From a779e9f27229a306585cc38b167a14dc7d4790a3 Mon Sep 17 00:00:00 2001
From: Simon McVittie <simon.mcvittie@collabora.co.uk>
Date: Fri, 7 Oct 2016 19:01:01 +0100
Subject: [PATCH 02/13] dbus_signature_validate: be sure to use a literal
 format string

This was not a security vulnerability because
_dbus_validity_to_error_message() doesn't return anything containing
"%", but the compiler can't know that.

Found by adding more _DBUS_GNUC_PRINTF attributes.

Signed-off-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
---
 dbus/dbus-signature.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/dbus/dbus-signature.c b/dbus/dbus-signature.c
index 6f1521b..ef9eca9 100644
--- a/dbus/dbus-signature.c
+++ b/dbus/dbus-signature.c
@@ -244,7 +244,8 @@ dbus_signature_validate (const char       *signature,
     return TRUE;
   else
     {
-      dbus_set_error (error, DBUS_ERROR_INVALID_SIGNATURE, _dbus_validity_to_error_message (reason));
+      dbus_set_error (error, DBUS_ERROR_INVALID_SIGNATURE, "%s",
+          _dbus_validity_to_error_message (reason));
       return FALSE;
     }
 }
-- 
2.9.3