Format string vulnerability

From Andrew Novocin