Protect some printf-like calls in the pcl3 output device from spurious

format specifiers. This eliminates a security-related gcc warning.

Details:

I believe the previous code was actually safe. However, this approach is
more robust. If any of the string buffers passed to errprintf() happened
to contain a format specifier (like %d) an out of bounds stack reference
could result.

This allows the default build to complete with -Werror=format-security,
which the Mandriva linux distribution is reported to be using.

git-svn-id: http://svn.ghostscript.com/ghostscript/trunk@9460 a1074d23-0009-0410-80fe-cf8c14f379e6

2 files changed, 2 insertions, 2 deletions

diff --git a/gs/contrib/pcl3/eprn/gdeveprn.c b/gs/contrib/pcl3/eprn/gdeveprn.c
index bddb8e604..5f86f0ccb 100644
--- a/gs/contrib/pcl3/eprn/gdeveprn.c
+++ b/gs/contrib/pcl3/eprn/gdeveprn.c
@@ -314,7 +314,7 @@ static void print_flags(ms_MediaCode flags, const ms_Flag *user_flags)
   if (user_flags != NULL) {
     while (user_flags->code != ms_none) {
       if (user_flags->code & flags) {
-	errprintf(user_flags->name);
+	errprintf("%s", user_flags->name);
 	flags &= ~user_flags->code;
       }
       user_flags++;
diff --git a/gs/contrib/pcl3/src/gdevpcl3.c b/gs/contrib/pcl3/src/gdevpcl3.c
index 80a1be8b7..682244fe7 100644
--- a/gs/contrib/pcl3/src/gdevpcl3.c
+++ b/gs/contrib/pcl3/src/gdevpcl3.c
@@ -1315,7 +1315,7 @@ static int pcl3_open_device(gx_device *device)
 	"%s  page setup requested by the document as being for `",
 	epref, epref);
       if (ms_find_name_from_code(buffer, sizeof(buffer),
-	  dev->eprn.code, flag_description) == 0) eprintf(buffer);
+	  dev->eprn.code, flag_description) == 0) eprintf1("%s", buffer);
       else eprintf("UNKNOWN");	/* should never happen */
       eprintf3("' (%.0f x %.0f bp).\n"
 	"%s  The driver does not know how to do this in PCL.\n",