...
The following table summarizes C-compliant conversion specifiers along with the flag characters valid for each specification (the apostrophe ('), -, +, the space character, and # in columns 2 through 5) and length modifiers (h, hh, l, ll, j, z, t, and L in columns 6 through 13) and the type of the expected argument. Valid and meaningful combinations of a conversion specification, flag character, and length modifier is denoted by the 
symbol in the corresponding cell or by the name of the type argument affected by the length modifier. Valid combinations that have no effect are denoted by N/E. Using a combination of a conversion specification, flag character, and length modifier denoted by the 
symbol or a specification not listed in the table, or using an argument of an unexpected type, may result in undefined behavior. See undefined behaviors 153, 155, 157, 158, 161, and 162 in Annex J of C11.
Conversion |
|
|
|
|
|
|
|
|
|
|
|
|
| Argument |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
| signed integer |
|
|
|
|
|
|
|
|
|
|
|
|
|
| unsigned integer |
|
|
|
|
|
|
|
|
|
|
|
|
|
| unsigned integer |
|
|
|
|
|
|
|
|
|
|
|
|
|
| unsigned integer |
|
|
|
|
|
|
|
|
|
|
|
|
|
| unsigned integer |
|
|
|
|
|
|
|
| N/E | N/E |
|
|
|
|
|
|
|
|
|
|
|
|
| N/E | N/E |
|
|
|
|
|
|
|
|
|
|
|
|
| N/E | N/E |
|
|
|
|
|
|
|
|
|
|
|
|
| N/E | N/E |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| NTWS |
|
|
|
|
| NTBS or NTWS |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| pointer to integer |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| NTWS |
|
|
|
|
|
|
|
|
|
|
|
|
|
| none |
Legend:
- SPACE—the space (
' '" ") character - N/E—No effect
- NTBS—
char*argument pointing to a null-terminated byte string - NTWS—
wchar_t*argument pointing to a null-terminated wide - character string - XSI—ISO/IEC 9945-2003 XSI extension
...
Tool | Version | Checker | Description | ||||||
|---|---|---|---|---|---|---|---|---|---|
| Include Page | LDRA_V | LDRA_V | 486 S | Fully implemented.||||||
GCC |
|
| Can detect violations of this recommendation when the | ||||||
| SV.FMT_STR. |
| |||||||
| 486 S | Fully implemented. | |||||||
| PRQA QA-C |
| 0179 (U) | Partially implemented. |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Related Guidelines
...
| FIO00-CPP. Take care when creating format strings | |
| ISO/IEC TS 17961 (Draft) | Using invalid format strings [invfmtstr] |
| MITRE CWE |
...
...
| Function call with incorrect argument type |
...
Bibliography
...
| ] | Section 7.21.6.1, "The fprintf |
...
| Function" |
...