From a5c8e2676b94d2ea41b44b4e05943bee6459f337 Mon Sep 17 00:00:00 2001
From: Khem Raj <raj.khem@gmail.com>
Date: Sat, 30 Oct 2021 09:46:35 -0700
Subject: [PATCH] libsinsp: Fix a lot of -Werror=format-security errors with
 mvprintw/mvwprintw

In all these places a non-constant is used as a format string which
compiler complains about. Fix by using "%s" as format.

Upstream-Status: Pending

Signed-off-by: Khem Raj <raj.khem@gmail.com>
---
 userspace/libsinsp/cursescomponents.cpp |  4 ++--
 userspace/libsinsp/cursesspectro.cpp    |  2 +-
 userspace/libsinsp/cursestable.cpp      |  6 +++---
 userspace/libsinsp/cursesui.cpp         | 14 +++++++-------
 4 files changed, 13 insertions(+), 13 deletions(-)

diff --git a/userspace/libsinsp/cursescomponents.cpp b/userspace/libsinsp/cursescomponents.cpp
index 4003cb4e..372b4526 100644
--- a/userspace/libsinsp/cursescomponents.cpp
+++ b/userspace/libsinsp/cursescomponents.cpp
@@ -877,7 +877,7 @@ void curses_textbox::print_no_data()
 	string wstr = "No Data For This Selection";
 	mvprintw(m_parent->m_screenh / 2,
 		m_parent->m_screenw / 2 - wstr.size() / 2,
-		wstr.c_str());
+		"%s", wstr.c_str());
 
 	refresh();
 }
@@ -1100,7 +1100,7 @@ void curses_textbox::render()
 		attrset(m_parent->m_colors[sinsp_cursesui::LARGE_NUMBER]);
 		mvprintw(0,
 			m_parent->m_screenw / 2 - wstr.size() / 2,
-			wstr.c_str());
+			"%s", wstr.c_str());
 	}
 
 	//
diff --git a/userspace/libsinsp/cursesspectro.cpp b/userspace/libsinsp/cursesspectro.cpp
index 6858bc95..32012963 100644
--- a/userspace/libsinsp/cursesspectro.cpp
+++ b/userspace/libsinsp/cursesspectro.cpp
@@ -227,7 +227,7 @@ void curses_spectro::print_error(string wstr)
 	mvwprintw(m_tblwin, 
 		m_parent->m_screenh / 2,
 		m_parent->m_screenw / 2 - wstr.size() / 2, 
-		wstr.c_str());	
+		"%s", wstr.c_str());	
 }
 
 void curses_spectro::update_data(vector<sinsp_sample_row>* data, bool force_selection_change)
diff --git a/userspace/libsinsp/cursestable.cpp b/userspace/libsinsp/cursestable.cpp
index 69c2aa32..54667554 100644
--- a/userspace/libsinsp/cursestable.cpp
+++ b/userspace/libsinsp/cursestable.cpp
@@ -254,7 +254,7 @@ void curses_table::print_line_centered(string line, int32_t off)
 		mvwprintw(m_tblwin, 
 			m_parent->m_screenh / 2 + off,
 			m_parent->m_screenw / 2 - line.size() / 2, 
-			line.c_str());
+			"%s", line.c_str());
 	}
 	else
 	{
@@ -268,7 +268,7 @@ glogf("2, %d %s\n", spos, ss.c_str());
 			mvwprintw(m_tblwin, 
 				m_parent->m_screenh / 2 + off + j,
 				0,
-				ss.c_str());
+				"%s", ss.c_str());
 
 			spos += m_parent->m_screenw;
 			if(spos >= line.size())
@@ -328,7 +328,7 @@ void curses_table::print_error(string wstr)
 	mvwprintw(m_tblwin, 
 		m_parent->m_screenh / 2,
 		m_parent->m_screenw / 2 - wstr.size() / 2, 
-		wstr.c_str());	
+		"%s", wstr.c_str());	
 }
 
 void curses_table::render(bool data_changed)
diff --git a/userspace/libsinsp/cursesui.cpp b/userspace/libsinsp/cursesui.cpp
index 1eeb0864..69652edc 100644
--- a/userspace/libsinsp/cursesui.cpp
+++ b/userspace/libsinsp/cursesui.cpp
@@ -825,7 +825,7 @@ void sinsp_cursesui::render_header()
 		attrset(m_colors[sinsp_cursesui::LARGE_NUMBER]);
 		mvprintw(0,
 			m_screenw / 2 - wstr.size() / 2, 
-			wstr.c_str());	
+			"%s", wstr.c_str());	
 	}
 
 	//
@@ -1123,7 +1123,7 @@ void sinsp_cursesui::render_filtersearch_main_menu()
 
 		m_cursor_pos = cursor_pos;
 
-		mvprintw(m_screenh - 1, m_cursor_pos, str->c_str());
+		mvprintw(m_screenh - 1, m_cursor_pos, "%s", str->c_str());
 
 		m_cursor_pos += str->size();
 	}
@@ -2189,7 +2189,7 @@ void sinsp_cursesui::print_progress(double progress)
 	string wstr = "Processing File";
 	mvprintw(m_screenh / 2,
 		m_screenw / 2 - wstr.size() / 2, 
-		wstr.c_str());	
+		"%s", wstr.c_str());	
 
 	//
 	// Using sprintf because to_string doesn't support setting the precision 
@@ -2199,7 +2199,7 @@ void sinsp_cursesui::print_progress(double progress)
 	wstr = "Progress: " + string(numbuf);
 	mvprintw(m_screenh / 2 + 1,
 		m_screenw / 2 - wstr.size() / 2, 
-		wstr.c_str());
+		"%s", wstr.c_str());
 
 	refresh();
 }
@@ -2308,7 +2308,7 @@ sysdig_table_action sinsp_cursesui::handle_textbox_input(int ch)
 						attrset(m_colors[sinsp_cursesui::FAILED_SEARCH]);
 						mvprintw(m_screenh / 2,
 							m_screenw / 2 - wstr.size() / 2, 
-							wstr.c_str());	
+							"%s", wstr.c_str());	
 
 						//
 						// Restore the cursor
@@ -2363,7 +2363,7 @@ sysdig_table_action sinsp_cursesui::handle_textbox_input(int ch)
 
 					mvprintw(m_screenh / 2,
 						m_screenw / 2 - wstr.size() / 2, 
-						wstr.c_str());
+						"%s", wstr.c_str());
 
 					render();
 				}
@@ -2436,7 +2436,7 @@ sysdig_table_action sinsp_cursesui::handle_textbox_input(int ch)
 
 				mvprintw(m_screenh / 2,
 					m_screenw / 2 - wstr.size() / 2, 
-					wstr.c_str());
+					"%s", wstr.c_str());
 
 				render();
 			}
-- 
2.33.1