Re: [PATCH v3] x86/disasm: do not use format string without format specifiers

← All discussions

Project / Subsystem

binutils / x86/disasm

Date

2026-05-26

Proposer

H.J. Lu <hjl.tools@gmail.com>

Source type

public_inbox

Consensus

Committed

Sentiment

—/10

View thread →

All attributes

project: binutils
subsystem: x86/disasm
patch_id: —
discussion_id: CAMe9rOpGWKYF34u4AjJvtV0tnD-AgGYoKDQisvC2woHLo2MHiQ@mail.gmail.com
source_type: public_inbox
title: Re: [PATCH v3] x86/disasm: do not use format string without format specifiers
headline: x86/disasm: Fix format string vulnerability
tldr: Fixes a format string vulnerability in the x86 disassembler by adding format specifiers to `i386_dis_printf` calls.
proposer: H.J. Lu <hjl.tools@gmail.com>
consensus: Committed
outcome: proposed
sentiment_score: —
technical_tradeoffs: []
series_id: —
series_role: reply
series_parts: []
tags: • x86
• disassembler
• security
• format string vulnerability
url: https://inbox.sourceware.org/binutils/CAMe9rOpGWKYF34u4AjJvtV0tnD-AgGYoKDQisvC2woHLo2MHiQ@mail.gmail.com
bugzilla_url: —
date: 2026-05-26T00:00:00.000Z

Re: [PATCH v3] x86/disasm: do not use format string without format specifiers

H.J. Lu pushed Will Hawkin’s patch which fixes a format string vulnerability in the x86 disassembler. The vulnerability, reported as PR binutils/34168, could lead to arbitrary code execution if a crafted input string is processed by the disassembler. The fix involves adding format specifiers to i386_dis_printf calls.