mirror of
https://github.com/token2/snapd.git
synced 2026-03-13 11:15:47 -07:00
c45782e846
We should be careful not to concatenate variable strings into the first
argument of Sprintf/Printf/Errorf: if these variable strings end up
containing a percent character, it will break the way that the printfs
arguments are interpreted. Luckily, golang is smarter than C and is able
to detect mismatches between the number of '%' and the number of
arguments, but it still can lead to unexpected results:
$ sudo snap set core refresh.rate-limit='%[2]#v'
error: cannot perform the following tasks:
- Run configure hook of "core" snap (run hook "configure": cannot parse "%!#(BADINDEX)v": no numerical prefix)
also:
$ sudo snap set core refresh.rate-limit='%#v'
error: cannot perform the following tasks:
- Run configure hook of "core" snap (run hook "configure": cannot parse "&errors.errorString{s:"no numerical prefix"}": %!s(MISSING))
Moreover, it appears that all the occurrences of such pattern in our
code are situated either on unprivileged processes (like the `snap`
client), or, when in snapd, can only be triggered by the root user
(notice the `sudo` in the commands above).
Nevertheless, let's be defensive and fix these.
There are also other occurrences of concatenations in formatting
strings, but those are only constants so they don't pose a problem. But
to avoid the risk of these strings getting updated in the future with a
mutable version, let's explicitly mark these format prefixes as `const`.