From 162b871682946169871db3622e156ef641c44bf2 Mon Sep 17 00:00:00 2001 From: Lukas Fleischer Date: Fri, 18 May 2012 08:36:43 +0200 Subject: src/notify.c: Fix printf() misuse Make sure we actually copy the notification warning interval to the correct buffer instead of printing it to stdout (using an arbitrary format string). This makes sure the current warning interval is shown when editing the field and also eliminates a potential format string vulnerability. Spotted with "-Wformat-nonliteral". Signed-off-by: Lukas Fleischer --- src/notify.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src') diff --git a/src/notify.c b/src/notify.c index 188d92c..3ed53bf 100644 --- a/src/notify.c +++ b/src/notify.c @@ -777,7 +777,7 @@ notify_config_bar (void) case '4': status_mesg (count_str, ""); pthread_mutex_lock (&nbar.mutex); - printf (buf, "%d", nbar.cntdwn); + snprintf (buf, BUFSIZ, "%d", nbar.cntdwn); pthread_mutex_unlock (&nbar.mutex); if (updatestring (win[STA].p, &buf, 0, 1) == 0 && is_all_digit (buf) && atoi (buf) >= 0 && atoi (buf) <= DAYINSEC) -- cgit v1.2.3-70-g09d2