From 9a4e0e4c856f32efff9442843bae2ca900fd8778 Mon Sep 17 00:00:00 2001
From: Wim Taymans <wtaymans@redhat.com>
Date: Wed, 29 Apr 2026 11:33:44 +0200
Subject: [PATCH] security: fix format string vulnerability in hook.h example
 code

Input Validation: Low

The documentation example code in hook.h passed the msg parameter
directly as the format string to printf() and fprintf(). If copied
by developers, this pattern creates a format string vulnerability
where specially crafted msg content with format specifiers (%x, %n,
etc.) could read/write memory. Use "%s" as the format string and
pass msg as a data argument instead.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 spa/include/spa/utils/hook.h | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/spa/include/spa/utils/hook.h b/spa/include/spa/utils/hook.h
index d0ae744c8..2f93537aa 100644
--- a/spa/include/spa/utils/hook.h
+++ b/spa/include/spa/utils/hook.h
@@ -89,10 +89,10 @@ extern "C" {
  * \code{.c}
  *
  * static void bar_stdout(struct foo *f, const char *msg) {
- *     printf(msg);
+ *     printf("%s", msg);
  * }
  * static void bar_stderr(struct foo *f, const char *msg) {
- *     fprintf(stderr, msg);
+ *     fprintf(stderr, "%s", msg);
  * }
  *
  * struct foo* get_foo_from_somewhere() {