Skip to content

Commit 6585be5

Browse files
caffineehackercaffineehacker
committed
[Fix] Update fprintf, sprintf, and printf to avoid a security warning when compiling with GCC.
Security warning complains about a variable being used for the format string since it could contain format parameters which would cause bad reads. Fix is simply to provide "%s" as the format string and the original argument as a parameter.
1 parent c884a9c commit 6585be5

File tree

3 files changed

+11
-11
lines changed

3 files changed

+11
-11
lines changed

probdist/gofw.c

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -83,7 +83,7 @@ static void printMath2 (FILE * f, double x, double y)
8383
} else {
8484
sprintf (S, "%16.8g", x);
8585
}
86-
fprintf (f, S);
86+
fprintf (f, "%s", S);
8787
fprintf (f, ", ");
8888

8989
if (y != 0.0 && (y < 0.1 || y > 1.0)) {
@@ -93,7 +93,7 @@ static void printMath2 (FILE * f, double x, double y)
9393
} else {
9494
sprintf (S, "%16.8g", y);
9595
}
96-
fprintf (f, S);
96+
fprintf (f, "%s", S);
9797
fprintf (f, " }");
9898
}
9999

@@ -613,7 +613,7 @@ void gofw_WriteActiveTests2 (long N, gofw_TestArray sVal,
613613
{
614614
printf ("\n-----------------------------------------------\n");
615615
if (N == 1) {
616-
printf (S);
616+
printf ("%s", S);
617617
gofw_Writep2 (sVal[gofw_Mean], pVal[gofw_Mean]);
618618
} else {
619619
gofw_WriteActiveTests0 (N, sVal, pVal);

testu01/scatter.c

Lines changed: 6 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -412,7 +412,7 @@ static void BottomGraphTex (
412412
/* Replace the _ in the generator name by \_ for Latex */
413413
mystr_Subst (Title, "_", "\\_");
414414
mystr_Subst (Title, "01_", "01\\_");
415-
fprintf (f, Title);
415+
fprintf (f, "%s", Title);
416416

417417
fprintf (f, "\n\nHypercube in %1d dimensions.\\\\\n", scatter_t);
418418
fprintf (f, " Over = ");
@@ -543,16 +543,16 @@ static void HeadGraphGnu (
543543
*p = '\0';
544544
len = strlen (q);
545545
if (len > 0) {
546-
fprintf (f, q);
546+
fprintf (f, "%s", q);
547547
fprintf (f, ";\\n");
548548
}
549549
p++;
550550
q = p;
551551
p = strchr (q, '\n');
552552
}
553-
fprintf (f, q);
553+
fprintf (f, "%s", q);
554554
} else
555-
fprintf (f, Title);
555+
fprintf (f, "%s", Title);
556556

557557
fprintf (f, ";\\n N = %1ld", scatter_N);
558558
fprintf (f, "; t = %1d", scatter_t);
@@ -582,14 +582,14 @@ static void HeadGraphGnu (
582582
strcat (Nout3, ".ps");
583583
/* Postscript file for figure */
584584
fprintf (f, "set output \"");
585-
fprintf (f, Nout3);
585+
fprintf (f, "%s", Nout3);
586586
fprintf (f, "\"\nset term postscript");
587587
} else if (scatter_Output == scatter_gnu_term) {
588588
fprintf (f, "set output\n");
589589
fprintf (f, "set term x11");
590590
}
591591
fprintf (f, "\nplot \"");
592-
fprintf (f, Nout2);
592+
fprintf (f, "%s", Nout2);
593593
fprintf (f, "\"\n");
594594
if (scatter_Output == scatter_gnu_term) {
595595
fprintf (f, "pause -1 \"Hit return to continue \"\n");

testu01/swrite.c

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -136,7 +136,7 @@ void swrite_Chi2SumTest (long N, sres_Chi2 *res)
136136
return;
137137
printf ("Test on the sum of all N observations\n");
138138
swrite_AddStrChi (str, LENGTH, N*res->degFree);
139-
printf (str);
139+
printf ("%s", str);
140140
gofw_Writep2 (res->sVal2[gofw_Sum], res->pVal2[gofw_Sum]);
141141
}
142142

@@ -150,7 +150,7 @@ void swrite_Chi2SumTestb (long N, double sval, double pval, long degFree)
150150
return;
151151
printf ("Test on the sum of all N observations\n");
152152
swrite_AddStrChi (str, LENGTH, N*degFree);
153-
printf (str);
153+
printf ("%s", str);
154154
gofw_Writep2 (sval, pval);
155155
}
156156

0 commit comments

Comments
 (0)