SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 67

changes.mady.by.user David Svoboda

Saved on

compared with

New Version 68

changes.mady.by.user John Benito

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: minor edits to examples

The formatted output functions (fprintf() and related functions) convert, format, and print their arguments under control of a format string, defined as follows by the C Standard, subclause 7.21.6.1, paragraph 3 [ISO/IEC 9899:2011]:

...

Code Block
bgColor#ffcccc
langc
#include <stdio.h>
 
void func(void) {
  const char *error_msg = "Resource not available to user.";
  int error_type = 3;
  /* ... */
  printf("Error (type %s): %d\n", error_type, error_msg);
  /* ... */
}

Compliant Solution

This compliant solution ensures that the format arguments match their respective format specifications:

Code Block
bgColor#ccccff
langc
#include <stdio.h>
 
void func(void) {
  const char *error_msg = "Resource not available to user.";
  int error_type = 3;
  /* ... */
  printf("Error (type %d): %s\n", error_type, error_msg);

  /* ... */
}

Risk Assessment

In most cases, incorrectly specified format strings will result in abnormal program termination. However, in some cases they can be used to corrupt memory in manners controllable by an attacker.

...

CERT C++ Secure Coding StandardFIO00-CPP. Take care when creating format strings
ISO/IEC TS 17961:2013Using invalid format strings [invfmtstr]
MITRE CWECWE-686, Function call with incorrect argument type

...