dtcalc: Resolve "format not a string literal and no format arguments [-Wformat-security]" warnings.

Fix warnings related to secruity concerns on varargs functions. By specifying "%s" on single string calls to sprintf() (and related) it's not possible to have a % in the input string causing random data to be read off the stack.
2012-08-22 11:28:36 +01:00
parent 7d50721685
commit 20c107bce2
2 changed files with 9 additions and 9 deletions
--- a/cde/programs/dtcalc/calctool.c
+++ b/cde/programs/dtcalc/calctool.c
@@ -563,7 +563,7 @@ char *argv[] ;
                           {
                             msg = (char *) XtMalloc(strlen(
                                                   opts[(int) O_ACCRANGE]) + 3);
-                             sprintf(msg, opts[(int) O_ACCRANGE]);
+                             sprintf(msg, "%s", opts[(int) O_ACCRANGE]);
                             _DtSimpleError (v->appname, DtWarning, NULL, msg);
                             XtFree(msg);
                             v->accuracy = 2 ;
@@ -619,7 +619,7 @@ char *argv[] ;
                           {
                             msg = (char *) XtMalloc(strlen(
                                                    opts[(int) O_BASE]) + 3);
-                             sprintf(msg, opts[(int) O_BASE]);
+                             sprintf(msg, "%s", opts[(int) O_BASE]);
                             _DtSimpleError (v->appname, DtWarning, NULL, msg);
                             XtFree(msg);
                             v->base = DEC ;
@@ -1688,8 +1688,8 @@ usage(progname)
 char *progname ;
 {
  FPRINTF(stderr, ustrs[(int) USAGE1], PATCHLEVEL) ;
-  FPRINTF(stderr, ustrs[(int) USAGE2]) ;
-  FPRINTF(stderr, ustrs[(int) USAGE3]) ;
+  FPRINTF(stderr, "%s", ustrs[(int) USAGE2]) ;
+  FPRINTF(stderr, "%s", ustrs[(int) USAGE3]) ;
  exit(1) ;
 }