dtcalc: Resolve "format not a string literal and no format arguments [-Wformat-securi...

Fix warnings related to secruity concerns on varargs functions. By specifying
"%s" on single string calls to sprintf() (and related) it's not possible to
have a % in the input string causing random data to be read off the stack.

diff --git a/cde/programs/dtcalc/calctool.c b/cde/programs/dtcalc/calctool.c
index 063f09c4bda474fe529dcbbcb15bf899ef45fdc9..ce349764b8c02bb593e191c3c5a09a4858d1e61c 100644 (file)
--- a/cde/programs/dtcalc/calctool.c
+++ b/cde/programs/dtcalc/calctool.c
@@ -563,7 +563,7 @@ char *argv[] ;
                            {
                              msg = (char *) XtMalloc(strlen(
                                                    opts[(int) O_ACCRANGE]) + 3);
-                             sprintf(msg, opts[(int) O_ACCRANGE]);
+                             sprintf(msg, "%s", opts[(int) O_ACCRANGE]);
                              _DtSimpleError (v->appname, DtWarning, NULL, msg);
                              XtFree(msg);
                              v->accuracy = 2 ;
@@ -619,7 +619,7 @@ char *argv[] ;
                            {
                              msg = (char *) XtMalloc(strlen(
                                                     opts[(int) O_BASE]) + 3);
-                             sprintf(msg, opts[(int) O_BASE]);
+                             sprintf(msg, "%s", opts[(int) O_BASE]);
                              _DtSimpleError (v->appname, DtWarning, NULL, msg);
                              XtFree(msg);
                              v->base = DEC ;
@@ -1688,8 +1688,8 @@ usage(progname)
 char *progname ;
 {
   FPRINTF(stderr, ustrs[(int) USAGE1], PATCHLEVEL) ;
-  FPRINTF(stderr, ustrs[(int) USAGE2]) ;
-  FPRINTF(stderr, ustrs[(int) USAGE3]) ;
+  FPRINTF(stderr, "%s", ustrs[(int) USAGE2]) ;
+  FPRINTF(stderr, "%s", ustrs[(int) USAGE3]) ;
   exit(1) ;
 }
 

diff --git a/cde/programs/dtcalc/motif.c b/cde/programs/dtcalc/motif.c
index a367d9af6f34d06701d69e05fca505f073609085..e56a0f47cceb60a6ff08bde735428fd068e57033 100644 (file)
--- a/cde/programs/dtcalc/motif.c
+++ b/cde/programs/dtcalc/motif.c
@@ -312,7 +312,7 @@ char **argv ;
 
       tmpStr = GETMESSAGE(2, 31, "Could not open display.\n");
       msg = XtNewString(tmpStr);
-      FPRINTF(stderr, msg) ;
+      FPRINTF(stderr, "%s", msg) ;
       exit(1) ;
     }
 
@@ -3294,7 +3294,7 @@ XtPointer client_data, call_data ;
   if ((strcmp(X->cfval, "") == 0) || X->cfval[0] < '0' || X->cfval[0] > '9' ||
                                      X->cfno < 0 || X->cfno > 9)
     {
-      SPRINTF(str, (X->CFtype == M_CON) ? vstrs[(int) V_LCON]
+      SPRINTF(str, "%s", (X->CFtype == M_CON) ? vstrs[(int) V_LCON]
                                    : vstrs[(int) V_LFUN]) ;
       SPRINTF(message, "%s\n%s", str, vstrs[(int) V_RANGE]) ;
       do_continue_notice(X->CFframe, message) ;
@@ -3701,7 +3701,7 @@ read_resources()    /* Read all possible resources from the database. */
   else
   {
      msg = (char *) XtMalloc(strlen( opts[(int) O_BASE]) + 3);
-     sprintf(msg, opts[(int) O_BASE]);
+     sprintf(msg, "%s", opts[(int) O_BASE]);
      _DtSimpleError (v->appname, DtWarning, NULL, msg);
      XtFree(msg);
      v->base = (enum base_type) 2;
@@ -4422,7 +4422,7 @@ RestoreSession()
       if (v->accuracy < 0 || v->accuracy > 9)
         {
           msg = (char *) XtMalloc(strlen( opts[(int) O_ACCRANGE]) + 3);
-          sprintf(msg, opts[(int) O_ACCRANGE]);
+          sprintf(msg, "%s", opts[(int) O_ACCRANGE]);
           _DtSimpleError (v->appname, DtWarning, NULL, msg);
           XtFree(msg);
           v->accuracy = 2 ;
@@ -4437,7 +4437,7 @@ RestoreSession()
       if (i == MAXBASES)
       {
           msg = (char *) XtMalloc(strlen( opts[(int) O_BASE]) + 3);
-          sprintf(msg, opts[(int) O_BASE]);
+          sprintf(msg, "%s", opts[(int) O_BASE]);
           _DtSimpleError (v->appname, DtWarning, NULL, msg);
           XtFree(msg);
       }