`printw` should not be exposed.
thomcc opened this issue · 2 comments
It's very difficult / impossible to use this function from rust without introducing a format string vulnerability into your code (which can be used to trigger arbitrary code execution).
If you must expose something like it, have it just call addstr or mark it as unsafe (and deprecate it in both cases, IMO).
This function still should have been marked as unsafe, since it's trivial to cause an exploitable memory safety issue when calling it...
Deprecation is definitely insufficient because it's not transitive, and more importantly, people do not expect "deprecated" to mean "using this may cause memory errors". However, that's exactly what unsafe fn
communicates.
This is a serious security issue - such bugs can be easily exploited to get remote code execution. Please mark printw
as unsafe fn
and release an updated version. This is a breaking change, but I don't see a way to fix the exploit in a semver-compatible way.