[vulnerability report]A Format string vulnerability

[ppcrab]

There is something wrong with this line of code `void Ui::MessageDialog(const std::string &message){ RedrawStatic();

Dot d=BoundingRect(message);

BorderedWindow w(d.y,d.x);
wattrset((WINDOW *)w,COLOR_PAIR(20));
mvwprintw(w,0,0,message.c_str());//format string vulnerability,when you input your name such as 123%253c%11$n
w.RedrawBorder();
wrefresh(w);
PrepareUiGetch();
int ch;
do{
  ch=getch();
}
while(ch!=' ' && ch!=13); //13=return key!=KEY_ENTER, it seems

}`

mvwprintw is not safe。 You should restrict user input to prevent format string vulnerability.