This is far from the only occurrence of this problem. That method should not be using String.format imho.

It pops up every now and again, the format is fine.
We just need to filter cases where we want to protect against bad things being formatted twice.

Have seen this pop up occasionally, most recently in the FTB Crash subreddit.

Crash report from the thread.

The format is (in theory) fine, yes. But if we keep it we need to add escaping at every possible entrypoint. This is just like passing raw data into an SQL query or whatever. In the linked crash the issue is that just an entire crash-report output is shoved through String.format. At some point there will be some invalid formatting codes in there.
I think we should clean up the few places that rely on the String.format and remove it.

Easy solution is just make sure you always give logs a format string:
net.minecraftforge.fml.common.FMLLog.severe("Removing erroring tile entity. Crash report:\n{}", crashreport.func_71502_e());
or skip formatting when there are no data arguments given to the log.

You mean "Crash report:\n%s", what you posted is Log4j formatting, which is also applied, in addition to String.format.

Oh ok. I use a log4j logger directly, I didn't know FMLLog had an additional wrapper over it that applies String.format.
I agree with what you said earlier then.