From b2c0ab41c085e2ebd42e2023d1d56959375fe08c Mon Sep 17 00:00:00 2001
From: samisalreadytaken <46823719+samisalreadytaken@users.noreply.github.com>
Date: Sat, 23 Oct 2021 18:45:05 +0300
Subject: [PATCH] Fix format string vulnerabilities

---
 sp/src/game/client/vgui_debugoverlaypanel.cpp       | 4 ++--
 sp/src/game/shared/mapbase/vscript_funcs_shared.cpp | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/sp/src/game/client/vgui_debugoverlaypanel.cpp b/sp/src/game/client/vgui_debugoverlaypanel.cpp
index c3734147..2460ffa0 100644
--- a/sp/src/game/client/vgui_debugoverlaypanel.cpp
+++ b/sp/src/game/client/vgui_debugoverlaypanel.cpp
@@ -129,7 +129,7 @@ void CDebugOverlay::Paint()
 				{
 					float xPos		= screenPos[0];
 					float yPos		= screenPos[1]+ (pCurrText->lineOffset*13); // Line spacing;
-					g_pMatSystemSurface->DrawColoredText( m_hFont, xPos, yPos, r, g, b, a, pCurrText->text );
+					g_pMatSystemSurface->DrawColoredText( m_hFont, xPos, yPos, r, g, b, a, "%s", pCurrText->text );
 				}
 			}
 			else
@@ -138,7 +138,7 @@ void CDebugOverlay::Paint()
 				{	
 					float xPos		= screenPos[0];
 					float yPos		= screenPos[1]+ (pCurrText->lineOffset*13); // Line spacing;
-					g_pMatSystemSurface->DrawColoredText( m_hFont, xPos, yPos, r, g, b, a, pCurrText->text );
+					g_pMatSystemSurface->DrawColoredText( m_hFont, xPos, yPos, r, g, b, a, "%s", pCurrText->text );
 				}
 			}
 		}
diff --git a/sp/src/game/shared/mapbase/vscript_funcs_shared.cpp b/sp/src/game/shared/mapbase/vscript_funcs_shared.cpp
index aab303d8..34729186 100644
--- a/sp/src/game/shared/mapbase/vscript_funcs_shared.cpp
+++ b/sp/src/game/shared/mapbase/vscript_funcs_shared.cpp
@@ -908,7 +908,7 @@ bool ScriptIsClient()
 // Notification printing on the right edge of the screen
 void NPrint( int pos, const char* fmt )
 {
-	engine->Con_NPrintf(pos, fmt);
+	engine->Con_NPrintf( pos, "%s", fmt );
 }
 
 void NXPrint( int pos, int r, int g, int b, bool fixed, float ftime, const char* fmt )
@@ -922,7 +922,7 @@ void NXPrint( int pos, int r, int g, int b, bool fixed, float ftime, const char*
 	info.color[2] = b / 255.f;
 	info.fixed_width_font = fixed;
 
-	engine->Con_NXPrintf( &info, fmt );
+	engine->Con_NXPrintf( &info, "%s", fmt );
 }
 
 static float IntervalPerTick()