From 9d5ed2f9efb7aebd7bb87221d59dfd4ea96a49d7 Mon Sep 17 00:00:00 2001
From: "Todd C. Miller" <Todd.Miller@sudo.ws>
Date: Sat, 17 Dec 2022 18:55:16 -0700
Subject: [PATCH] fmtstr: call va_arg() for %c when computing length. Even
 though we don't need to read the actual char to know its length, we do need
 to consume it to get the correct value for the next format.

---
 src/exec_preload.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/exec_preload.c b/src/exec_preload.c
index d90fc6322..f82de7ebe 100644
--- a/src/exec_preload.c
+++ b/src/exec_preload.c
@@ -63,8 +63,10 @@ fmtstr(sudo_alloc_fn_t alloc_fn, sudo_free_fn_t free_fn, const char *ofmt, ...)
     for (fmt = ofmt; *fmt != '\0'; ) {
 	if (fmt[0] == '%') {
 	    switch (fmt[1]) {
-	    case '%':
 	    case 'c':
+		(void)va_arg(ap, int);
+		FALLTHROUGH;
+	    case '%':
 		size++;
 		fmt += 2;
 		continue;