Several common mistakes in creating format strings are listed below:
- using invalid conversion specifiers
- using a length modifier on an incorrect specifier
- argument and conversion specifier type mismatch
The following are C99 compliant conversion specifiers. Using any other specifier may result in undefined behavior.
| Code Block |
|---|
d, i, o, u, x, X, f, F, e, E, g, G, a, A, c, s, p, n, %
|
Only some of the conversion specifiers Only a small number of format strings are able to correctly take a length modifier. Do not include lengths on specifiers other than d, i, o, u, x, X, a, A, e, E, f, F, g, and G.Using a length modifier on any specifier others than the following may result in undefined behavior.
| Code Block |
|---|
d, i, o, u, x, X, a, A, e, E, f, F, g, G
|
Having an argument and conversion specifier mismatch may result in undefined behavior.
| Code Block | ||
|---|---|---|
| ||
char *error_msg = "Resource not available to user.";
int error_type = 3;
/* ... */
printf("Error (type %s): %d\n", error_type, error_msg);
|
Risk Assessment
In most cases, the undefined behavior referred to above will result in abnormal program termination.
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
MSC11-A | 1 (low) | 1 (low) | 2 (medium) | P2 | L3 |
References
| Wiki Markup |
|---|
\[[ISO/IEC 9899-1999:TC2|AA. C References#ISO/IEC 9899-1999TC2]\] Section 7.19.6.1, "The {{fprintf}} function" |