[vlc-devel] commit: Fix format-security warnings ( Frédéric Crozat )

git version control git at videolan.org
Fri Feb 20 17:28:42 CET 2009


vlc | branch: 0.9-bugfix | Frédéric Crozat <fcrozat at mandrake.com> | Fri Feb 20 18:13:02 2009 +0200| [ebec76a70af18d520f9053b9238b6bfd6e039fb6] | committer: Rémi Denis-Courmont 

Fix format-security warnings

Trimmed and
Signed-off-by: Rémi Denis-Courmont <rdenis at simphalempin.com>
(cherry picked from commit 25c5812608316c7cd9b19c0adf8b111cb46774f8)

> http://git.videolan.org/gitweb.cgi/vlc.git/?a=commit;h=ebec76a70af18d520f9053b9238b6bfd6e039fb6
---

 modules/control/hotkeys.c   |    2 +-
 modules/control/rc.c        |    2 +-
 modules/control/telnet.c    |    2 +-
 modules/misc/lua/libs/osd.c |    2 +-
 modules/misc/lua/vlc.c      |    2 +-
 src/input/vlmshell.c        |   27 ++++++++++++++-------------
 6 files changed, 19 insertions(+), 18 deletions(-)

diff --git a/modules/control/hotkeys.c b/modules/control/hotkeys.c
index 22a0887..0cec029 100644
--- a/modules/control/hotkeys.c
+++ b/modules/control/hotkeys.c
@@ -985,7 +985,7 @@ static void DisplayPosition( intf_thread_t *p_intf, vout_thread_t *p_vout,
     }
     else if( i_seconds > 0 )
     {
-        vout_OSDMessage( p_input, POSITION_TEXT_CHAN, psz_time );
+        vout_OSDMessage( p_input, POSITION_TEXT_CHAN, "%s", psz_time );
     }
 
     if( !p_vout->p_window || p_vout->b_fullscreen )
diff --git a/modules/control/rc.c b/modules/control/rc.c
index 2deed06..168aaa8 100644
--- a/modules/control/rc.c
+++ b/modules/control/rc.c
@@ -638,7 +638,7 @@ static void Run( intf_thread_t *p_intf )
 
                 if( psz_msg )
                 {
-                    msg_rc( psz_msg );
+                    msg_rc( "%s", psz_msg );
                     free( psz_msg );
                 }
             }
diff --git a/modules/control/telnet.c b/modules/control/telnet.c
index 1ac35f8..643defd 100644
--- a/modules/control/telnet.c
+++ b/modules/control/telnet.c
@@ -459,7 +459,7 @@ static void Run( intf_thread_t *p_intf )
                     if( psz_msg )
                     {
                         vlm_message_t *message;
-                        message = vlm_MessageNew( "Module command", psz_msg );
+                        message = vlm_MessageNew( "Module command", "%s", psz_msg );
                         Write_message( cl, message, NULL, WRITE_MODE_CMD );
                         vlm_MessageDelete( message );
                         free( psz_msg );
diff --git a/modules/misc/lua/libs/osd.c b/modules/misc/lua/libs/osd.c
index c0a43cc..05c1aae 100644
--- a/modules/misc/lua/libs/osd.c
+++ b/modules/misc/lua/libs/osd.c
@@ -85,7 +85,7 @@ static int vlclua_osd_message( lua_State *L )
     const char *psz_message = luaL_checkstring( L, 1 );
     int i_chan = luaL_optint( L, 2, DEFAULT_CHAN );
     vlc_object_t *p_this = vlclua_get_this( L );
-    vout_OSDMessage( p_this, i_chan, psz_message );
+    vout_OSDMessage( p_this, i_chan, "%s", psz_message );
     return 0;
 }
 
diff --git a/modules/misc/lua/vlc.c b/modules/misc/lua/vlc.c
index dcf87b1..397c279 100644
--- a/modules/misc/lua/vlc.c
+++ b/modules/misc/lua/vlc.c
@@ -317,7 +317,7 @@ void __vlclua_read_custom_meta_data( vlc_object_t *p_this, lua_State *L,
                                  psz_meta_category, psz_meta_name,
                                  psz_meta_value );
                         input_item_AddInfo( p_input, psz_meta_category,
-                                           psz_meta_name, psz_meta_value );
+                                           psz_meta_name, "%s", psz_meta_value );
                     }
                     lua_pop( L, 1 ); /* pop item */
                     /* ... item meta key value key2 */
diff --git a/src/input/vlmshell.c b/src/input/vlmshell.c
index 0d8bc10..5a8796a 100644
--- a/src/input/vlmshell.c
+++ b/src/input/vlmshell.c
@@ -522,7 +522,7 @@ static int ExecuteExport( vlm_t *p_vlm, vlm_message_t **pp_status )
 {
     char *psz_export = Save( p_vlm );
 
-    *pp_status = vlm_MessageNew( "export", psz_export );
+    *pp_status = vlm_MessageNew( "export", "%s", psz_export );
     free( psz_export );
     return VLC_SUCCESS;
 }
@@ -898,7 +898,7 @@ int ExecuteCommand( vlm_t *p_vlm, const char *psz_command,
 
         if( psz_temp == NULL )
         {
-            p_message = vlm_MessageNew( "Incomplete command", psz_command );
+            p_message = vlm_MessageNew( "Incomplete command", "%s", psz_command );
             goto error;
         }
 
@@ -1293,7 +1293,7 @@ static vlm_message_t *vlm_ShowMedia( vlm_media_sys_t *p_media )
 
     if( p_cfg->b_vod )
         vlm_MessageAdd( p_msg,
-                        vlm_MessageNew( "mux", p_cfg->vod.psz_mux ) );
+                        vlm_MessageNew( "mux", "%s", p_cfg->vod.psz_mux ) );
     else
         vlm_MessageAdd( p_msg,
                         vlm_MessageNew( "loop", p_cfg->broadcast.b_loop ? "yes" : "no" ) );
@@ -1305,13 +1305,13 @@ static vlm_message_t *vlm_ShowMedia( vlm_media_sys_t *p_media )
         if( asprintf( &psz_tmp, "%d", i+1 ) != -1 )
         {
             vlm_MessageAdd( p_msg_sub,
-                            vlm_MessageNew( psz_tmp, p_cfg->ppsz_input[i] ) );
+                            vlm_MessageNew( psz_tmp, "%s", p_cfg->ppsz_input[i] ) );
             free( psz_tmp );
         }
     }
 
     vlm_MessageAdd( p_msg,
-                    vlm_MessageNew( "output", p_cfg->psz_output ? p_cfg->psz_output : "" ) );
+                    vlm_MessageNew( "output", "%s", p_cfg->psz_output ? p_cfg->psz_output : "" ) );
 
     p_msg_sub = vlm_MessageAdd( p_msg, vlm_MessageNew( "options", vlm_NULL ) );
     for( i = 0; i < p_cfg->i_option; i++ )
@@ -1332,7 +1332,7 @@ static vlm_message_t *vlm_ShowMedia( vlm_media_sys_t *p_media )
         p_msg_instance = vlm_MessageAdd( p_msg_sub, vlm_MessageNew( "instance" , vlm_NULL ) );
 
         vlm_MessageAdd( p_msg_instance,
-                        vlm_MessageNew( "name" , p_instance->psz_name ? p_instance->psz_name : "default" ) );
+                        vlm_MessageNew( "name" , "%s", p_instance->psz_name ? p_instance->psz_name : "default" ) );
         vlm_MessageAdd( p_msg_instance,
                         vlm_MessageNew( "state",
                             val.i_int == PLAYING_S ? "playing" :
@@ -1347,7 +1347,7 @@ static vlm_message_t *vlm_ShowMedia( vlm_media_sys_t *p_media )
                       var_Get ## type( p_instance->p_input, a ) ) != -1 ) \
             { \
                 vlm_MessageAdd( p_msg_instance, vlm_MessageNew( a, \
-                                psz_tmp ) ); \
+                                "%s", psz_tmp ) ); \
                 free( psz_tmp ); \
             }
             APPEND_INPUT_INFO( "position", "%f", Float );
@@ -1362,7 +1362,7 @@ static vlm_message_t *vlm_ShowMedia( vlm_media_sys_t *p_media )
         if( asprintf( &psz_tmp, "%d", p_instance->i_index + 1 ) != -1 )
         {
             vlm_MessageAdd( p_msg_instance, vlm_MessageNew( "playlistindex",
-                            psz_tmp ) );
+                            "%s", psz_tmp ) );
             free( psz_tmp );
         }
     }
@@ -1411,7 +1411,7 @@ static vlm_message_t *vlm_Show( vlm_t *vlm, vlm_media_sys_t *media,
                           date.tm_hour, date.tm_min, date.tm_sec ) != -1 )
             {
                  vlm_MessageAdd( msg_schedule,
-                                 vlm_MessageNew( "date", psz_date ) );
+                                 vlm_MessageNew( "date", "%s", psz_date ) );
                  free( psz_date );
             }
         }
@@ -1439,13 +1439,13 @@ static vlm_message_t *vlm_Show( vlm_t *vlm, vlm_media_sys_t *media,
             sprintf( buffer, "%d/%d/%d-%d:%d:%d", date.tm_year, date.tm_mon,
                      date.tm_mday, date.tm_hour, date.tm_min, date.tm_sec);
 
-            vlm_MessageAdd( msg_schedule, vlm_MessageNew("period", buffer) );
+            vlm_MessageAdd( msg_schedule, vlm_MessageNew("period", "%s", buffer) );
         }
         else
             vlm_MessageAdd( msg_schedule, vlm_MessageNew("period", "0") );
 
         sprintf( buffer, "%d", schedule->i_repeat );
-        vlm_MessageAdd( msg_schedule, vlm_MessageNew( "repeat", buffer ) );
+        vlm_MessageAdd( msg_schedule, vlm_MessageNew( "repeat", "%s", buffer ) );
 
         msg_child =
             vlm_MessageAdd( msg_schedule, vlm_MessageNew("commands", vlm_NULL ) );
@@ -1480,7 +1480,8 @@ static vlm_message_t *vlm_Show( vlm_t *vlm, vlm_media_sys_t *media,
                       i_vod) == -1 )
             return NULL;
         p_msg = vlm_MessageNew( "show", vlm_NULL );
-        p_msg_child = vlm_MessageAdd( p_msg, vlm_MessageNew( "media", psz_count ) );
+        p_msg_child = vlm_MessageAdd( p_msg, vlm_MessageNew( "media", "%s",
+                                                             psz_count ) );
         free( psz_count );
 
         for( i = 0; i < vlm->i_media; i++ )
@@ -1539,7 +1540,7 @@ static vlm_message_t *vlm_Show( vlm_t *vlm, vlm_media_sys_t *media,
 #endif
 
                 vlm_MessageAdd( msg_schedule,
-                                vlm_MessageNew( "next launch", psz_date ) );
+                                vlm_MessageNew( "next launch", "%s", psz_date ) );
 #endif
             }
         }




More information about the vlc-devel mailing list