From 5ace9004d9b982ba8887df41139295792c130020 Mon Sep 17 00:00:00 2001
From: Corinna Vinschen <corinna@vinschen.de>
Date: Wed, 8 Aug 2018 10:39:45 +0200
Subject: [PATCH] newlib: wordexp: drop dangerous fprintf

wordexp uses fprintf in a dangerous way.  It uses an unchecked
input string as format string, rather than as parameter to a %s.
Replace fprintf with fputs.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
---
 newlib/libc/posix/wordexp.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/newlib/libc/posix/wordexp.c b/newlib/libc/posix/wordexp.c
index 3e90c3aee..dcda3d2f6 100644
--- a/newlib/libc/posix/wordexp.c
+++ b/newlib/libc/posix/wordexp.c
@@ -127,9 +127,9 @@ wordexp(const char *__restrict words, wordexp_t *__restrict pwordexp, int flags)
 
           if (flags & WRDE_SHOWERR)
             {
-              fprintf(stderr, tmp);
+              fputs(tmp, stderr);
               while(fgets(tmp, MAXLINELEN, f_err))
-                fprintf(stderr, tmp);
+                fputs(tmp, stderr);
             }
 
           goto cleanup;