From 42b528dec355fc70972d9358fd3aefa4928aaf2b Mon Sep 17 00:00:00 2001
From: SanyaSho <gamep8118@gmail.com>
Date: Tue, 16 Aug 2022 17:39:41 +0300
Subject: [PATCH] game: fixed a format string vulnerability in
 CDebugOverlay::Paint (ValveSoftware/source-sdk-2013#372)

---
 game/client/vgui_debugoverlaypanel.cpp | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/game/client/vgui_debugoverlaypanel.cpp b/game/client/vgui_debugoverlaypanel.cpp
index c3734147..db530617 100644
--- a/game/client/vgui_debugoverlaypanel.cpp
+++ b/game/client/vgui_debugoverlaypanel.cpp
@@ -125,20 +125,20 @@ void CDebugOverlay::Paint()
 
 			if (pCurrText->bUseOrigin)
 			{
-				if (!debugoverlay->ScreenPosition( pCurrText->origin, screenPos )) 
+				if (!debugoverlay->ScreenPosition( pCurrText->origin, screenPos ))
 				{
 					float xPos		= screenPos[0];
 					float yPos		= screenPos[1]+ (pCurrText->lineOffset*13); // Line spacing;
-					g_pMatSystemSurface->DrawColoredText( m_hFont, xPos, yPos, r, g, b, a, pCurrText->text );
+					g_pMatSystemSurface->DrawColoredText( m_hFont, xPos, yPos, r, g, b, a, "%s", pCurrText->text );
 				}
 			}
 			else
 			{
-				if (!debugoverlay->ScreenPosition( pCurrText->flXPos,pCurrText->flYPos, screenPos )) 
-				{	
+				if (!debugoverlay->ScreenPosition( pCurrText->flXPos,pCurrText->flYPos, screenPos ))
+				{
 					float xPos		= screenPos[0];
 					float yPos		= screenPos[1]+ (pCurrText->lineOffset*13); // Line spacing;
-					g_pMatSystemSurface->DrawColoredText( m_hFont, xPos, yPos, r, g, b, a, pCurrText->text );
+					g_pMatSystemSurface->DrawColoredText( m_hFont, xPos, yPos, r, g, b, a, "%s", pCurrText->text );
 				}
 			}
 		}