From 30db6ce78e7c4b96b977320e4d16555a93401c8d Mon Sep 17 00:00:00 2001
From: "jan.nijtmans" <nijtmans@users.sourceforge.net>
Date: Tue, 22 Jun 2021 09:02:00 +0000
Subject: Fix [bad6cc213d]: A format string vulnerability in Tcl nmakehelp.c
 allows code execution via a crated file. Also change a memcpy() to a
 memmove(), because the range could be overlapping

---
 win/nmakehlp.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/win/nmakehlp.c b/win/nmakehlp.c
index 7536ede..4021346 100644
--- a/win/nmakehlp.c
+++ b/win/nmakehlp.c
@@ -537,7 +537,7 @@ GetVersionFromFile(
 		    ++q;
 		}
 
-		memcpy(szBuffer, p, q - p);
+		memmove(szBuffer, p, q - p);
 		szBuffer[q-p] = 0;
 		szResult = szBuffer;
 		break;
@@ -674,7 +674,7 @@ SubstituteFile(
 		    memcpy(szBuffer, szCopy, sizeof(szCopy));
 		}
 	    }
-	    printf(szBuffer);
+	    printf("%s", szBuffer);
 	}
 
 	list_free(&substPtr);
-- 
cgit v0.12