Fix format string vulnerability in using agerr() to report errors during parsing.

author Emden R. Gansner <erg@alum.mit.edu>

Mon, 24 Nov 2014 19:32:58 +0000 (14:32 -0500)

committer Emden R. Gansner <erg@alum.mit.edu>

Mon, 24 Nov 2014 19:32:58 +0000 (14:32 -0500)
author Emden R. Gansner <erg@alum.mit.edu>
Mon, 24 Nov 2014 19:32:58 +0000 (14:32 -0500)
committer Emden R. Gansner <erg@alum.mit.edu>
Mon, 24 Nov 2014 19:32:58 +0000 (14:32 -0500)
diff --git a/lib/cgraph/scan.l b/lib/cgraph/scan.l

index 85a150acb416fb70bed5bf81093d2c72e4ebe588..a5872f4a3f618173ef4a580ec4bee5fb64d31710 100644 (file)
--- a/lib/cgraph/scan.l
+++ b/lib/cgraph/scan.l
@@ -225,6 +225,7 @@ ID          ({NAME}|{NUMBER})
  <hstring>([^><\n]*)            addstr(yytext);
  .                                              return (yytext[0]);
  %%
+ 
  void yyerror(char *str)
  {
         unsigned char   xbuf[BUFSIZ];
@@ -273,7 +274,7 @@ void yyerror(char *str)
                 break;
         }
         agxbputc (&xb, '\n');
-       agerr(AGERR,agxbuse(&xb));
+       agerr(AGERR, "%s", agxbuse(&xb));
         agxbfree(&xb);
  }
  /* must be here to see flex's macro defns */
author	Emden R. Gansner <erg@alum.mit.edu>
	Mon, 24 Nov 2014 19:32:58 +0000 (14:32 -0500)
committer	Emden R. Gansner <erg@alum.mit.edu>
	Mon, 24 Nov 2014 19:32:58 +0000 (14:32 -0500)