...
| Code Block | ||
|---|---|---|
| ||
long long a = 1;
char const msg[] = "Default message";
/* ... */
printf("%lld %s", a, msg);
|
Automated Detection
The tool Compass/ROSE does not currently detect violations of this rule. While the rule in general can not be automated, due to the difficulty in enforcing contracts between a variadic function and its invokers, it would be fairly easy to enforce type correctness on arguments to the printf() family of functions.
Risk Assessment
Inconsistent typing in variadic functions can result in abnormal program termination or unintended information disclosure.
...