From 162b871682946169871db3622e156ef641c44bf2 Mon Sep 17 00:00:00 2001
From: Lukas Fleischer <calcurse@cryptocrack.de>
Date: Fri, 18 May 2012 08:36:43 +0200
Subject: src/notify.c: Fix printf() misuse

Make sure we actually copy the notification warning interval to the
correct buffer instead of printing it to stdout (using an arbitrary
format string). This makes sure the current warning interval is shown
when editing the field and also eliminates a potential format string
vulnerability.

Spotted with "-Wformat-nonliteral".

Signed-off-by: Lukas Fleischer <calcurse@cryptocrack.de>
---
 src/notify.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'src')

diff --git a/src/notify.c b/src/notify.c
index 188d92c..3ed53bf 100644
--- a/src/notify.c
+++ b/src/notify.c
@@ -777,7 +777,7 @@ notify_config_bar (void)
         case '4':
           status_mesg (count_str, "");
           pthread_mutex_lock (&nbar.mutex);
-          printf (buf, "%d", nbar.cntdwn);
+          snprintf (buf, BUFSIZ, "%d", nbar.cntdwn);
           pthread_mutex_unlock (&nbar.mutex);
           if (updatestring (win[STA].p, &buf, 0, 1) == 0 &&
               is_all_digit (buf) && atoi (buf) >= 0 && atoi (buf) <= DAYINSEC)
-- 
cgit v1.2.3-70-g09d2