fixed used of uncontrolled format strings

lcn2 · lcn2 · commit c670fe28904f · 2026-02-09T17:46:42.000-08:00
Fixing code scan security bugs reported by: https://github.com/lcn2/rogue5.4/security/code-scanning/2 and: https://github.com/lcn2/rogue5.4/security/code-scanning/3
diff --git a/command.c b/command.c
@@ -287,7 +287,7 @@ command(void)
 		    else
 			after = FALSE;
 		when 'D': after = FALSE; discovered();
-		when CTRL('P'): after = FALSE; msg(huh);
+		when CTRL('P'): after = FALSE; msg("%s", huh);
 		when CTRL('R'):
 		    after = FALSE;
 		    clearok(curscr,TRUE);
diff --git a/wizard.c b/wizard.c
@@ -69,7 +69,7 @@ whatis(int insist, int type)
         when RING:
 	    set_know(obj, ring_info);
     }
-    msg(inv_name(obj, FALSE));
+    msg("%s", inv_name(obj, FALSE));
 }
 
 /*

Original file line number	Diff line number	Diff line change
`@@ -69,7 +69,7 @@ whatis(int insist, int type)`
`69`	`69`	`when RING:`
`70`	`70`	`set_know(obj, ring_info);`
`71`	`71`	`}`
`72`		`- msg(inv_name(obj, FALSE));`
	`72`	`+ msg("%s", inv_name(obj, FALSE));`
`73`	`73`	`}`
`74`	`74`
`75`	`75`	`/*`