[tkreuzer] 47490: [FORMAT] Fix "potentially insecure" usage of non-string-literals in printf. - Ros-diffs

31 May 2010

Author: tkreuzer
Date: Mon May 31 15:56:29 2010
New Revision: 47490
URL: http://svn.reactos.org/svn/reactos?rev=47490&view=rev
Log:
[FORMAT]
Fix "potentially insecure" usage of non-string-literals in printf.
Modified:
    trunk/reactos/base/system/format/format.c
Modified: trunk/reactos/base/system/format/format.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/base/system/format/format.c...
==============================================================================

--- trunk/reactos/base/system/format/format.c [iso-8859-1] (original)
+++ trunk/reactos/base/system/format/format.c [iso-8859-1] Mon May 31 15:56:29 2010
@@ -185,7 +185,7 @@
    	if( *status == FALSE ) {
LoadString( GetModuleHandle(NULL), STRING_FORMAT_FAIL, (LPTSTR) szMsg,RC_STRING_MAX_SIZE);
-			_tprintf(szMsg);
+			_tprintf("%s", szMsg);
    		Error = TRUE;
    	}
    	break;
@@ -204,7 +204,7 @@
    case STRUCTUREPROGRESS:
    case CLUSTERSIZETOOSMALL:
    	LoadString( GetModuleHandle(NULL), STRING_NO_SUPPORT, (LPTSTR) szMsg,RC_STRING_MAX_SIZE);
-		_tprintf(szMsg);
+		_tprintf("%s", szMsg);
    	return FALSE;
    }
    return TRUE;
@@ -320,7 +320,7 @@
    //
    if( !LoadFMIFSEntryPoints()) {
    	LoadString( GetModuleHandle(NULL), STRING_FMIFS_FAIL, (LPTSTR) szMsg,RC_STRING_MAX_SIZE);
-		_tprintf(szMsg);
+		_tprintf("%s", szMsg);
    	return -1;
    }
@@ -422,7 +422,7 @@
    				break;
    			}
    			LoadString( GetModuleHandle(NULL), STRING_ERROR_LABEL, (LPTSTR) szMsg,RC_STRING_MAX_SIZE);
-				_tprintf(szMsg);
+				_tprintf("%s", szMsg);
    		}
    	}
@@ -471,7 +471,7 @@
    			((float)(LONGLONG)totalNumberOfBytes.QuadPart)/(float)(1024.0*1024.0));
    	}
    	LoadString( GetModuleHandle(NULL), STRING_CREATE_FSYS, (LPTSTR) szMsg,RC_STRING_MAX_SIZE);
-		_tprintf(szMsg);
+		_tprintf("%s", szMsg);
    }
//
@@ -489,7 +489,7 @@
 #endif
    if( Error ) return -1;
    LoadString( GetModuleHandle(NULL), STRING_FMT_COMPLETE, (LPTSTR) szMsg,RC_STRING_MAX_SIZE);
-	_tprintf(szMsg);
+	_tprintf("%s", szMsg);
//
    // Enable compression if desired
@@ -504,7 +504,7 @@
 #endif
LoadString( GetModuleHandle(NULL), STRING_VOL_COMPRESS, (LPTSTR) szMsg,RC_STRING_MAX_SIZE);
-			_tprintf(szMsg);
+			_tprintf("%s", szMsg);
    	}
    }
@@ -514,7 +514,7 @@
    if( !GotALabel ) {
LoadString( GetModuleHandle(NULL), STRING_ENTER_LABEL, (LPTSTR) szMsg,RC_STRING_MAX_SIZE);
-		_tprintf(szMsg);
+		_tprintf("%s", szMsg);
    	_fgetts( input, sizeof(LabelString)/2, stdin );
input[ _tcslen(input)-1] = 0;

    