// gt-0002: Two-hop call chain to vulnerable sink
// Expected: REACHABLE (tier: executed)
// Vulnerability: CWE-134 (Format String)

#include <stdio.h>
#include <string.h>

void format_message(const char *user_input, char *output) {
    // Vulnerable: format string from user input
    sprintf(output, user_input);  // SINK: CWE-134
}

int main(int argc, char *argv[]) {
    char buffer[256];
    
    if (argc > 1) {
        format_message(argv[1], buffer);
        printf("Result: %s\n", buffer);
    }
    
    return 0;
}