Prevent environment variables and filenames from masquerading
as format strings for printf.
Reported-by: Asheesh Laroia <asheesh@xxxxxxxxxxx>
Signed-off-by: David Aguilar <davvid@xxxxxxxxx>
---
git-difftool--helper.sh | 2 +-
mergetools/p4merge | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/git-difftool--helper.sh b/git-difftool--helper.sh
index 3d0fe0c..b00ed95 100755
--- a/git-difftool--helper.sh
+++ b/git-difftool--helper.sh
@@ -40,7 +40,7 @@ launch_merge_tool () {
# the user with the real $MERGED name before launching $merge_tool.
if should_prompt
then
- printf "\nViewing: '$MERGED'\n"
+ printf "\nViewing: '%s'\n" "$MERGED"
if use_ext_cmd
then
printf "Launch '%s' [Y/n]: " \
diff --git a/mergetools/p4merge b/mergetools/p4merge
index 52f7c8f..8a36916 100644
--- a/mergetools/p4merge
+++ b/mergetools/p4merge
@@ -30,5 +30,5 @@ create_empty_file () {
empty_file="${TMPDIR:-/tmp}/git-difftool-p4merge-empty-file.$$"
>"$empty_file"
- printf "$empty_file"
+ printf "%s" "$empty_file"
}
--
1.8.1.3.696.gfd94e3d.dirty
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html