Another problem pointed out by clang

Using format specifiers without arguments in printf is still bad.

openbox/debug.c:105:18: warning: format string is not a string literal (potentially insecure)
    fprintf(out, log_domain);
                 ^~~~~~~~~~
openbox/debug.c:107:18: warning: format string is not a string literal (potentially insecure)
    fprintf(out, level);
                 ^~~~~
openbox/debug.c:109:18: warning: format string is not a string literal (potentially insecure)
    fprintf(out, message);
                 ^~~~~~~

diff --git a/openbox/debug.c b/openbox/debug.c
index 6b92c9e..db18784 100644 (file)
--- a/openbox/debug.c
+++ b/openbox/debug.c
@@ -102,11 +102,11 @@ void ob_debug_enable(ObDebugType type, gboolean enable)
 static inline void log_print(FILE *out, const gchar* log_domain,
                              const gchar *level, const gchar *message)
 {
-    fprintf(out, log_domain);
+    fprintf(out, "%s", log_domain);
     fprintf(out, "-");
-    fprintf(out, level);
+    fprintf(out, "%s", level);
     fprintf(out, ": ");
-    fprintf(out, message);
+    fprintf(out, "%s", message);
     fprintf(out, "\n");
     fflush(out);
 }