...
Mismatches between arguments and conversion specifiers may result in undefined behavior. Many compilers can diagnose type mismatches in formatted output function invocations.
| Code Block | ||
|---|---|---|
| ||
char const *error_msg = "Resource not available to user.";
int error_type = 3;
/* ... */
printf("Error (type %s): %d\n", error_type, error_msg);
|
...
The LDRA tool suite V 7.6.0 is able to detect violations of this recommendation.
GNU C allows the -Wformat compiler option that does substantial checking of formats and arguments.
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
...