fix dehydra warnings (some of which were dangerous pass-user-string-as-format-string vulnerabilities)

This was SVN commit r7177.

source/gui/CGUI.cpp

@@ -1052,7 +1052,7 @@ void CGUI::ReportParseError(const wchar_t* str, ...)
 	// Important, set ParseError to true
 	++m_Errors;
 
-	LOG(CLogger::Error, LOG_CATEGORY, buffer);
+	LOG(CLogger::Error, LOG_CATEGORY, L"%ls", buffer);
 }
 
 /**
@@ -1315,7 +1315,7 @@ void CGUI::Xeromyces_ReadObject(XMBElement Element, CXeromyces* pFile, IGUIObjec
 		// Try setting the value
 		if (object->SetSetting(pFile->GetAttributeString(attr.Name), CStr(attr.Value), true) != PSRETURN_OK)
 		{
-			ReportParseError(L"(object: %hs) Can't set \"%hs\" to \"%hs\"", object->GetPresentableName().c_str(), pFile->GetAttributeString(attr.Name).c_str(), attr.Value.c_str());
+			ReportParseError(L"(object: %hs) Can't set \"%hs\" to \"%ls\"", object->GetPresentableName().c_str(), pFile->GetAttributeString(attr.Name).c_str(), CStrW(attr.Value).c_str());
 
 			// This is not a fatal error
 		}
@@ -1445,7 +1445,7 @@ void CGUI::Xeromyces_ReadObject(XMBElement Element, CXeromyces* pFile, IGUIObjec
 	catch (PSERROR_GUI& e)
 	{
 		CStrW what(e.what());
-		ReportParseError(what.c_str());
+		ReportParseError(L"%ls", what.c_str());
 	}
 }
 

source/lib/app_hooks.cpp

@@ -67,7 +67,7 @@ static void def_translate_free(const wchar_t* UNUSED(text))
 
 static void def_log(const wchar_t* text)
 {
-	wprintf(text);
+	wprintf(L"%ls", text);
 }
 
 

source/lib/ogl.cpp

@@ -301,11 +301,7 @@ void ogl_WarnIfError()
 	}
 
 	if(error_enountered)
-	{
+		debug_printf(L"OpenGL error(s) occurred: %04x", (int)first_error);
-		wchar_t msg[64];
-		swprintf_s(msg, ARRAY_SIZE(msg), L"OpenGL error(s) occurred: %04x", (int)first_error);
-		debug_printf(msg);
-	}
 }
 #endif
 

source/lib/res/graphics/ogl_tex.cpp

@@ -485,7 +485,7 @@ static LibError OglTex_validate(const OglTex* ot)
 
 static LibError OglTex_to_string(const OglTex* ot, wchar_t* buf)
 {
-	swprintf_s(buf, H_STRING_LEN, L"OglTex id=%d flags=%x", ot->id, ot->flags);
+	swprintf_s(buf, H_STRING_LEN, L"OglTex id=%d flags=%lx", ot->id, ot->flags);
 	return INFO::OK;
 }
 

source/lib/res/sound/snd_mgr.cpp

@@ -275,7 +275,7 @@ static LibError alc_init()
 	// (e.g. DS3D, native, MMSYSTEM) - needed when reporting OpenAL bugs.
 	const char* dev_name = (const char*)alcGetString(alc_dev, ALC_DEVICE_SPECIFIER);
 	wchar_t buf[200];
-	swprintf_s(buf, ARRAY_SIZE(buf), L"SND| alc_init: success, using %s\n", dev_name);
+	swprintf_s(buf, ARRAY_SIZE(buf), L"SND| alc_init: success, using %hs\n", dev_name);
 	ah_log(buf);
 
 #if WIN_LOADLIBRARY_HACK

source/lib/sysdep/os/linux/ldbg.cpp

@@ -112,9 +112,9 @@ LibError debug_DumpStack(wchar_t* buf, size_t max_chars, void* UNUSED(context),
 		int len;
 		
 		if (debug_ResolveSymbol(bt[i], symbol, file, &line) == 0)
-			len = swprintf(bufpos, MAX_OUT_CHARS, L"(0x%08x) %ls:%d %ls\n", bt[i], file, line, symbol);
+			len = swprintf(bufpos, MAX_OUT_CHARS, L"(%p) %ls:%d %ls\n", bt[i], file, line, symbol);
 		else
-			len = swprintf(bufpos, MAX_OUT_CHARS, L"(0x%08x)\n", bt[i]);
+			len = swprintf(bufpos, MAX_OUT_CHARS, L"(%p)\n", bt[i]);
 		
 		if (len < 0)
 		{

source/network/NetLog.cpp

@@ -454,7 +454,7 @@ void CNetLogConsoleSink::Write( const CStr& message )
 	// Write message
 	if ( !message.empty() )
 	{	
-		g_Console->InsertMessage( message.FromUTF8().c_str() );
+		g_Console->InsertMessage( L"%ls", message.FromUTF8().c_str() );
 	}
 }
 

source/network/NetServer.cpp

@@ -913,7 +913,7 @@ void CNetServer::PlayerAttributeUpdate(
 
 	CNetServer* pServer = ( CNetServer* )pData;
 
-	g_Console->InsertMessage( L"PlayerAttributeUpdate(%d): %ls = \"%ls\"", pPlayer->GetPlayerID(), name.c_str(), newValue.c_str() );
+	g_Console->InsertMessage( L"PlayerAttributeUpdate(%ld): %ls = \"%ls\"", pPlayer->GetPlayerID(), name.c_str(), newValue.c_str() );
 
 	CPlayerConfigMessage* pNewMessage = new CPlayerConfigMessage;
 	if ( !pNewMessage ) return;

source/ps/CConsole.cpp

@@ -296,7 +296,7 @@ void CConsole::DrawHistory(void) {
 				glTranslatef(0.0f, -(float)m_iFontHeight, 0.0f);
 
 				glPushMatrix();
-					glwprintf(L"%ls", Iter->data());
+					glwprintf(L"%ls", Iter->c_str());
 				glPopMatrix();
 			}
 
@@ -458,7 +458,7 @@ void CConsole::InsertChar(const int szChar, const wchar_t cooked )
 						}
 						if(!bad)
 						{
-							SetBuffer(m_deqBufHistory.at(iHistoryPos).data());
+							SetBuffer(m_deqBufHistory.at(iHistoryPos).c_str());
 							return;
 						}
 					}
@@ -489,7 +489,7 @@ void CConsole::InsertChar(const int szChar, const wchar_t cooked )
 						}
 						if(!bad)
 						{
-							SetBuffer(m_deqBufHistory.at(iHistoryPos).data());
+							SetBuffer(L"%ls", m_deqBufHistory.at(iHistoryPos).c_str());
 							return;
 						}
 					}
@@ -664,7 +664,7 @@ void CConsole::ProcessBuffer(const wchar_t* szLine)
 			if (!m_mapFuncList.size()) InsertMessage(L"   (none registered)");
 
 			for (Iter = m_mapFuncList.begin(); Iter != m_mapFuncList.end(); Iter++)
-				InsertMessage(L"   \\%ls", Iter->first.data());
+				InsertMessage(L"   \\%ls", Iter->first.c_str());
 
 			InsertMessage(L"");
 		}

source/ps/GameSetup/GameSetup.cpp

@@ -962,11 +962,12 @@ void Init(const CmdLineArgs& args, int flags)
 	if(missing)
 	{
 		wchar_t buf[500];
-		const wchar_t* fmt =
+		swprintf_s(buf, ARRAY_SIZE(buf),
 			L"The %hs extension doesn't appear to be available on your computer."
 			L" The game may still work, though - you are welcome to try at your own risk."
-			L" If not or it doesn't look right, upgrade your graphics card.";
+			L" If not or it doesn't look right, upgrade your graphics card.",
-		swprintf_s(buf, ARRAY_SIZE(buf), fmt, missing);
+			missing
+		);
 		DEBUG_DISPLAY_ERROR(buf);
 		// TODO: i18n
 	}

source/ps/Interact.cpp

@@ -238,7 +238,7 @@ void CSelectedEntities::RenderOverlays()
 			glColor4f( 1.0f, 1.0f, 1.0f, 1.0f );
 			glTranslatef( x, g_Renderer.GetHeight() - y, 0.0f );
 			glScalef( 1.0f, -1.0f, 1.0f );
-			glwprintf( L"%d", (*it)->m_grouped );
+			glwprintf( L"%ld", (*it)->m_grouped );
 
 		}
 	}
@@ -262,7 +262,7 @@ void CSelectedEntities::RenderOverlays()
 			glColor4f( 1.0f, 1.0f, 1.0f, 0.5f );
 			glTranslatef( x, g_Renderer.GetHeight() - y, 0.0f );
 			glScalef( 1.0f, -1.0f, 1.0f );
-			glwprintf( L"%d", (*it)->m_grouped );
+			glwprintf( L"%ld", (*it)->m_grouped );
 		}
 
 		glDisable( GL_BLEND );

source/ps/scripting/JSCollection.h

@@ -263,7 +263,7 @@ template<typename T, JSClass* ScriptType> JSBool CJSCollection<T, ScriptType>::T
 		return( JS_FALSE ); // That's odd; we've lost the pointer.
 
 	wchar_t buffer[256];
-	int len = swprintf_s( buffer, ARRAY_SIZE(buffer), L"[object Collection: %s: %d members]", ScriptType->name, set->size() );
+	int len = swprintf_s( buffer, ARRAY_SIZE(buffer), L"[object Collection: %hs: %ld members]", ScriptType->name, set->size() );
 	buffer[255] = 0;
 	if (len < 0 || len > 255) len=255;
 	utf16string u16str(buffer, buffer+len);

source/scripting/ScriptGlue.cpp

@@ -117,7 +117,7 @@ JSBool WriteLog(JSContext* cx, JSObject*, uintN argc, jsval* argv, jsval* rval)
 		}
 	}
 
-	LOG(CLogger::Normal, LOG_CATEGORY, logMessage.c_str());
+	LOG(CLogger::Normal, LOG_CATEGORY, L"%ls", logMessage.c_str());
 
 	*rval = JSVAL_TRUE;
 	return JS_TRUE;

source/simulation/Projectile.cpp

@@ -227,7 +227,7 @@ JSBool CProjectile::Construct( JSContext* cx, JSObject* UNUSED(obj), uintN argc,
 
 fail:
 	*rval = JSVAL_NULL;
-	JS_ReportError( cx, err );
+	JS_ReportError( cx, "%s", err );
 	return( JS_TRUE );
 }
 

source/simulation/Technology.cpp

@@ -298,7 +298,7 @@ bool CTechnology::LoadElEffect( XMBElement effect, CXeromyces& XeroFile, const V
 				JSFunction* fn = JS_ValueToFunction( g_ScriptingHost.GetContext(), fnval );
 				if( !fn )
 				{
-					LOG(CLogger::Error, LOG_CATEGORY, L"CTechnology::LoadXml: Function does not exist for %hs in file %ls. Load failed.", funcName.c_str(), pathname.string().c_str() );
+					LOG(CLogger::Error, LOG_CATEGORY, L"CTechnology::LoadXml: Function does not exist for %ls in file %ls. Load failed.", CStrW(funcName).c_str(), pathname.string().c_str() );
 					return false;
 				}
 				m_effectFunction.SetFunction( fn );