From: Reiner Herrmann <reiner@reiner-h.de>
Date: Sat, 16 Jul 2022 18:07:31 +0800
Subject: don't pass error message directly as format string to error()

Build fails with -Werror=format-security enabled, because no constant string
is passed as error string.
Passing a string based on user input (regex) directly as format string is
a security issue.
---
 src/filterdiff.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/filterdiff.c b/src/filterdiff.c
index 2870746..98f06dd 100644
--- a/src/filterdiff.c
+++ b/src/filterdiff.c
@@ -1355,7 +1355,7 @@ read_regex_file (const char *file)
 			char errstr[300];
 			regerror (err, &regex[num_regex - 1], errstr,
 				  sizeof (errstr));
-			error (EXIT_FAILURE, 0, errstr);
+			error (EXIT_FAILURE, 0, "%s", errstr);
 			exit (1);
 		}
 	}
@@ -1613,7 +1613,7 @@ int main (int argc, char *argv[])
 			char errstr[300];
 			regerror (err, &regex[num_regex - 1], errstr,
 				  sizeof (errstr));
-			error (EXIT_FAILURE, 0, errstr);
+			error (EXIT_FAILURE, 0, "%s", errstr);
 			exit (1);
 		}
 	}
