From bf83f06e61fe37fb9573bf3e218bb71a31450a22 Mon Sep 17 00:00:00 2001
From: Jelmer de Hen <18084450+jelmerdehen@users.noreply.github.com>
Date: Sun, 26 Apr 2026 04:04:13 +0200
Subject: [PATCH] fix(logid): pass error string as %s, not as format argument

When an unrecognized verbosity argument was supplied, e.what() (which
embeds the user-supplied string) was passed directly as the printf
format. Anyone able to invoke logid with arguments could read or
crash via format directives. Use a literal '%s' format string.
---
 src/logid/logid.cpp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/logid/logid.cpp b/src/logid/logid.cpp
index 42015354..b88b8056 100644
--- a/src/logid/logid.cpp
+++ b/src/logid/logid.cpp
@@ -93,7 +93,7 @@ void readCliOptions(const int argc, char** argv, CmdlineOptions& options) {
                             global_loglevel = DEBUG; // Assume debug verbosity
                             i--; // Go back to last argument to continue loop.
                         } else {
-                            logPrintf(WARN, e.what());
+                            logPrintf(WARN, "%s", e.what());
                             printf("Valid verbosity levels are: Debug, Info, "
                                    "Warn/Warning, or Error.\n");
                             exit(EXIT_FAILURE);