>From 2a247110eb4ec1828e844410dd83249bb5af1e1e Mon Sep 17 00:00:00 2001
From: Niko Tyni <ntyni@debian.org>
Date: Mon, 5 Mar 2012 22:13:56 +0200
Subject: [PATCH] Call croak() with a controlled format string

Bug-Debian: http://bugs.debian.org/661539
Bug: https://rt.cpan.org/Public/Bug/Display.html?id=75568

This fixes builds with -Werror=format-security.

The fatal error with an invalid offset contains a format string error
that could be triggered with a crafted magic line.

$ perl -MFile::MMagic::XS -e 'File::MMagic::XS->new->add_magic("%s%s%s%s")'
Segmentation fault (core dumped)
---
 src/perl-mmagic-xs.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/src/perl-mmagic-xs.c b/src/perl-mmagic-xs.c
index 019afb0..2af0d6e 100644
--- a/src/perl-mmagic-xs.c
+++ b/src/perl-mmagic-xs.c
@@ -927,7 +927,7 @@ fmm_parse_magic_line(PerlFMM *state, char *l, int lineno)
         err = newSVpvf(
             "fmm_parse_magic_line: offset %s invalid", l);
         FMM_SET_ERROR(state, err);
-        croak(SvPV_nolen(err));
+        croak("%s", SvPV_nolen(err));
     }
 
     l = t;
-- 
1.7.9.1