[vulnerability report]A Format string vulnerability #20
Description
There is something wrong with this line of code
`void Ui::MessageDialog(const std::string &message){
RedrawStatic();
Dot d=BoundingRect(message);
BorderedWindow w(d.y,d.x);
wattrset((WINDOW *)w,COLOR_PAIR(20));
mvwprintw(w,0,0,message.c_str());//format string vulnerability,when you input your name such as 123%253c%11$n
w.RedrawBorder();
wrefresh(w);
PrepareUiGetch();
int ch;
do{
ch=getch();
}
while(ch!=' ' && ch!=13); //13=return key!=KEY_ENTER, it seems
}`
mvwprintw is not safe。
You should restrict user input to prevent format string vulnerability.