From 9d52e3b425a79c8aa24b567e2053af93ebb2694d Mon Sep 17 00:00:00 2001 From: DaNike Date: Thu, 11 Sep 2025 01:44:52 -0500 Subject: [PATCH] Prevent format injection in hosting Windows PAL printf functions when redirected to file Fixes #119566 --- src/native/corehost/hostmisc/pal.windows.cpp | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/src/native/corehost/hostmisc/pal.windows.cpp b/src/native/corehost/hostmisc/pal.windows.cpp index 4561fef00d6543..fb9158182319cd 100644 --- a/src/native/corehost/hostmisc/pal.windows.cpp +++ b/src/native/corehost/hostmisc/pal.windows.cpp @@ -22,6 +22,14 @@ void pal::file_vprintf(FILE* f, const pal::char_t* format, va_list vl) namespace { + void file_printf(FILE* fallbackFileHandle, const pal::char_t* format, ...) + { + va_list args; + va_start(args, format); + pal::file_vprintf(fallbackFileHandle, format, args); + va_end(args); + } + void print_line_to_handle(const pal::char_t* message, HANDLE handle, FILE* fallbackFileHandle) { // String functions like vfwprintf convert wide to multi-byte characters as if wcrtomb were called - that is, using the current C locale (LC_TYPE). // In order to properly print UTF-8 and GB18030 characters to the console without requiring the user to use chcp to a compatible locale, we use WriteConsoleW. @@ -33,7 +41,7 @@ namespace { // We use file_vprintf to handle UTF-8 formatting. The WriteFile api will output the bytes directly with Unicode bytes, // while pal::file_vprintf will convert the characters to UTF-8. - pal::file_vprintf(fallbackFileHandle, message, va_list()); + file_printf(fallbackFileHandle, _X("%s"), message); } else { ::WriteConsoleW(handle, message, (int)pal::strlen(message), NULL, NULL);