libraries/LibJS/Print.cpp +++ b/Libraries/LibJS/Print.cpp @@ -154,7 +154,7 @@ ErrorOr print_type(JS::PrintContext& print_context, StringView name) ErrorOr print_separator(JS::PrintContext& print_context, bool& first) { - TRY(js_out(print_context, first ? " "sv : ", "sv)); + TRY(js_out(print_context, "{}", first ? " "sv : ", "sv)); first = false; return {}; } diff --git a/Libraries/LibWasm/Printer/Printer.cpp b/Libraries/LibWasm/Printer/Printer.cpp index b842472aa4b..e7919afa2bb 100644 --- a/Libraries/LibWasm/Printer/Printer.cpp +++ b/Libraries/LibWasm/Printer/Printer.cpp @@ -137,13 +137,13 @@ void Printer::print(Wasm::DataSection::Data const& data) [this](DataSection::Data::Passive const& value) { print_indent(); print("(passive init {}xu8 (", value.init.size()); - print(ByteString::join(' ', value.init, "{:x}"sv)); + print("{}", ByteString::join(' ', value.init, "{:x}"sv)); print(")\n"); }, [this](DataSection::Data::Active const& value) { print_indent(); print("(active init {}xu8 (", value.init.size()); - print(ByteString::join(' ', value.init, "{:x}"sv)); + print("{}", ByteString::join(' ', value.init, "{:x}"sv)); print("\n"); { TemporaryChange change { m_indent, m_indent + 1 }; @@ -659,26 +659,26 @@ void Printer::print(Wasm::Value const& value, Wasm::ValueType const& type) print_indent(); switch (type.kind()) { case ValueType::I32: - print(ByteString::formatted("{}", value.to())); + print("{}", value.to()); break; case ValueType::I64: - print(ByteString::formatted("{}", value.to())); + print("{}", value.to()); break; case ValueType::F32: - print(ByteString::formatted("{}", value.to())); + print("{}", value.to()); break; case ValueType::F64: - print(ByteString::formatted("{}", value.to())); + print("{}", value.to()); break; case ValueType::V128: - print(ByteString::formatted("v128({:x})", value.value())); + print("v128({:x})", value.value()); break; case ValueType::FunctionReference: case ValueType::ExternReference: - print(ByteString::formatted("addr({})", + print("addr({})", value.to().ref().visit( [](Wasm::Reference::Null const&) { return ByteString("null"); }, - [](auto const& ref) { return ByteString::number(ref.address.value()); }))); + [](auto const& ref) { return ByteString::number(ref.address.value()); })); break; } TemporaryChange change { m_indent, 0 };