...
Another common mistake is to use more format specifiers than supplied arguments. This results in undefined behavior, which could end up pulling extra values for example, extracting non-existent arguments off the stack and unintentionally exposing data. The following example shows a case of illustrates this:
| Code Block | ||
|---|---|---|
| ||
char const *error_msg = "Resource not available to user.";
/* ... */
printf("Error (%s): %s", error_msg);
|
...