Fix DoS in notification_format_message

When using a format with a trailing % character, dunst ends in an
endless loop, searching for a % char, while pointing exactly with the
haystack on the % character.

Increasing the substring pointer will shift the pointer forwards onto
the actual NULL character and stop the loop.

src/notification.c

@@ -376,7 +376,7 @@ static void notification_format_message(struct notification *n)
 
         /* replace all formatter */
         for(char *substr = strchr(n->msg, '%');
-                  substr;
+                  substr && *substr;
                   substr = strchr(substr, '%')) {
 
                 char pg[16];
@@ -450,6 +450,7 @@ static void notification_format_message(struct notification *n)
                 case '\0':
                         LOG_W("format_string has trailing %% character. "
                               "To escape it use %%%%.");
+                        substr++;
                         break;
                 default:
                         LOG_W("format_string %%%c is unknown.", substr[1]);