From 48906a6d57fdc3c6fd2b6b9fe4c0e31dc225a058 Mon Sep 17 00:00:00 2001
From: Brad Fitzpatrick <bradfitz@golang.org>
Date: Mon, 14 Dec 2020 12:09:17 -0800
Subject: [PATCH] net/http/pprof: don't treat os.Args as format string in
 Cmdline handler

Found by @josharian running staticcheck against a fork of this code
elsewhere.

Change-Id: Ica8bae5df71adde1a71e541dd55b0b81b97b3baf
Reviewed-on: https://go-review.googlesource.com/c/go/+/277992
Reviewed-by: Josh Bleecher Snyder <josharian@gmail.com>
Reviewed-by: Ian Lance Taylor <iant@golang.org>
Trust: Josh Bleecher Snyder <josharian@gmail.com>
---
 src/net/http/pprof/pprof.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/net/http/pprof/pprof.go b/src/net/http/pprof/pprof.go
index 2bfcfb9545..5389a388c1 100644
--- a/src/net/http/pprof/pprof.go
+++ b/src/net/http/pprof/pprof.go
@@ -91,7 +91,7 @@ func init() {
 func Cmdline(w http.ResponseWriter, r *http.Request) {
 	w.Header().Set("X-Content-Type-Options", "nosniff")
 	w.Header().Set("Content-Type", "text/plain; charset=utf-8")
-	fmt.Fprintf(w, strings.Join(os.Args, "\x00"))
+	fmt.Fprint(w, strings.Join(os.Args, "\x00"))
 }
 
 func sleep(r *http.Request, d time.Duration) {
-- 
2.50.0