proc/alloc.c: Use vfprintf(), not fprintf().

This can disclose information from the stack, but is unlikely to have a
security impact in the context of the procps utilities:

user@debian:~$ w 2>&1 | xxd
00000000: a03c 79b7 1420 6661 696c 6564 2074 6f20  .<y.. failed to
00000010: 616c 6c6f 6361 7465 2033 3232 3137 3439  allocate 3221749
00000020: 3738 3020 6279 7465 7320 6f66 206d 656d  780 bytes of mem
00000030: 6f72 79                                  ory
This commit is contained in:
Qualys Security Advisory 1970-01-01 00:00:00 +00:00 committed by Craig Small
parent 7941bb512a
commit 98b79d1ef1

View File

@ -30,7 +30,7 @@ static void xdefault_error(const char *restrict fmts, ...) {
va_list va;
va_start(va, fmts);
fprintf(stderr, fmts, va);
vfprintf(stderr, fmts, va);
va_end(va);
}