| Wiki Markup |
|---|
The formatted IO functions {{fprintf()}}, {{printf()}}, {{sprintf()}}, {{snprintf()}}, {{vfprintf()}}, {{vprintf()}}, {{vsprintf()}}, and {{vsnprintf()}} convert, format, and print their arguments under control of a _format_ string. According to \[[ISO/IEC 9899:1999|AA. Bibliography#ISO/IEC 9899-1999|Programming Languages---C]\]: |
The format is a character string, beginning and ending in its initial shift state, if any. The format is composed of zero or more directives: ordinary characters, which are simply copied to the output stream, and conversion specifications, each of which shall result in the fetching of zero or more arguments.
...
Common mistakes in creating format strings include:
- providing insufficient arguments for the format string
- using invalid conversion specifiers
- using a flag character that is incompatible with the conversion specifier
- using a length modifier that is incompatible with the conversion specifier
- mismatching the argument type and conversion specifier
- using an argument of type other than
intfor width or precision
...
Conversion | | |
|
|
|
|
|
|
|
|
|
|
| Argument |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| | | | |
| | | | | | | | | signed integer |
| | | | |
| | | | | | | | | unsigned integer |
| | | | |
| | | | | | | | | unsigned integer |
| | | | |
| | | | | | | | | unsigned integer |
| | | | |
| | | | | | | | | unsigned integer |
| | | | |
| | | N/E | N/E | | | | | |
| | | | |
| | | N/E | N/E | | | | | |
| | | | |
| | | N/E | N/E | | | | | |
| | | | |
| | | N/E | N/E | | | | | |
| | | | |
| | | | | | | | | |
| | | | |
| | | NTWS | | | | | | NTBS or NTWS |
| | | | |
| | | | | | | | | |
| | | | |
| | | | | | | | | pointer to integer |
| | | | |
| | | | | | | | | |
| | | | |
| | | | | | | | | NTWS |
| | | | |
| | | | | | | | | none |
Legend:
- SPACE – the SPACEâ”the space (
' ') character - _N/E – No _â”No Effect
- NTBS – NTBSâ”
char*argument pointing to a Null-Terminated Byte String - NTWS – NTWSâ”
wchar_t*argument pointing to a Null-Terminated Wide character String - XSI – XSIâ”ISO/IEC 9945-2003 XSI extension
...
The width and precision arguments to printf() format directives must be of type int. According to C99:
A field width, or precision, or both, may be indicated by an asterisk ('*'). In this case an argument of type
intsupplies the field width or precision.
...
Recommendation | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
FIO00-C | high | unlikely | medium | P6 | L2 |
Automated Detection
|
...
...
|
|
| |||||||||||
|
|
|
|
...
|
|
|
...
|
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Other Languages
Related Guidelines
CERT This rule appears in the C++ Secure Coding Standard as : FIO00-CPP. Take care when creating format strings.
Bibliography
unmigrated-wiki-markup
\[[ISO/IEC 9899:1999|AA. Bibliography#ISO/IEC 9899-1999]\] Section 7.19.6.1, "The {{fprintf}} function"
\[[MITRE 07|AA. Bibliography#MITRE 07]\] [CWE ID 686|http://cwe.mitre.org/data/definitions/686.html], "Function Call With Incorrect Argument Type"
MITRE CWE: CWE-686, "Function Call With Incorrect Argument Type"
Bibliography
...
FIO19-C. Do not use fseek() and ftell() to compute the size of a file 09. Input Output (FIO)