More format string warnings with possible format string vulnerability
For https://bugzilla.gnome.org/show_bug.cgi?id=761029
adds a new xmlEscapeFormatString() function to escape composed format
strings
diff --git a/relaxng.c b/relaxng.c
index 345f354..56a3344 100644
--- a/relaxng.c
+++ b/relaxng.c
@@ -2215,7 +2215,8 @@
snprintf(msg, 1000, "Unknown error code %d\n", err);
}
msg[1000 - 1] = 0;
- return (xmlStrdup((xmlChar *) msg));
+ xmlChar *result = xmlCharStrdup(msg);
+ return (xmlEscapeFormatString(&result));
}
/**