fyb/calcurse-edge
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

src/notify.c: Fix printf() misuse

Browse Source 
Make sure we actually copy the notification warning interval to the
correct buffer instead of printing it to stdout (using an arbitrary
format string). This makes sure the current warning interval is shown
when editing the field and also eliminates a potential format string
vulnerability.

Spotted with "-Wformat-nonliteral".

Signed-off-by: Lukas Fleischer <calcurse@cryptocrack.de>
This commit is contained in:
Lukas Fleischer
2012-05-18 08:36:43 +02:00
parent 9a85b790aa
commit 162b871682
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/notify.c
View File

@@ -777,7 +777,7 @@ notify_config_bar (void)
case '4':
status_mesg (count_str, "");
pthread_mutex_lock (&nbar.mutex);
printf (buf, "%d", nbar.cntdwn);
snprintf (buf, BUFSIZ, "%d", nbar.cntdwn);
pthread_mutex_unlock (&nbar.mutex);
if (updatestring (win[STA].p, &buf, 0, 1) == 0 &&
is_all_digit (buf) && atoi (buf) >= 0 && atoi (buf) <= DAYINSEC)