Page History

The formatted IO functions {{fprintf()}}, {{printf()}}, {{sprintf()}}, {{snprintf()}}, {{vfprintf()}}, {{vprintf()}}, {{vsprintf()}}, and {{vsnprintf()}} convert, format, and print their arguments under control of a _format_ string. According to \[[ISO/IEC 9899:1999| AA. References#ISO/IEC 9899-1999 | Programming Languages---C]\]:

...

The following table summarizes C99-compliant conversion specifiers along with the flag characters (the apostrophe ('), -, {+}, the space character, and # in columns 2, through 5) and length modifiers (h, hh, l, ll, j, z, t, and L in columns 6 through 13) valid for each specification, and the type of the expected argument. Valid and meaningful combinations of a conversion specification, flag character, and length modifier is denoted by the symbol in the corresponding cell or by the name of the type argument effected by the length modifier. Valid combinations that have no effect are denoted by N/E. Using a combination of a conversion specification, flag character, and length modifier denoted by the symbol or a specification not listed in the table, or an argument of an unexpected type may result in undefined behavior. See undefined behavior 145, 149, 150, 153, and 154 in Annex J of C99.

Legend:

• SPACE – the space (' ') character
• N/E – No Effect
• NTBS – char* argument pointing to a Null-Terminated Byte String
• NTWS – wchar_t* argument pointing to a Null-Terminated Wide character String
• XSI – ISO/IEC 9945-2003 XSI extension

...

GCC Compiler can detect violations of this recommendation when the -Wformat flag is used.

Klocwork can detect violations with the SV.FMT_STR.* checkers.  See Klocwork Cross Reference

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

...