[PATCH] x86/disasm: do not use format string without format specifiers

← All discussions

Project / Subsystem

binutils / x86/disasm

Date

2026-05-23

Proposer

Will Hawkins <hawkinsw@obs.cr>

Source type

public_inbox

Consensus

Under Review

Sentiment

9/10

Technical tradeoffs

• The patch changes the format string, adding '%s' as a format specifier.
• The patch is small and localized, minimizing the risk of introducing new issues.

View thread →

All attributes

project: binutils
subsystem: x86/disasm
patch_id: —
discussion_id: 20260523111759.1294571-1-hawkinsw@obs.cr
source_type: public_inbox
title: [PATCH] x86/disasm: do not use format string without format specifiers
headline: Fixes format string vulnerability in x86 disassembler
tldr: The patch fixes a potential format string vulnerability in the x86 disassembler by adding format specifiers to i386_dis_printf.
proposer: Will Hawkins <hawkinsw@obs.cr>
consensus: Under Review
outcome: proposed
sentiment_score: 9
technical_tradeoffs: • The patch changes the format string, adding '%s' as a format specifier.
• The patch is small and localized, minimizing the risk of introducing new issues.
series_id: —
series_role: standalone
series_parts: []
tags: • security
• disassembler
• x86
• binutils
• format string vulnerability
url: https://inbox.sourceware.org/binutils/20260523111759.1294571-1-hawkinsw@obs.cr
bugzilla_url: —
date: 2026-05-23T00:00:00.000Z

[PATCH] x86/disasm: do not use format string without format specifiers

This patch fixes a potential format string vulnerability in the x86 disassembler. The i386_dis_printf function was being called with a format string that did not contain format specifiers, which could lead to security issues. The patch adds the missing format specifiers. H.J. Lu notes that this patch fixes PR binutils/34168.