...
- one type is a signed integer type, the other type is the corresponding unsigned integer type, and the value is representable in both types;
- one type is pointer to void and the other is a pointer to a character type.
Non-Compliant Code Example (
...
conversion error)
The C99 printf() function is implemented as a variadic function. This non-compliant code example swaps its null terminated byte string and integer parameters with respect to how they were specified in the format string. Consequently, the integer is interpreted as a pointer to a null terminated byte string and dereferenced. This will likely cause the program to abnormally terminate . Note that the error_message pointer is likewise interpreted as an integer.
| Code Block | ||
|---|---|---|
| ||
char const *error_msg = "Error occurred";
/* ... */
printf("%s:%d", 15, error_msg);
|
Compliant Solution (
...
conversion error)
This compliant solution is formatted so that the specifiers are consistent with their parameters.
...
As shown, care should be taken that the arguments passed to a format string function match up with the supplied format string.
Non-Compliant Code Example (
...
alignment error)
In this non-compliant code example, a type long long integer is parsed by the printf() function with just a %d specifier, possibly resulting in data truncation or misrepresentation when the value is pulled from the argument list.
...
Because a long long was not interpreted, if the architecture is set up in a way that long long uses more bits for storage, the subsequent format specifier %s is unexpectedly offset, causing unknown data to be used instead of the pointer to the message.
Compliant Solution (
...
alignment error)
This compliant solution adds in the length modifier ll to the %d format specifier so that the variadic function parser for printf() pulls the right amount of space off of the variable argument list for the long long argument.
...