Fix potential security flaws caused by uncontrolled format strings

Make sure format strings are string literals to avoid an uncontrolled format string situation.

r5dev/engine/sys_utils.cpp

@@ -93,7 +93,7 @@ void _Con_NPrintf(int pos, const char* fmt, ...)
 
 	g_pOverlay->m_nCon_NPrintf_Idx = pos;
 	snprintf(g_pOverlay->m_szCon_NPrintf_Buf,
-		sizeof(g_pOverlay->m_szCon_NPrintf_Buf), buf);
+		sizeof(g_pOverlay->m_szCon_NPrintf_Buf), "%s", buf);
 }
 #endif // !DEDICATED
 

r5dev/gameui/IBrowser.cpp

@@ -247,7 +247,7 @@ void CBrowser::BrowserPanel(void)
     }
 
     ImGui::EndGroup();
-    ImGui::TextColored(ImVec4(1.00f, 0.00f, 0.00f, 1.00f), m_svServerListMessage.c_str());
+    ImGui::TextColored(ImVec4(1.00f, 0.00f, 0.00f, 1.00f), "%s", m_svServerListMessage.c_str());
     ImGui::Separator();
 
     int iVars = 0; // Eliminate borders around server list table.
@@ -289,19 +289,19 @@ void CBrowser::BrowserPanel(void)
                 || m_imServerBrowserFilter.PassFilter(pszHostPort))
             {
                 ImGui::TableNextColumn();
-                ImGui::Text(pszHostName);
+                ImGui::Text("%s", pszHostName);
 
                 ImGui::TableNextColumn();
-                ImGui::Text(pszHostMap);
+                ImGui::Text("%s", pszHostMap);
 
                 ImGui::TableNextColumn();
-                ImGui::Text(pszPlaylist);
+                ImGui::Text("%s", pszPlaylist);
 
                 ImGui::TableNextColumn();
-                ImGui::Text(Format("%3d/%3d", strtol(server.m_svPlayerCount.c_str(), NULL, NULL), strtol(server.m_svMaxPlayers.c_str(), NULL, NULL)).c_str());
+                ImGui::Text("%s", Format("%3d/%3d", strtol(server.m_svPlayerCount.c_str(), NULL, NULL), strtol(server.m_svMaxPlayers.c_str(), NULL, NULL)).c_str());
 
                 ImGui::TableNextColumn();
-                ImGui::Text(pszHostPort);
+                ImGui::Text("%s", pszHostPort);
 
                 ImGui::TableNextColumn();
                 string svConnectBtn = "Connect##";
@@ -419,7 +419,7 @@ void CBrowser::HiddenServersModal(void)
 
         ImGui::Dummy(ImVec2(ImGui::GetWindowContentRegionWidth(), 19.f)); // Place a dummy, basically making space inserting a blank element.
 
-        ImGui::TextColored(m_ivHiddenServerMessageColor, m_svHiddenServerRequestMessage.c_str());
+        ImGui::TextColored(m_ivHiddenServerMessageColor, "%s", m_svHiddenServerRequestMessage.c_str());
         ImGui::Separator();
 
         if (ImGui::Button("Connect", ImVec2(ImGui::GetWindowContentRegionWidth(), 24)))
@@ -545,7 +545,7 @@ void CBrowser::HostPanel(void)
         g_pServerListManager->m_ServerVisibility = EServerVisibility_t::PUBLIC;
     }
 
-    ImGui::TextColored(m_HostRequestMessageColor, m_svHostRequestMessage.c_str());
+    ImGui::TextColored(m_HostRequestMessageColor, "%s", m_svHostRequestMessage.c_str());
     if (!m_svHostToken.empty())
     {
         ImGui::InputText("##ServerHost_HostToken", &m_svHostToken, ImGuiInputTextFlags_ReadOnly);

r5dev/gameui/IConsole.cpp

@@ -243,7 +243,7 @@ void CConsole::DrawSurface(void)
     m_Logger.m_itFilter.Draw("Filter | ", flFooterWidthReserve - 500);
 
     ImGui::SameLine();
-    ImGui::Text(m_szSummary);
+    ImGui::Text("%s", m_szSummary);
 
     ImGui::Separator();
 
@@ -406,7 +406,7 @@ void CConsole::SuggestPanel(void)
 
                     ImGui::Image(hintRes.m_idIcon, ImVec2(float(hintRes.m_nWidth), float(hintRes.m_nHeight)));
                     ImGui::SameLine();
-                    ImGui::Text(cvarInfo.m_pszDesc);
+                    ImGui::Text("%s", cvarInfo.m_pszDesc);
                 };
 
                 ImGui::BeginTooltip();