From 39cf51da9adfebd07ca8159e188bd37201ad5790 Mon Sep 17 00:00:00 2001 From: John Darrington Date: Sun, 9 Oct 2011 16:42:56 +0200 Subject: [PATCH] Fix potential problems with non-literal printf arguments. In a few places we were passing a constructed string to a printf-like function as its format argument. This could have been problematic if the constructed string had contained a % (for example due to that character occuring in a variable label). This change avoids those situations. --- src/data/ods-reader.c | 2 +- src/language/stats/mcnemar.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/data/ods-reader.c b/src/data/ods-reader.c index 9bbfb479..ea8b9ad5 100644 --- a/src/data/ods-reader.c +++ b/src/data/ods-reader.c @@ -127,7 +127,7 @@ ods_file_casereader_destroy (struct casereader *reader UNUSED, void *r_) xmlFreeTextReader (r->xtr); if ( ! ds_is_empty (&r->ods_errs)) - msg (ME, ds_cstr (&r->ods_errs)); + msg (ME, "%s", ds_cstr (&r->ods_errs)); ds_destroy (&r->ods_errs); diff --git a/src/language/stats/mcnemar.c b/src/language/stats/mcnemar.c index e26a3c1d..4f64bbb4 100644 --- a/src/language/stats/mcnemar.c +++ b/src/language/stats/mcnemar.c @@ -184,7 +184,7 @@ output_freq_table (variable_pair *vp, ds_put_cstr (&pair_name, " & "); ds_put_cstr (&pair_name, var_to_string ((*vp)[1])); - tab_title (table, ds_cstr (&pair_name)); + tab_title (table, "%s", ds_cstr (&pair_name)); ds_destroy (&pair_name); -- 2.30.2