Commit 2f65bd42 authored by Rémi Denis-Courmont's avatar Rémi Denis-Courmont

Fix a bunch of format string injection in VCDX and CDDA.

Initially reported by Kevin Finisterre
parent b11fb39b
......@@ -92,17 +92,17 @@ cdio_log_handler( cdio_log_level_t level, const char message[] )
case CDIO_LOG_DEBUG:
case CDIO_LOG_INFO:
if (p_cdda->i_debug & INPUT_DBG_CDIO)
msg_Dbg( p_cdda_input, message);
msg_Dbg( p_cdda_input, "%s", message);
break;
case CDIO_LOG_WARN:
msg_Warn( p_cdda_input, message);
msg_Warn( p_cdda_input, "%s", message);
break;
case CDIO_LOG_ERROR:
case CDIO_LOG_ASSERT:
msg_Err( p_cdda_input, message);
msg_Err( p_cdda_input, "%s", message);
break;
default:
msg_Warn( p_cdda_input, message,
msg_Warn( p_cdda_input, "%s\n%s %d", message,
"the above message had unknown cdio log level",
level);
break;
......
......@@ -91,17 +91,17 @@ cdio_log_handler (cdio_log_level_t level, const char message[])
case CDIO_LOG_DEBUG:
case CDIO_LOG_INFO:
if (p_vcdplayer->i_debug & INPUT_DBG_CDIO)
msg_Dbg( p_vcd_access, message);
msg_Dbg( p_vcd_access, "%s", message);
break;
case CDIO_LOG_WARN:
msg_Warn( p_vcd_access, message);
msg_Warn( p_vcd_access, "%s", message);
break;
case CDIO_LOG_ERROR:
case CDIO_LOG_ASSERT:
msg_Err( p_vcd_access, message);
msg_Err( p_vcd_access, "%s", message);
break;
default:
msg_Warn( p_vcd_access, message,
msg_Warn( p_vcd_access, "%s\n%s %d", message,
_("The above message had unknown log level"),
level);
}
......@@ -117,14 +117,14 @@ vcd_log_handler (vcd_log_level_t level, const char message[])
case VCD_LOG_DEBUG:
case VCD_LOG_INFO:
if (p_vcdplayer->i_debug & INPUT_DBG_VCDINFO)
msg_Dbg( p_vcd_access, message);
msg_Dbg( p_vcd_access, "%s", message);
break;
case VCD_LOG_WARN:
msg_Warn( p_vcd_access, message);
msg_Warn( p_vcd_access, "%s", message);
break;
case VCD_LOG_ERROR:
case VCD_LOG_ASSERT:
msg_Err( p_vcd_access, message);
msg_Err( p_vcd_access, "%s", message);
break;
default:
msg_Warn( p_vcd_access, "%s\n%s %d", message,
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment