commit f52740e7eaead1170e20f25c7da79a98da97d6ff
author Pierre Ossman <ossman@cendio.se> Wed Apr 25 15:43:56 2012 +0000
committer Pierre Ossman <ossman@cendio.se> Wed Apr 25 15:43:56 2012 +0000
tree fd1cac9b31ea1e1498a1aee33606c18e09d16ee5
parent 33bead4a29a67d1d5ba0445647c330fd0bfae5eb

Make sure we're paranoid about accidentally feeding a format string.
Basic patch by Joachim Falk. Slightly improved before commit.


git-svn-id: svn://svn.code.sf.net/p/tigervnc/code/trunk@4900 3789f03b-4d11-0410-bbf8-ca57d06f2519

vncviewer/vncviewer.cxx

diff --git a/vncviewer/vncviewer.cxx b/vncviewer/vncviewer.cxx
index ff325d1..47fd551 100644
--- a/vncviewer/vncviewer.cxx
+++ b/vncviewer/vncviewer.cxx
@@ -69,7 +69,10 @@
 using namespace rfb;
 using namespace std;
 
-static char aboutText[1024];
+static const char aboutText[] = N_("TigerVNC Viewer %d-bit v%s (%s)\n"
+                                   "%s\n"
+                                   "Copyright (C) 1999-2011 TigerVNC Team and many others (see README.txt)\n"
+                                   "See http://www.tigervnc.org for information on TigerVNC.");
 extern const char* buildTime;
 
 static bool exitMainloop = false;
@@ -88,7 +91,8 @@
 void about_vncviewer()
 {
   fl_message_title(_("About TigerVNC Viewer"));
-  fl_message(aboutText);
+  fl_message(gettext(aboutText), (int)sizeof(size_t)*8,
+             PACKAGE_VERSION, __BUILD__, buildTime);
 }
 
 static void about_callback(Fl_Widget *widget, void *data)
@@ -267,11 +271,6 @@
   const char* vncServerName = NULL;
   UserDialog dlg;
 
-  const char englishAbout[] = N_("TigerVNC Viewer %d-bit v%s (%s)\n"
-                                 "%s\n"
-                                 "Copyright (C) 1999-2011 TigerVNC Team and many others (see README.txt)\n"
-                                 "See http://www.tigervnc.org for information on TigerVNC.");
-
   setlocale(LC_ALL, "");
   bindtextdomain(PACKAGE_NAME, LOCALE_DIR);
   textdomain(PACKAGE_NAME);
@@ -279,10 +278,10 @@
   rfb::SecurityClient::setDefaults();
 
   // Write about text to console, still using normal locale codeset
-  snprintf(aboutText, sizeof(aboutText),
-           gettext(englishAbout), (int)sizeof(size_t)*8, PACKAGE_VERSION,
-           __BUILD__, buildTime);
-  fprintf(stderr,"\n%s\n", aboutText);
+  fprintf(stderr,"\n");
+  fprintf(stderr, gettext(aboutText), (int)sizeof(size_t)*8,
+          PACKAGE_VERSION, __BUILD__, buildTime);
+  fprintf(stderr,"\n");
 
   // Set gettext codeset to what our GUI toolkit uses. Since we are
   // passing strings from strerror/gai_strerror to the GUI, these must
@@ -290,11 +289,6 @@
   bind_textdomain_codeset(PACKAGE_NAME, "UTF-8");
   bind_textdomain_codeset("libc", "UTF-8");
 
-  // Re-create the aboutText for the GUI, now using GUI codeset
-  snprintf(aboutText, sizeof(aboutText),
-           gettext(englishAbout), (int)sizeof(size_t)*8, PACKAGE_VERSION,
-           __BUILD__, buildTime);
-
   rfb::initStdIOLoggers();
   rfb::LogWriter::setLogParams("*:stderr:30");
 
@@ -376,7 +370,7 @@
   delete cc;
 
   if (exitError != NULL)
-    fl_alert(exitError);
+    fl_alert("%s", exitError);
 
   return 0;
 }