Additional agerr() format string fixes

Similar to commit 99eda42, ensure the second argument to agerr() is
fixed string with no user inputs.  Change applied to:

* cmd/tools/gmlscan.l - unclear if this can be exploited in practice, as
  only yytext can possibly hold format string
* lib/graph/lexer.c - format string can be injected via graph file
  content.  Note that libgraph is deprecated as of version 2.30.0, so
  this fix is more relevant for older graphviz versions.

diff --git a/cmd/tools/gmlscan.l b/cmd/tools/gmlscan.l
index ea8db0f6fa110678a88a2943e5fdecd575a015fa..e83ca4f6b4539ae0dfef4a0738481301d63f444d 100644 (file)
--- a/cmd/tools/gmlscan.l
+++ b/cmd/tools/gmlscan.l
@@ -127,7 +127,7 @@ void yyerror(char *str)
        return;
     errors = 1;
     sprintf(buf," %s in line %d near '%s'\n", str,line_num,yytext);
-    agerr(AGWARN,buf);
+    agerr(AGWARN, "%s", buf);
 }
 
 int gmlerrors()

diff --git a/lib/graph/lexer.c b/lib/graph/lexer.c
index 05452c8096e57463e1be68d3a8a52d7535f79dad..790563b97f2a55ea324bfbac9d692364f65ff798 100644 (file)
--- a/lib/graph/lexer.c
+++ b/lib/graph/lexer.c
@@ -460,16 +460,16 @@ static void error_context(void)
     if (buf < p) {
        c = *p;
        *p = '\0';
-       agerr(AGPREV, buf);
+       agerr(AGPREV, "%s", buf);
        *p = c;
     }
     agerr(AGPREV, " >>> ");
     c = *LexPtr;
     *LexPtr = '\0';
-    agerr(AGPREV, p);
+    agerr(AGPREV, "%s", p);
     *LexPtr = c;
     agerr(AGPREV, " <<< ");
-    agerr(AGPREV, LexPtr);
+    agerr(AGPREV, "%s", LexPtr);
 }
 
 void agerror(char *msg)