Fix sprintf format vulnerability

Makefile

@@ -30,7 +30,7 @@ export INCLUDE := -I"$(shell pwd)/common"
 
 export ASFLAGS := -g -x assembler-with-cpp $(INCLUDE)
 export CFLAGS  := -DDBUILTS="\"$(DBUILTS)\"" -DDBUILTL="\"$(DBUILTL)\"" -DVERSION="\"$(VERSION)\"" -DFLAVOR="\"$(FLAVOR)\"" \
-                  -g -O2 -Wall -Wextra -Wpedantic -Wcast-align -Wno-main \
+                  -g -O2 -Wall -Wextra -Wpedantic -Wcast-align -Wformat=2 -Wno-main \
                   -fomit-frame-pointer -ffast-math -std=gnu11 \
                   -Wno-unused-function $(INCLUDE) -ffunction-sections -fdata-sections
 export LDFLAGS := -Tlink.ld -nostartfiles -Wl,--gc-sections,-z,max-page-size=512

arm9/source/common/ui.c

@@ -346,9 +346,9 @@ void TruncateString(char* dest, const char* orig, int nsize, int tpos) {
     if (nsize < 0) {
         return;
     } else if (nsize <= 3) {
-        snprintf(dest, nsize, orig);
+        snprintf(dest, nsize, "%s", orig);
     } else if (nsize >= osize) {
-        snprintf(dest, nsize + 1, orig);
+        snprintf(dest, nsize + 1, "%s", orig);
     } else {
         if (tpos + 3 > nsize) tpos = nsize - 3;
         snprintf(dest, nsize + 1, "%-.*s...%-.*s", tpos, orig, nsize - (3 + tpos), orig + osize - (nsize - (3 + tpos)));

arm9/source/filesys/fsdrive.c

@@ -89,7 +89,7 @@ bool GetRootDirContentsWorker(DirStruct* contents) {
         DirEntry* entry = &(contents->entry[n_entries]);
         if (!DriveType(drvnum[i])) continue; // drive not available
         memset(entry->path, 0x00, 64);
-        snprintf(entry->path + 0,  4, drvnum[i]);
+        snprintf(entry->path + 0,  4, "%s", drvnum[i]);
         if ((*(drvnum[i]) >= '7') && (*(drvnum[i]) <= '9') && !(GetMountState() & IMG_NAND)) // Drive 7...9 handling
             snprintf(entry->path + 4, 32, "[%s] %s", drvnum[i],
                 (*(drvnum[i]) == '7') ? "FAT IMAGE" :

arm9/source/filesys/fsutil.c

@@ -808,7 +808,7 @@ bool FileSelectorWorker(char* result, const char* text, const char* path, const
                 }
                 
                 char temp_str[256];
-                snprintf(temp_str, 256, entry->name);
+                snprintf(temp_str, 256, "%s", entry->name);
                 if (hide_ext && (entry->type == T_FILE)) {
                     char* dot = strrchr(temp_str, '.');
                     if (dot) *dot = '\0';
@@ -823,7 +823,7 @@ bool FileSelectorWorker(char* result, const char* text, const char* path, const
             
             const char* optionstr[_MAX_FS_OPT+1] = { NULL };
             for (u32 i = 0; i <= _MAX_FS_OPT; i++) optionstr[i] = opt_names[i];
-            u32 user_select = ShowSelectPrompt(n_opt, optionstr, text);
+            u32 user_select = ShowSelectPrompt(n_opt, optionstr, "%s", text);
             if (!user_select) return false;
             DirEntry* res_local = res_entry[user_select-1];
             if (res_local && (res_local->type == T_DIR)) { // selected dir

arm9/source/godmode.c

@@ -161,7 +161,7 @@ void DrawTopBar(const char* curr_path) {
     DrawRectangle(TOP_SCREEN, 0, 0, SCREEN_WIDTH_TOP, 12, COLOR_TOP_BAR);
     if (*curr_path) TruncateString(tempstr, curr_path, len_path / FONT_WIDTH_EXT, 8);
     else snprintf(tempstr, 16, "[root]");
-    DrawStringF(TOP_SCREEN, bartxt_x, bartxt_start, COLOR_STD_BG, COLOR_TOP_BAR, tempstr);
+    DrawStringF(TOP_SCREEN, bartxt_x, bartxt_start, COLOR_STD_BG, COLOR_TOP_BAR, "%s", tempstr);
     bool show_time = true;
     
     #ifdef SHOW_FREE
@@ -261,10 +261,10 @@ void DrawUserInterface(const char* curr_path, DirEntry* curr_entry, u32 curr_pan
         strncpy(dirstr, curr_entry->path, 256);
         *(strrchr(dirstr, '/')+1) = '\0';
         ResizeString(tempstr, dirstr, len_info / FONT_WIDTH_EXT, 8, false);
-        DrawStringF(MAIN_SCREEN, 4, info_start + 12 + 10 + 10, color_current, COLOR_STD_BG, tempstr);
+        DrawStringF(MAIN_SCREEN, 4, info_start + 12 + 10 + 10, color_current, COLOR_STD_BG, "%s", tempstr);
     } else {
         ResizeString(tempstr, "", len_info / FONT_WIDTH_EXT, 8, false);
-        DrawStringF(MAIN_SCREEN, 4, info_start + 12 + 10 + 10, color_current, COLOR_STD_BG, tempstr);
+        DrawStringF(MAIN_SCREEN, 4, info_start + 12 + 10 + 10, color_current, COLOR_STD_BG, "%s", tempstr);
     }
     
     // right top - clipboard
@@ -273,7 +273,7 @@ void DrawUserInterface(const char* curr_path, DirEntry* curr_entry, u32 curr_pan
     for (u32 c = 0; c < n_cb_show; c++) {
         u32 color_cb = COLOR_ENTRY(&(clipboard->entry[c]));
         ResizeString(tempstr, (clipboard->n_entries > c) ? clipboard->entry[c].name : "", len_info / FONT_WIDTH_EXT, 8, true);
-        DrawStringF(MAIN_SCREEN, SCREEN_WIDTH_MAIN - len_info - 4, info_start + 12 + (c*10), color_cb, COLOR_STD_BG, tempstr);
+        DrawStringF(MAIN_SCREEN, SCREEN_WIDTH_MAIN - len_info - 4, info_start + 12 + (c*10), color_cb, COLOR_STD_BG, "%s", tempstr);
     }
     *tempstr = '\0';
     if (clipboard->n_entries > n_cb_show) snprintf(tempstr, 60, "+ %lu more", clipboard->n_entries - n_cb_show);
@@ -1567,7 +1567,7 @@ u32 FileHandlerMenu(char* current_path, u32* cursor, u32* scroll, PaneData** pan
             optionstr[n_opt] = "EmuNAND H&S inject";
             destdrv[n_opt++] = "4:";
         }
-        user_select = (n_opt > 1) ? (int) ShowSelectPrompt(n_opt, optionstr, pathstr) : n_opt;
+        user_select = (n_opt > 1) ? (int) ShowSelectPrompt(n_opt, optionstr, "%s", pathstr) : n_opt;
         if (user_select) {
             ShowPrompt(false, "%s\nH&S inject %s", pathstr,
                 (InjectHealthAndSafety(file_path, destdrv[user_select-1]) == 0) ? "success" : "failed");
@@ -1633,7 +1633,7 @@ u32 FileHandlerMenu(char* current_path, u32* cursor, u32* scroll, PaneData** pan
             destdrv[n_opt++] = "4:";
         }
         if (n_opt) {
-            user_select = (n_opt > 1) ? (int) ShowSelectPrompt(n_opt, optionstr, pathstr) : 1;
+            user_select = (n_opt > 1) ? (int) ShowSelectPrompt(n_opt, optionstr, "%s", pathstr) : 1;
             if (user_select) {
                 ShowPrompt(false, "%s\nCTRNAND transfer %s", pathstr,
                     (TransferCtrNandImage(file_path, destdrv[user_select-1]) == 0) ? "success" : "failed");
@@ -2157,7 +2157,7 @@ u32 GodMode(int entrypoint) {
                     const char* optionstr[2] = { "Open this folder", "Open containing folder" };
                     char pathstr[32 + 1];
                     TruncateString(pathstr, curr_entry->path, 32, 8);
-                    user_select = ShowSelectPrompt(2, optionstr, pathstr);
+                    user_select = ShowSelectPrompt(2, optionstr, "%s", pathstr);
                 }
                 if (user_select) {
                     strncpy(current_path, curr_entry->path, 256);
@@ -2323,7 +2323,7 @@ u32 GodMode(int entrypoint) {
                     snprintf(promptstr, 64, "Paste \"%s\" here?", namestr);
                 } else snprintf(promptstr, 64, "Paste %lu paths here?", clipboard->n_entries);
                 user_select = ((DriveType(clipboard->entry[0].path) & curr_drvtype & DRV_STDFAT)) ?
-                    ShowSelectPrompt(2, optionstr, promptstr) : (ShowPrompt(true, promptstr) ? 1 : 0);
+                    ShowSelectPrompt(2, optionstr, "%s", promptstr) : (ShowPrompt(true, "%s", promptstr) ? 1 : 0);
                 if (user_select) {
                     for (u32 c = 0; c < clipboard->n_entries; c++) {
                         char namestr[36+1];
@@ -2354,7 +2354,7 @@ u32 GodMode(int entrypoint) {
                 char newname[256];
                 char namestr[20+1];
                 TruncateString(namestr, curr_entry->name, 20, 12);
-                snprintf(newname, 255, curr_entry->name);
+                snprintf(newname, 255, "%s", curr_entry->name);
                 if (ShowStringPrompt(newname, 256, "Rename %s?\nEnter new name below.", namestr)) {
                     if (!PathRename(curr_entry->path, newname))
                         ShowPrompt(false, "Failed renaming path:\n%s", namestr);

arm9/source/utils/scripting.c

@@ -718,8 +718,8 @@ bool for_handler(char* path, const char* dir, const char* pattern, bool recursiv
     }
     
     if (dir) { // open a dir
-        snprintf(lpattern, 64, pattern);
-        snprintf(ldir, 256, dir);
+        snprintf(lpattern, 64, "%s", pattern);
+        snprintf(ldir, 256, "%s", dir);
         if (dp) return false; // <- this should never happen
         if (fvx_opendir(&fdir[0], dir) != FR_OK)
             return false;
@@ -1805,7 +1805,7 @@ bool ExecuteGM9Script(const char* path_script) {
                         free(bitmap);
                     } else {
                         if (strncmp(preview_str, "off", _VAR_CNT_LEN) == 0) preview_str = "(preview disabled)";
-                        DrawStringCenter(TOP_SCREEN, COLOR_STD_FONT, COLOR_STD_BG, preview_str);
+                        DrawStringCenter(TOP_SCREEN, COLOR_STD_FONT, COLOR_STD_BG, "%s", preview_str);
                     }
 
                     preview_mode = 0;
@@ -1874,7 +1874,7 @@ bool ExecuteGM9Script(const char* path_script) {
             if (!(flags & _FLG('s'))) { // not silent
                 if (!*err_str) {
                     char* msg_fail = get_var("ERRORMSG", NULL);
-                    if (msg_fail && *msg_fail) ShowPrompt(false, msg_fail);
+                    if (msg_fail && *msg_fail) ShowPrompt(false, "%s", msg_fail);
                     else snprintf(err_str, _ERR_STR_LEN, "error message fail");
                 }
                 if (*err_str) {
@@ -1926,7 +1926,7 @@ bool ExecuteGM9Script(const char* path_script) {
     
     if (result) { // success message if applicable
         char* msg_okay = get_var("SUCCESSMSG", NULL);
-        if (msg_okay && *msg_okay) ShowPrompt(false, msg_okay);
+        if (msg_okay && *msg_okay) ShowPrompt(false, "%s", msg_okay);
     }