Tool | Version | Checker | Description |
|---|
| Axivion Bauhaus Suite | | Include Page |
|---|
| Axivion Bauhaus Suite_V |
|---|
| Axivion Bauhaus Suite_V |
|---|
|
| CertC-FIO47 | Fully implemented |
| CodeSonar | | IO.INJ.FMT
MISC.FMT
MISC.FMTTYPE
| Format string injection
Format string
Format string type error |
| Coverity | | PW | Reports when the number of arguments differs from the number of required arguments according to the format string |
| GCC | |
| Can detect violations of this recommendation when the -Wformat flag is used |
| Helix QAC | | C0161, C0162, C0163, C0164, C0165, C0166, C0167, C0168, C0169, C0170, C0171, C0172, C0173, C0174, C0175, C0176, C0177, C0178, C0179, C0180, C0184, C0185, C0190, C0191, C0192, C0193, C0194, C0195, C0196, C0197, C0198, C0199, C0200, C0201, C0202, C0204, C0206, C0209 C++3150, C++3151, C++3152, C++3153, C++3154, C++3155, C++3156, C++3157, C++3158, C++3159 |
|
| Klocwork | | SV.FMT_STR.PRINT_FORMAT_MISMATCH.BAD
SV.FMT_STR.PRINT_FORMAT_MISMATCH.UNDESIRED
SV.FMT_STR.PRINT_IMPROP_LENGTH
SV.FMT_STR.PRINT_PARAMS_WRONGNUM.FEW
SV.FMT_STR.PRINT_PARAMS_WRONGNUM.MANY
SV.FMT_STR.SCAN_FORMAT_MISMATCH.BAD
SV.FMT_STR.SCAN_FORMAT_MISMATCH.UNDESIRED
SV.FMT_STR.SCAN_IMPROP_LENGTH
SV.FMT_STR.SCAN_PARAMS_WRONGNUM.FEW
SV.FMT_STR.SCAN_PARAMS_WRONGNUM.MANY
SV.FMT_STR.UNKWN_FORMAT
|
|
| LDRA tool suite | | 486 S
589 S | Fully implemented |
| Parasoft C/C++test | | CERT_C-FIO47-a
CERT_C-FIO47-b
CERT_C-FIO47-c
CERT_C-FIO47-d
CERT_C-FIO47-e
CERT_C-FIO47-f | There should be no mismatch between the '%s' and '%c' format specifiers in the format string and their corresponding arguments in the invocation of a string formatting function
There should be no mismatch between the '%f' format specifier in the format string and its corresponding argument in the invocation of a string formatting function
There should be no mismatch between the '%i' and '%d' format specifiers in the string and their corresponding arguments in the invocation of a string formatting function
There should be no mismatch between the '%u' format specifier in the format string and its corresponding argument in the invocation of a string formatting function
There should be no mismatch between the '%p' format specifier in the format string and its corresponding argument in the invocation of a string formatting function
The number of format specifiers in the format string and the number of corresponding arguments in the invocation of a string formatting function should be equal |
| PC-lint Plus | | Include Page |
|---|
| PC-lint Plus_V |
|---|
| PC-lint Plus_V |
|---|
|
| 492, 493, 494, 499, 557,
558, 559, 566, 705, 706,
719, 816, 855, 2401, 2402,
2403, 2404, 2405, 2406, 2407 | Fully supported |
| Polyspace Bug Finder | | Include Page |
|---|
| Polyspace Bug Finder_V |
|---|
| Polyspace Bug Finder_V |
|---|
|
| CERT C: Rule FIO47-C | Check for format string specifiers and arguments mismatch (rule fully covered) |
| PRQA QA-C | | Include Page |
|---|
PRQA QA-C_v | PRQA QA-C_v | 0161, 0162, 0163, 0164, 0165, 0166, 0167, 0168, 0169,
0170, 0171, 0172, 0173, 0174, 0175, 0176, 0177, 0178,
0179 [U], 0180 [C99], 0184 [U], 0185 [U], 0190 [U],
0191 [U], 0192 [U], 0193 [U], 0194 [U], 0195 [U], 0196 [U],
0197 [U], 0198 [U], 0199 [U], 0200 [U], 0201 [U], 0202 [I],
0204 [U], 0206 [U]
Partially implemented | PVS-Studio | | V510, V576 |
|
| TrustInSoft Analyzer | | Include Page |
|---|
| TrustInSoft Analyzer_V |
|---|
| TrustInSoft Analyzer_V |
|---|
|
| match format and arguments | Exhaustively verified (see the compliant and the non-compliant example). |
