Fix agerr() format string issue in chkNum()

Commit 99eda421 fixed agerr() format string issue in yyerror(), but the same fix is also needed for chkNum(). In chkNum(), format string can be injected at least via malicious file name: $ cat fs4-%n%s%s%s%s%s%s.dot graph G { a [ weight = 0g ] } $ dot fs4-%n%s%s%s%s%s%s.dot Warning: *** %n in writable segment detected *** Aborted

Fix agerr() format string issue in chkNum()
495f781f · Tomas Hoger · 31158b1b · 495f781f
Commit 495f781f authored 9 years ago by Tomas Hoger
--- a/lib/cgraph/scan.l
+++ b/lib/cgraph/scan.l
@@ -165,7 +165,7 @@ static int chkNum(void) {
 	agxbput(&xb,buf);
 	agxbput(&xb,fname);
 	agxbput(&xb, " splits into two tokens\n");
-	agerr(AGWARN,agxbuse(&xb));
+	agerr(AGWARN, "%s", agxbuse(&xb));

 	agxbfree(&xb);
 	return 1;