Don't pass the output of convert_output_format(FORMAT_DCC, ...) directly to

sprintf() as a format string, because there could (and usually are!) '%' characters that will be interpreted by sprintf. This also allows clean compilation under -Werror=format-security. git-svn-id: svn://svn.code.sf.net/p/bitchx/code/trunk@246 13b04d17-f746-0410-82c6-800466cd88b0
2013-06-23 14:36:32 +00:00
parent dd9de3dff0
commit 8a04cbeba8
2 changed files with 3 additions and 1 deletions
--- a/2
+++ b/2
@@ -1,5 +1,7 @@
 [Changes 1.2c01]

+* Ensure proper handling of % when /FSET DCC is used. (caf)
+
 * Improve robustness of CDCC save file loading. (caf)

 * Fix open file leak in /LASTLOG found by Coverity. (caf)
--- a/source/dcc.c
+++ b/source/dcc.c
@@ -2750,7 +2750,7 @@ register int		i = 0;
 /*		chop(transfer_buffer, 1);*/
 		if (fget_string_var(FORMAT_DCC_FSET))
 		{
-			sprintf(DCC_current_transfer_buffer, convert_output_format(fget_string_var(FORMAT_DCC_FSET), "%s", transfer_buffer));
+			sprintf(DCC_current_transfer_buffer, "%s", convert_output_format(fget_string_var(FORMAT_DCC_FSET), "%s", transfer_buffer));
 			chop(DCC_current_transfer_buffer, 4);
 		}
 		else