render_bytes: avoid untaint by simply change the sprintf call

[pve-common.git] / src / PVE / CLIFormatter.pm

diff --git a/src/PVE/CLIFormatter.pm b/src/PVE/CLIFormatter.pm
index dfc3679ad0a9330d1fc17d954cdeca432b934300..47021800956a806904aec6d885aadb2804bc8fa1 100644 (file)
--- a/src/PVE/CLIFormatter.pm
+++ b/src/PVE/CLIFormatter.pm
@@ -76,8 +76,8 @@ sub render_bytes {
         $max_unit = int(log($value)/log(1024));
         $value /= 1024**($max_unit);
     }
-
-    return sprintf "%.2f $units[$max_unit]", $value;
+    my $unit = $units[$max_unit];
+    return sprintf "%.2f $unit", $value;
 }
 
 PVE::JSONSchema::register_renderer('bytes', \&render_bytes);