tmpdir.c: Don't pass unvetted strings as a format string.

Not actually a security problem because the temporary directory is
under the user's control, but it's still rather incompetent.  Sorry.

diff --git a/tmpdir.c b/tmpdir.c
index 0bf51d3a9c0551aaf2acd210271886cd31e1a138..bcebf8d067a2ca14037639512144cc8335dd8a9c 100644 (file)
--- a/tmpdir.c
+++ b/tmpdir.c
@@ -76,7 +76,7 @@ static void complain(const char *p, const char *msg, int err)
   if (!cp.cp_verbose) return;
   dstr_putf(&d, "Path: %s: %s", p, msg);
   if (err) dstr_putf(&d, ": %s", strerror(err));
-  moan(d.buf);
+  moan("%s", d.buf);
   dstr_destroy(&d);
 }