From 8a04cbeba8e52029c77ce68b081edc7e3277729d Mon Sep 17 00:00:00 2001
From: Kevin Easton <keaston@users.sourceforge.net>
Date: Sun, 23 Jun 2013 14:36:32 +0000
Subject: [PATCH] Don't pass the output of convert_output_format(FORMAT_DCC,
 ...) directly to sprintf() as a format string, because there could (and
 usually are!) '%' characters that will be interpreted by sprintf.

This also allows clean compilation under -Werror=format-security.


git-svn-id: svn://svn.code.sf.net/p/bitchx/code/trunk@246 13b04d17-f746-0410-82c6-800466cd88b0
---
 Changelog    | 2 ++
 source/dcc.c | 2 +-
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/Changelog b/Changelog
index 3889fcc..da6d27c 100644
--- a/Changelog
+++ b/Changelog
@@ -1,5 +1,7 @@
 [Changes 1.2c01]
 
+* Ensure proper handling of % when /FSET DCC is used. (caf)
+
 * Improve robustness of CDCC save file loading. (caf)
 
 * Fix open file leak in /LASTLOG found by Coverity. (caf)
diff --git a/source/dcc.c b/source/dcc.c
index 619009d..96504f8 100644
--- a/source/dcc.c
+++ b/source/dcc.c
@@ -2750,7 +2750,7 @@ register int		i = 0;
 /*		chop(transfer_buffer, 1);*/
 		if (fget_string_var(FORMAT_DCC_FSET))
 		{
-			sprintf(DCC_current_transfer_buffer, convert_output_format(fget_string_var(FORMAT_DCC_FSET), "%s", transfer_buffer));
+			sprintf(DCC_current_transfer_buffer, "%s", convert_output_format(fget_string_var(FORMAT_DCC_FSET), "%s", transfer_buffer));
 			chop(DCC_current_transfer_buffer, 4);
 		}
 		else