proc/alloc.c: Use vfprintf(), not fprintf().

This can disclose information from the stack, but is unlikely to have a
security impact in the context of the procps utilities:

user@debian:~$ w 2>&1 | xxd
00000000: a03c 79b7 1420 6661 696c 6564 2074 6f20  .<y.. failed to
00000010: 616c 6c6f 6361 7465 2033 3232 3137 3439  allocate 3221749
00000020: 3738 3020 6279 7465 7320 6f66 206d 656d  780 bytes of mem
00000030: 6f72 79                                  ory

diff --git a/proc/alloc.c b/proc/alloc.c
index 94af47f7231406839308d79c8943b44c413a34a2..3cdb60fc9d987102d428640b1abca625d0f7f190 100644 (file)
--- a/proc/alloc.c
+++ b/proc/alloc.c
@@ -30,7 +30,7 @@ static void xdefault_error(const char *restrict fmts, ...) {
     va_list va;
 
     va_start(va, fmts);
-    fprintf(stderr, fmts, va);
+    vfprintf(stderr, fmts, va);
     va_end(va);
 }