From f4ab2e63afa63a0f57c42eb8c4236fec91af6c12 Mon Sep 17 00:00:00 2001
From: zicodxx <zico@dxx-rebirth.com>
Date: Thu, 3 Jan 2013 17:30:42 +0100
Subject: [PATCH] Added dummy %s to prevent formatting untrusted literals -
 patch by Kp

---
 CHANGELOG.txt     |  1 +
 editor/medrobot.c |  4 ++--
 main/endlevel.c   |  2 +-
 main/fireball.c   |  2 +-
 main/gamecntl.c   |  6 +++---
 main/hostage.c    |  2 +-
 main/multi.c      | 12 ++++++------
 main/newdemo.c    |  2 +-
 main/powerup.c    |  2 +-
 main/wall.c       |  2 +-
 main/weapon.c     |  4 ++--
 ui/file.c         |  2 +-
 12 files changed, 21 insertions(+), 20 deletions(-)

diff --git a/CHANGELOG.txt b/CHANGELOG.txt
index 67e857ae5..e97588c30 100644
--- a/CHANGELOG.txt
+++ b/CHANGELOG.txt
@@ -17,6 +17,7 @@ medrobot.c: medrobot: avoid needless name copy - patch by Kp
 editor/centers.c, main/gamecntl.c, main/gamerend.c: Fixed argument specifier mismatches flagged by -Wformat - patch by Kp
 arch/ogl/gr.c, main/game.c: Moved screenshot message formating to HUD_init_message - patch by Kp (and me for non-OGL code ;))
 main/automap.c, main/credits.c, main/gamerend.c, main/gauges.c, main/hud.c, main/kmatrix.c, main/menu.c, main/newmenu.c, main/scores.c: Converted gr_printf to gr_string where needed - patch by Kp
+editor/medrobot.c, main/endlevel.c, main/fireball.c, main/gamecntl.c, main/hostage.c, main/multi.c, main/newdemo.c, main/powerup.c, main/wall.c, main/weapon.c, ui/file.c: Added dummy "%s" to prevent formatting untrusted literals - patch by Kp
 
 20121102
 --------
diff --git a/editor/medrobot.c b/editor/medrobot.c
index 65b102111..b7e0be1b9 100644
--- a/editor/medrobot.c
+++ b/editor/medrobot.c
@@ -673,8 +673,8 @@ int robot_dialog_handler(UI_DIALOG *dlg, d_event *event, robot_dialog *r)
 				break;
 		}
 
-		ui_dprintf_at( MainWindow, GOODY_X+108, GOODY_Y, type_text);
-		ui_dprintf_at( MainWindow, GOODY_X+108, GOODY_Y+24, id_text);
+		ui_dprintf_at( MainWindow, GOODY_X+108, GOODY_Y, "%s", type_text);
+		ui_dprintf_at( MainWindow, GOODY_X+108, GOODY_Y+24, "%s", id_text);
 		ui_dprintf_at( MainWindow, GOODY_X+108, GOODY_Y+48, "%i", Cur_goody_count);
 
 		if ( Cur_object_index > -1 )	{
diff --git a/main/endlevel.c b/main/endlevel.c
index fd038ec2f..b5774820d 100644
--- a/main/endlevel.c
+++ b/main/endlevel.c
@@ -426,7 +426,7 @@ void start_rendered_endlevel_sequence()
 
 	start_endlevel_flythrough(0,ConsoleObject,cur_fly_speed);		//initialize
 
-	HUD_init_message(HM_DEFAULT, TXT_EXIT_SEQUENCE );
+	HUD_init_message(HM_DEFAULT, "%s", TXT_EXIT_SEQUENCE );
 
 	outside_mine = ext_expl_playing = 0;
 
diff --git a/main/fireball.c b/main/fireball.c
index 5a099af11..fbcf1a0f2 100644
--- a/main/fireball.c
+++ b/main/fireball.c
@@ -188,7 +188,7 @@ object *object_create_explosion_sub(object *objp, short segnum, vms_vector * pos
 									for (i=0; i<count; i++)
 										strcat(ouch_str, "ouch! ");
 
-									buddy_message(ouch_str);
+									buddy_message("%s", ouch_str);
 								}
 								break;
 								}
diff --git a/main/gamecntl.c b/main/gamecntl.c
index d58126925..ca88e8cf0 100644
--- a/main/gamecntl.c
+++ b/main/gamecntl.c
@@ -1573,7 +1573,7 @@ int FinalCheats(int key)
 
 	if (cheat_codes[gotcha].stateptr == &cheats.wowie)
 	{
-		HUD_init_message(HM_DEFAULT, TXT_WOWIE_ZOWIE);
+		HUD_init_message(HM_DEFAULT, "%s", TXT_WOWIE_ZOWIE);
 
 		if (Piggy_hamfile_version < 3) // SHAREWARE
 		{
@@ -1609,7 +1609,7 @@ int FinalCheats(int key)
 
 	if (cheat_codes[gotcha].stateptr == &cheats.allkeys)
 	{
-		HUD_init_message(HM_DEFAULT, TXT_ALL_KEYS);
+		HUD_init_message(HM_DEFAULT, "%s", TXT_ALL_KEYS);
 		Players[Player_num].flags |= PLAYER_FLAGS_BLUE_KEY | PLAYER_FLAGS_RED_KEY | PLAYER_FLAGS_GOLD_KEY;
 	}
 
@@ -1631,7 +1631,7 @@ int FinalCheats(int key)
 
 	if (cheat_codes[gotcha].stateptr == &cheats.shields)
 	{
-		HUD_init_message(HM_DEFAULT, TXT_FULL_SHIELDS);
+		HUD_init_message(HM_DEFAULT, "%s", TXT_FULL_SHIELDS);
 		Players[Player_num].shields = MAX_SHIELDS;
 	}
 
diff --git a/main/hostage.c b/main/hostage.c
index e291af929..7606b1417 100644
--- a/main/hostage.c
+++ b/main/hostage.c
@@ -56,5 +56,5 @@ void hostage_rescue(int blah)
 	if (Newdemo_state != ND_STATE_PLAYBACK)
 		digi_play_sample(SOUND_HOSTAGE_RESCUED, F1_0);
 
-	HUD_init_message(HM_DEFAULT, TXT_HOSTAGE_RESCUED);
+	HUD_init_message(HM_DEFAULT, "%s", TXT_HOSTAGE_RESCUED);
 }
diff --git a/main/multi.c b/main/multi.c
index 4152454c2..04cbe4816 100644
--- a/main/multi.c
+++ b/main/multi.c
@@ -1182,7 +1182,7 @@ multi_message_feedback(void)
 
 		Assert(strlen(feedback_result) < 200);
 
-		HUD_init_message(HM_MULTI, feedback_result);
+		HUD_init_message(HM_MULTI, "%s", feedback_result);
 		//sprintf (temp,"%s",colon);
 		//sprintf (Network_message,"%s",temp);
 
@@ -1211,7 +1211,7 @@ multi_send_macro(int key)
 
 	if (!PlayerCfg.NetworkMessageMacro[key][0])
 	{
-		HUD_init_message(HM_MULTI, TXT_NO_MACRO);
+		HUD_init_message(HM_MULTI, "%s", TXT_NO_MACRO);
 		return;
 	}
 
@@ -1878,9 +1878,9 @@ void multi_do_controlcen_destroy(char *buf)
 			HUD_init_message(HM_MULTI, "%s %s", Players[who].callsign, TXT_HAS_DEST_CONTROL);
 		}
 		else if (who == Player_num)
-			HUD_init_message(HM_MULTI, TXT_YOU_DEST_CONTROL);
+			HUD_init_message(HM_MULTI, "%s", TXT_YOU_DEST_CONTROL);
 		else
-			HUD_init_message(HM_MULTI, TXT_CONTROL_DESTROYED);
+			HUD_init_message(HM_MULTI, "%s", TXT_CONTROL_DESTROYED);
 
 		if (objnum != -1)
 			net_destroy_controlcen(Objects+objnum);
@@ -2492,11 +2492,11 @@ void
 multi_send_destroy_controlcen(int objnum, int player)
 {
 	if (player == Player_num)
-		HUD_init_message(HM_MULTI, TXT_YOU_DEST_CONTROL);
+		HUD_init_message(HM_MULTI, "%s", TXT_YOU_DEST_CONTROL);
 	else if ((player > 0) && (player < N_players))
 		HUD_init_message(HM_MULTI, "%s %s", Players[player].callsign, TXT_HAS_DEST_CONTROL);
 	else
-		HUD_init_message(HM_MULTI, TXT_CONTROL_DESTROYED);
+		HUD_init_message(HM_MULTI, "%s", TXT_CONTROL_DESTROYED);
 
 	multibuf[0] = (char)MULTI_CONTROLCEN;
 	PUT_INTEL_SHORT(multibuf+1, objnum);
diff --git a/main/newdemo.c b/main/newdemo.c
index 7f10e5062..83c3530b7 100644
--- a/main/newdemo.c
+++ b/main/newdemo.c
@@ -2092,7 +2092,7 @@ int newdemo_read_frame_information(int rewrite)
 				break;
 			}
 			if (Newdemo_vcr_state != ND_STATE_PAUSED)
-				HUD_init_message( HM_DEFAULT, hud_msg );
+				HUD_init_message( HM_DEFAULT, "%s", hud_msg );
 			break;
 			}
 		case ND_EVENT_START_GUIDED:
diff --git a/main/powerup.c b/main/powerup.c
index 0a1b634fa..e323f8dbb 100644
--- a/main/powerup.c
+++ b/main/powerup.c
@@ -139,7 +139,7 @@ void powerup_basic(int redadd, int greenadd, int blueadd, int score, char *forma
 
 	PALETTE_FLASH_ADD(redadd,greenadd,blueadd);
 
-	HUD_init_message(HM_DEFAULT, text);
+	HUD_init_message(HM_DEFAULT, "%s", text);
 
 	add_points_to_score(score);
 
diff --git a/main/wall.c b/main/wall.c
index 79eeef261..d360b7557 100644
--- a/main/wall.c
+++ b/main/wall.c
@@ -1118,7 +1118,7 @@ int wall_hit_process(segment *seg, int side, fix damage, int playernum, object *
 		if ((w->flags & WALL_DOOR_LOCKED ) && !(special_boss_opening_allowed(seg-Segments, side)) ) {
 			if ( playernum==Player_num )
 				if (show_message)
-					HUD_init_message(HM_DEFAULT, TXT_CANT_OPEN_DOOR);
+					HUD_init_message(HM_DEFAULT, "%s", TXT_CANT_OPEN_DOOR);
 			return WHP_NO_KEY;
 		}
 		else {
diff --git a/main/weapon.c b/main/weapon.c
index 37626fe98..ea1c1d770 100644
--- a/main/weapon.c
+++ b/main/weapon.c
@@ -441,7 +441,7 @@ void auto_select_weapon(int weapon_type)
 				{
 					if (looped)
 					{
-						HUD_init_message(HM_DEFAULT, TXT_NO_PRIMARY);
+						HUD_init_message(HM_DEFAULT, "%s", TXT_NO_PRIMARY);
 						select_weapon(0, 0, 0, 1);
 						try_again = 0;
 						continue;
@@ -460,7 +460,7 @@ void auto_select_weapon(int weapon_type)
 				//	continue;
 
 				if (PlayerCfg.PrimaryOrder[cur_weapon] == Primary_weapon) {
-					HUD_init_message(HM_DEFAULT, TXT_NO_PRIMARY);
+					HUD_init_message(HM_DEFAULT, "%s", TXT_NO_PRIMARY);
 					select_weapon(0, 0, 0, 1);
 					try_again = 0;			// Tried all weapons!
 
diff --git a/ui/file.c b/ui/file.c
index 3dabe3f30..b54b4abb9 100644
--- a/ui/file.c
+++ b/ui/file.c
@@ -130,7 +130,7 @@ static int browser_handler(UI_DIALOG *dlg, d_event *event, browser *b)
 
 	if (event->type == EVENT_UI_DIALOG_DRAW)
 	{
-		ui_dprintf_at( dlg, 10, 5, b->message );
+		ui_dprintf_at( dlg, 10, 5, "%s", b->message );
 
 		ui_dprintf_at( dlg, 20, 32,"N&ame" );
 		ui_dprintf_at( dlg, 20, 86,"&Files" );