From: Christian Weisgerber <naddy@mips.inka.de>
Subject: Only use string literals as format strings for dprintf()
To: gameoftrees@openbsd.org
Date: Thu, 10 Sep 2020 20:29:15 +0200

Only use string literals as format strings for dprintf().

Due to a missing function prototype annotation in stdio.h, the
compiler on OpenBSD has failed to warn about this:

got.c:502:14: warning: format string is not a string literal (potentially insecu
re) [-Wformat-security]
        dprintf(fd, initial_content);
                    ^~~~~~~~~~~~~~~
got.c:502:14: note: treat the string as an argument to avoid this
        dprintf(fd, initial_content);
                    ^
                    "%s", 

OK?

diff 3168e5da215c7b442d231f40bfd61df067505d8b /home/naddy/got
blob - 3a7013aa09b5952fd99ebb4cbf7e06235e769d42
file + got/got.c
--- got/got.c
+++ got/got.c
@@ -499,7 +499,7 @@ collect_import_msg(char **logmsg, char **logmsg_path, 
 	if (err)
 		goto done;
 
-	dprintf(fd, initial_content);
+	dprintf(fd, "%s", initial_content);
 	close(fd);
 
 	err = edit_logmsg(logmsg, editor, *logmsg_path, initial_content);
@@ -5660,7 +5660,7 @@ get_tag_message(char **tagmsg, char **tagmsg_path, con
 	if (err)
 		goto done;
 
-	dprintf(fd, initial_content);
+	dprintf(fd, "%s", initial_content);
 	close(fd);
 
 	err = get_editor(&editor);
@@ -6530,7 +6530,7 @@ collect_commit_logmsg(struct got_pathlist_head *commit
 	if (err)
 		goto done;
 
-	dprintf(fd, initial_content);
+	dprintf(fd, "%s", initial_content);
 
 	TAILQ_FOREACH(pe, commitable_paths, entry) {
 		struct got_commitable *ct = pe->data;
@@ -7763,7 +7763,7 @@ histedit_edit_logmsg(struct got_histedit_list_entry *h
 	if (err)
 		goto done;
 
-	dprintf(fd, logmsg);
+	dprintf(fd, "%s", logmsg);
 	close(fd);
 
 	err = get_editor(&editor);
-- 
Christian "naddy" Weisgerber                          naddy@mips.inka.de