This leaves one snprintf %n which is inside "#ifdef APPLE" and two
scanf(%n) which are all ignorable.
tests/oks?
Index: Makefile
===================================================================
RCS file: /cvs/ports/devel/adb/Makefile,v
retrieving revision 1.3
diff -u -p -r1.3 Makefile
--- Makefile 17 Jul 2019 14:49:20 -0000 1.3
+++ Makefile 12 Sep 2021 22:02:59 -0000
@@ -5,7 +5,7 @@ COMMENT = Android Debug Bridge
V = 5.1.1_r4
DISTNAME = adb-${V}
PKGNAME = ${DISTNAME:S/_r/./}
-REVISION = 0
+REVISION = 1
GH_ACCOUNT = android
GH_PROJECT = platform_system_core
Index: patches/patch-adb_transport_c
===================================================================
RCS file: patches/patch-adb_transport_c
diff -N patches/patch-adb_transport_c
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ patches/patch-adb_transport_c 12 Sep 2021 22:02:59 -0000
@@ -0,0 +1,25 @@
+$OpenBSD$
+Add error checking and avoid %n
+
+Index: adb/transport.c
+--- adb/transport.c.orig
++++ adb/transport.c
+@@ -912,11 +912,17 @@ static void add_qual(char **buf, size_t *buf_size,
+ {
+ size_t len;
+ int prefix_len;
++ char tbuf[*buf_size];
+
+ if (!buf || !*buf || !buf_size || !*buf_size || !qual || !*qual)
+ return;
+
+- len = snprintf(*buf, *buf_size, "%s%n%s", prefix, &prefix_len, qual);
++ prefix_len = snprintf(tbuf, *buf_size, "%s", prefix);
++ if (prefix_len == -1 || prefix_len > *buf_size)
++ return;
++ len = snprintf(*buf, *buf_size, "%s%s", tbuf, qual);
++ if (len == -1 || len > *buf_size)
++ return;
+
+ if (sanitize_qual) {
+ char *cp;
