From: Emden R. Gansner <erg@alum.mit.edu>
Date: Mon, 24 Nov 2014 19:32:58 +0000 (-0500)
Subject: Fix format string vulnerability in using agerr() to report errors during parsing.
X-Git-Tag: TRAVIS_CI_BUILD_EXPERIMENTAL~138
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=99eda421f7ddc27b14e4ac1d2126e5fe41719081;p=graphviz

Fix format string vulnerability in using agerr() to report errors during parsing.
We now use a fixed format %s, and pass the error string as an argument.
---

diff --git a/lib/cgraph/scan.l b/lib/cgraph/scan.l
index 85a150acb..a5872f4a3 100644
--- a/lib/cgraph/scan.l
+++ b/lib/cgraph/scan.l
@@ -225,6 +225,7 @@ ID		({NAME}|{NUMBER})
 <hstring>([^><\n]*)		addstr(yytext);
 .						return (yytext[0]);
 %%
+ 
 void yyerror(char *str)
 {
 	unsigned char	xbuf[BUFSIZ];
@@ -273,7 +274,7 @@ void yyerror(char *str)
 		break;
 	}
 	agxbputc (&xb, '\n');
-	agerr(AGERR,agxbuse(&xb));
+	agerr(AGERR, "%s", agxbuse(&xb));
 	agxbfree(&xb);
 }
 /* must be here to see flex's macro defns */