From 98b79d1ef1695ad0332203c9e15e0c2de2d7d0e9 Mon Sep 17 00:00:00 2001
From: Qualys Security Advisory <qsa@qualys.com>
Date: Thu, 1 Jan 1970 00:00:00 +0000
Subject: [PATCH] proc/alloc.c: Use vfprintf(), not fprintf().

This can disclose information from the stack, but is unlikely to have a
security impact in the context of the procps utilities:

user@debian:~$ w 2>&1 | xxd
00000000: a03c 79b7 1420 6661 696c 6564 2074 6f20  .<y.. failed to
00000010: 616c 6c6f 6361 7465 2033 3232 3137 3439  allocate 3221749
00000020: 3738 3020 6279 7465 7320 6f66 206d 656d  780 bytes of mem
00000030: 6f72 79                                  ory
---
 proc/alloc.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/proc/alloc.c b/proc/alloc.c
index 94af47f7..3cdb60fc 100644
--- a/proc/alloc.c
+++ b/proc/alloc.c
@@ -30,7 +30,7 @@ static void xdefault_error(const char *restrict fmts, ...) {
     va_list va;
 
     va_start(va, fmts);
-    fprintf(stderr, fmts, va);
+    vfprintf(stderr, fmts, va);
     va_end(va);
 }