1 diff --git a/src/rrd_graph.c b/src/rrd_graph.c
2 index 25ae485..e714e4f 100644
3 --- a/src/rrd_graph.c
4 +++ b/src/rrd_graph.c
5 @@ -4144,6 +4144,12 @@ rrd_info_t *rrd_graph_v(
6 char *path;
7 char *filename;
9 + if (bad_format_imginfo(im.imginfo)) {
10 + rrd_info_free(im.grinfo);
11 + im_free(&im);
12 + rrd_set_error("bad format for imginfo");
13 + return NULL;
14 + }
15 path = strdup(im.graphfile);
16 filename = basename(path);
17 info.u_str =
18 @@ -4961,6 +4967,51 @@ int bad_format(
19 }
22 +int bad_format_imginfo(
23 + char *fmt)
24 +{
25 + char *ptr;
26 + int n = 0;
27 +
28 + ptr = fmt;
29 + while (*ptr != '\0')
30 + if (*ptr++ == '%') {
31 +
32 + /* line cannot end with percent char */
33 + if (*ptr == '\0')
34 + return 1;
35 + /* '%%' is allowed */
36 + if (*ptr == '%')
37 + ptr++;
38 + /* '%s', '%S' are allowed */
39 + else if (*ptr == 's' || *ptr == 'S') {
40 + n = 1;
41 + ptr++;
42 + }
43 +
44 + /* or else '% 4lu' and such are allowed */
45 + else {
46 + /* optional padding character */
47 + if (*ptr == ' ')
48 + ptr++;
49 + /* This should take care of 'm' */
50 + while (*ptr >= '0' && *ptr <= '9')
51 + ptr++;
52 + /* 'lu' must follow here */
53 + if (*ptr++ != 'l')
54 + return 1;
55 + if (*ptr == 'u')
56 + ptr++;
57 + else
58 + return 1;
59 + n++;
60 + }
61 + }
62 +
63 + return (n != 3);
64 +}
65 +
66 +
67 int vdef_parse(
68 struct graph_desc_t
69 *gdes,