From: Rémi Denis-Courmont <rem@videolan.org>
Date: Tue, 2 Jan 2007 21:50:30 +0000 (+0000)
Subject: Fix a bunch of format string injection in VCDX and CDDA.
X-Git-Tag: 0.9.0-test0~8907
X-Git-Url: https://git.sesse.net/?a=commitdiff_plain;h=2f65bd42d2c22389b33982d0c1b62afc790b7941;p=vlc

Fix a bunch of format string injection in VCDX and CDDA.
Initially reported by Kevin Finisterre
---

diff --git a/modules/access/cdda/access.c b/modules/access/cdda/access.c
index 209e62b87f..b9963f7a42 100644
--- a/modules/access/cdda/access.c
+++ b/modules/access/cdda/access.c
@@ -92,17 +92,17 @@ cdio_log_handler( cdio_log_level_t level, const char message[] )
         case CDIO_LOG_DEBUG:
         case CDIO_LOG_INFO:
             if (p_cdda->i_debug & INPUT_DBG_CDIO)
-            msg_Dbg( p_cdda_input, message);
+            msg_Dbg( p_cdda_input, "%s", message);
             break;
         case CDIO_LOG_WARN:
-            msg_Warn( p_cdda_input, message);
+            msg_Warn( p_cdda_input, "%s", message);
             break;
         case CDIO_LOG_ERROR:
         case CDIO_LOG_ASSERT:
-            msg_Err( p_cdda_input, message);
+            msg_Err( p_cdda_input, "%s", message);
             break;
         default:
-            msg_Warn( p_cdda_input, message,
+            msg_Warn( p_cdda_input, "%s\n%s %d", message,
                     "the above message had unknown cdio log level",
                     level);
             break;
diff --git a/modules/access/vcdx/access.c b/modules/access/vcdx/access.c
index c8cb59126f..213c59cc26 100644
--- a/modules/access/vcdx/access.c
+++ b/modules/access/vcdx/access.c
@@ -91,17 +91,17 @@ cdio_log_handler (cdio_log_level_t level, const char message[])
   case CDIO_LOG_DEBUG:
   case CDIO_LOG_INFO:
     if (p_vcdplayer->i_debug & INPUT_DBG_CDIO)
-      msg_Dbg( p_vcd_access, message);
+      msg_Dbg( p_vcd_access, "%s", message);
     break;
   case CDIO_LOG_WARN:
-    msg_Warn( p_vcd_access, message);
+    msg_Warn( p_vcd_access, "%s", message);
     break;
   case CDIO_LOG_ERROR:
   case CDIO_LOG_ASSERT:
-    msg_Err( p_vcd_access, message);
+    msg_Err( p_vcd_access, "%s", message);
     break;
   default:
-    msg_Warn( p_vcd_access, message,
+    msg_Warn( p_vcd_access, "%s\n%s %d", message,
             _("The above message had unknown log level"),
             level);
   }
@@ -117,14 +117,14 @@ vcd_log_handler (vcd_log_level_t level, const char message[])
   case VCD_LOG_DEBUG:
   case VCD_LOG_INFO:
     if (p_vcdplayer->i_debug & INPUT_DBG_VCDINFO)
-      msg_Dbg( p_vcd_access, message);
+      msg_Dbg( p_vcd_access, "%s", message);
     break;
   case VCD_LOG_WARN:
-    msg_Warn( p_vcd_access, message);
+    msg_Warn( p_vcd_access, "%s", message);
     break;
   case VCD_LOG_ERROR:
   case VCD_LOG_ASSERT:
-    msg_Err( p_vcd_access, message);
+    msg_Err( p_vcd_access, "%s", message);
     break;
   default:
     msg_Warn( p_vcd_access, "%s\n%s %d", message,