More format string warnings with possible format string vulnerability For https://bugzilla.gnome.org/show_bug.cgi?id=761029 adds a new xmlEscapeFormatString() function to escape composed format strings

commit: 502f6a6d08b08c04b3ddfb1cd21b2f699c1b7f5b [log] [tgz]
author: David Kilzer <ddkilzer@apple.com> Mon May 23 14:58:41 2016 +0800
committer: Daniel Veillard <veillard@redhat.com> Mon May 23 15:01:08 2016 +0800
tree: 9ede0ef8a1749b904548d702de77cb5292165ed6
parent: bdd66182ef53fe1f7209ab6535fda56366bd7ac9 [diff] [blame]
diff --git a/relaxng.c b/relaxng.c
index 345f354..56a3344 100644
--- a/relaxng.c
+++ b/relaxng.c

@@ -2215,7 +2215,8 @@
         snprintf(msg, 1000, "Unknown error code %d\n", err);
     }
     msg[1000 - 1] = 0;
-    return (xmlStrdup((xmlChar *) msg));
+    xmlChar *result = xmlCharStrdup(msg);
+    return (xmlEscapeFormatString(&result));
 }
 
 /**
commit	502f6a6d08b08c04b3ddfb1cd21b2f699c1b7f5b	[log] [tgz]
author	David Kilzer <ddkilzer@apple.com>	Mon May 23 14:58:41 2016 +0800
committer	Daniel Veillard <veillard@redhat.com>	Mon May 23 15:01:08 2016 +0800
tree	9ede0ef8a1749b904548d702de77cb5292165ed6
parent	bdd66182ef53fe1f7209ab6535fda56366bd7ac9 [diff] [blame]