main/graphviz/CVE-2014-9157.patch


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21

https://github.com/ellson/graphviz/commit/99eda421f7ddc27b14e4ac1d2126e5fe41719081

--- ./lib/cgraph/scan.l.orig
+++ ./lib/cgraph/scan.l
@@ -209,6 +209,7 @@
 <hstring>([^><\n]*)		addstr(yytext);
 .						return (yytext[0]);
 %%
+ 
 void yyerror(char *str)
 {
 	unsigned char	xbuf[BUFSIZ];
@@ -225,7 +226,7 @@
 	agxbput (&xb, buf);
 	agxbput (&xb, yytext);
 	agxbput (&xb,"'\n");
-	agerr(AGERR,agxbuse(&xb));
+	agerr(AGERR, "%s", agxbuse(&xb));
 	agxbfree(&xb);
 }
 /* must be here to see flex's macro defns */