...
Valid and meaningful combinations are marked by the 
symbol (save for the length modifier columns, as described previously). Valid combinations that have no effect are labeled N/E. Using a combination marked by the 
symbol, using a specification not represented in the table, or using an argument of an unexpected type is undefined behavior. (See undefined behaviors 153, 155, 157, 158, 161, and 162.)
Conversion |
|
|
|
|
|
|
|
|
|
|
|
| Argument |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
| Signed integer |
|
|
|
|
|
|
|
|
|
|
|
|
| Unsigned integer |
|
|
|
|
|
|
|
|
|
|
|
|
| Unsigned integer |
|
|
|
|
|
|
|
|
|
|
|
|
| Unsigned integer |
|
|
|
|
|
|
| N/E | N/E |
|
|
|
|
|
|
|
|
|
|
|
| N/E | N/E |
|
|
|
|
|
|
|
|
|
|
|
| N/E | N/E |
|
|
|
|
|
|
|
|
|
|
|
| N/E | N/E |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| NTWS |
|
|
|
|
| NTBS or NTWS |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| Pointer to integer |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| NTWS |
|
|
|
|
|
|
|
|
|
|
|
|
| None |
SPACE: The space (" ") character
N/E: No effect
NTBS: char* argument pointing to a null-terminated character string
NTWS: wchar_t* argument pointing to a null-terminated wide character string
XSI: ISO/IEC 9945-2003 XSI extension
...
Incorrectly specified format strings can result in memory corruption or abnormal program termination.
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
FIO47-C | High | Unlikely | Medium | P6 | L2 |
Automated Detection
Tool | Version | Checker | Description | ||||||
|---|---|---|---|---|---|---|---|---|---|
| CodeSonar |
| IO.INJ.FMT | Format string injection | ||||||
| Coverity |
| PW | Reports when the number of arguments differs from the number of required arguments according to the format string | ||||||
| GCC |
|
Can detect violations of this recommendation when the | ||||||||
| Klocwork |
| SV.FMT_STR.PRINT_FORMAT_MISMATCH.BAD SV.FMT_STR.SCAN_FORMAT_MISMATCH.BAD SV.FMT_STR.SCAN_FORMAT_MISMATCH.UNDESIRED SV.FMT_STR.SCAN_IMPROP_LENGTH SV.FMT_STR.SCAN_PARAMS_WRONGNUM.FEW SV.FMT_STR.SCAN_PARAMS_WRONGNUM.MANY SV.FMT_STR.UNKWN_FORMAT |
| LDRA tool suite |
| 486 S | Fully implemented | ||||||
| Parasoft C/C++test |
|
|
| PB-45,PB-46,PB-47,PB-48,PB-49,PB-50 | Fully implemented | |||||||
| PRQA QA-C |
| 0161, 0162, 0163, 0164, 0165, 0166, 0167, 0168, 0169, 0170, 0171, 0172, 0173, 0174, 0175, 0176, 0177, 0178, 0179 (U), 0180 (C99), 0184 (U), 0185 (U) | Partially implemented | ||||||
| PVS-Studio | 6.22 | V510, V576 | General analysis rule set |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
...
Key here (explains table format and definitions)
Taxonomy | Taxonomy item | Relationship |
|---|---|---|
| CERT C | FIO00-CPP. Take care when creating format strings | Prior to 2018-01-12: CERT: Unspecified Relationship |
| ISO/IEC TS 17961:2013 | Using invalid format strings [invfmtstr] | Prior to 2018-01-12: CERT: Unspecified Relationship |
| CWE 2.11 | CWE-686, Function Call with Incorrect Argument Type | 2017-06-29: CERT: Partial overlap |
| CWE 2.11 | CWE-685 | 2017-06-29: CERT: Partial overlap |
CERT-CWE Mapping Notes
Key here for mapping notes
...
- Using a trusted but invalid format string
Bibliography
| [ISO/IEC 9899:2011] | Subclause 7.21.6.1, "The fprintf Function" |
...
...