[FORMAT]
authorTimo Kreuzer <timo.kreuzer@reactos.org>
Mon, 31 May 2010 13:56:29 +0000 (13:56 +0000)
committerTimo Kreuzer <timo.kreuzer@reactos.org>
Mon, 31 May 2010 13:56:29 +0000 (13:56 +0000)
Fix "potentially insecure" usage of non-string-literals in printf.

svn path=/trunk/; revision=47490

reactos/base/system/format/format.c

index ba9f42b..4eae18b 100755 (executable)
@@ -185,7 +185,7 @@ FormatExCallback (
                if( *status == FALSE ) {
 
                        LoadString( GetModuleHandle(NULL), STRING_FORMAT_FAIL, (LPTSTR) szMsg,RC_STRING_MAX_SIZE);
-                       _tprintf(szMsg);
+                       _tprintf("%s", szMsg);
                        Error = TRUE;
                }
                break;
@@ -204,7 +204,7 @@ FormatExCallback (
        case STRUCTUREPROGRESS:
        case CLUSTERSIZETOOSMALL:
                LoadString( GetModuleHandle(NULL), STRING_NO_SUPPORT, (LPTSTR) szMsg,RC_STRING_MAX_SIZE);
-               _tprintf(szMsg);
+               _tprintf("%s", szMsg);
                return FALSE;
        }
        return TRUE;
@@ -320,7 +320,7 @@ _tmain(int argc, TCHAR *argv[])
        //
        if( !LoadFMIFSEntryPoints()) {
                LoadString( GetModuleHandle(NULL), STRING_FMIFS_FAIL, (LPTSTR) szMsg,RC_STRING_MAX_SIZE);
-               _tprintf(szMsg);
+               _tprintf("%s", szMsg);
                return -1;
        }
 
@@ -422,7 +422,7 @@ _tmain(int argc, TCHAR *argv[])
                                        break;
                                }
                                LoadString( GetModuleHandle(NULL), STRING_ERROR_LABEL, (LPTSTR) szMsg,RC_STRING_MAX_SIZE);
-                               _tprintf(szMsg);
+                               _tprintf("%s", szMsg);
                        }
                }
 
@@ -471,7 +471,7 @@ _tmain(int argc, TCHAR *argv[])
                                ((float)(LONGLONG)totalNumberOfBytes.QuadPart)/(float)(1024.0*1024.0));
                }
                LoadString( GetModuleHandle(NULL), STRING_CREATE_FSYS, (LPTSTR) szMsg,RC_STRING_MAX_SIZE);
-               _tprintf(szMsg);
+               _tprintf("%s", szMsg);
        }
 
        //
@@ -489,7 +489,7 @@ _tmain(int argc, TCHAR *argv[])
 #endif
        if( Error ) return -1;
        LoadString( GetModuleHandle(NULL), STRING_FMT_COMPLETE, (LPTSTR) szMsg,RC_STRING_MAX_SIZE);
-       _tprintf(szMsg);
+       _tprintf("%s", szMsg);
 
        //
        // Enable compression if desired
@@ -504,7 +504,7 @@ _tmain(int argc, TCHAR *argv[])
 #endif
 
                        LoadString( GetModuleHandle(NULL), STRING_VOL_COMPRESS, (LPTSTR) szMsg,RC_STRING_MAX_SIZE);
-                       _tprintf(szMsg);
+                       _tprintf("%s", szMsg);
                }
        }
 
@@ -514,7 +514,7 @@ _tmain(int argc, TCHAR *argv[])
        if( !GotALabel ) {
 
                LoadString( GetModuleHandle(NULL), STRING_ENTER_LABEL, (LPTSTR) szMsg,RC_STRING_MAX_SIZE);
-               _tprintf(szMsg);
+               _tprintf("%s", szMsg);
                _fgetts( input, sizeof(LabelString)/2, stdin );
 
                input[ _tcslen(input)-1] = 0;