• CodeQL query help documentation »
• CodeQL query help for C and C++ »

Wrong type of arguments to formatting function

ID: cpp/wrong-type-format-argument
Kind: problem
Security severity: 7.5
Severity: error
Precision: high
Tags:
   - reliability
   - correctness
   - security
   - external/cwe/cwe-686
Query suites:
   - cpp-code-scanning.qls
   - cpp-security-extended.qls
   - cpp-security-and-quality.qls

Click to see the query in the CodeQL repository

Each call to the printf function or a related function should include the type and sequence of arguments defined by the format. If the function is passed arguments of a different type or in a different sequence then the arguments are reinterpreted to fit the type and sequence expected, resulting in unpredictable behavior.

Recommendation

Review the format and arguments expected by the highlighted function calls. Update either the format or the arguments so that the expected type and sequence of arguments are passed to the function.

Example

int main() {
  printf("%s\n", 42); //printf will treat 42 as a char*, will most likely segfault
  return 0;
}

References

• CERT C Coding Standard: FIO30-C. Exclude user input from format strings.

• cplusplus.com: C++ Functions.

• CRT Alphabetical Function Reference: printf, _printf_l, wprintf, _wprintf_l.

• Common Weakness Enumeration: CWE-686.

• © GitHub, Inc.
• Terms
• Privacy