-
It is not safe to ever use an arbitrary (possibly user supplied) string as part of the format for a *sprintf() call. For example: 1. Name a Bluetooth keyboard "%n%n%n%n%n%n%n%n" 2. Pair it with a computer running X and try to use it 3. X is not happy when trying to do the following in xf86-input-evdev: xf86IDrvMsg(pInfo, X_CONFIG, "Device: \"%s\"\n", device); because LogVHdrMessageVerb() has put the %n from the device name into a format string of the form: "evdev: %n%n%n%n%n%n%n%n: Device: \"%s\"\n" Instead, build up a log message in place by appending successive formatted strings by sncprintf'ing to the end of the previous. Signed-off-by: Daniel Kurtz <djkurtz@chromium.org> Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net> Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
c91d00e0