From 1f172c2a58c26ef8b26a1c2628fe306d9ba891b1 Mon Sep 17 00:00:00 2001
From: Antoine Fontaine <antoine.fontaine@epfl.ch>
Date: Wed, 14 Apr 2021 23:44:28 +0200
Subject: [PATCH 1/1] Fix possible security vulnerability and fatal error

---
 tools/heretic2/common/inout.c | 2 +-
 tools/quake2/common/inout.c   | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/tools/heretic2/common/inout.c b/tools/heretic2/common/inout.c
index e0c14841..b6d272ff 100644
--- a/tools/heretic2/common/inout.c
+++ b/tools/heretic2/common/inout.c
@@ -261,7 +261,7 @@ void FPrintf( int flag, char *buf ){
 	static qboolean bGotXML = false;
 	char level[2];
 
-	printf( buf );
+	printf( "%s", buf );
 
 	// the following part is XML stuff only.. but maybe we don't want that message to go down the XML pipe?
 	if ( flag == SYS_NOXML ) {
diff --git a/tools/quake2/common/inout.c b/tools/quake2/common/inout.c
index e0c14841..b6d272ff 100644
--- a/tools/quake2/common/inout.c
+++ b/tools/quake2/common/inout.c
@@ -261,7 +261,7 @@ void FPrintf( int flag, char *buf ){
 	static qboolean bGotXML = false;
 	char level[2];
 
-	printf( buf );
+	printf( "%s", buf );
 
 	// the following part is XML stuff only.. but maybe we don't want that message to go down the XML pipe?
 	if ( flag == SYS_NOXML ) {
-- 
2.39.2