CodeQL documentation

Wrong type of arguments to formatting function

ID: cpp/wrong-type-format-argument
Kind: problem
Security severity: 7.5
Severity: error
Precision: high
Tags:
   - reliability
   - correctness
   - security
   - external/cwe/cwe-686
Query suites:
   - cpp-code-scanning.qls
   - cpp-security-extended.qls
   - cpp-security-and-quality.qls

Click to see the query in the CodeQL repository

Each call to the printf function or a related function should include the type and sequence of arguments defined by the format. If the function is passed arguments of a different type or in a different sequence then the arguments are reinterpreted to fit the type and sequence expected, resulting in unpredictable behavior.

Recommendation

Review the format and arguments expected by the highlighted function calls. Update either the format or the arguments so that the expected type and sequence of arguments are passed to the function.

Example

In the following example, the wrong format specifier is given for an integer format argument:

int main() {
  printf("%s\n", 42); // BAD: printf will treat 42 as a char*, will most likely segfault
  return 0;
}

The corrected version uses %i as the format specifier for the integer format argument:

int main() {
  printf("%i\n", 42); // GOOD: printf will treat 42 as an int
  return 0;
}

References

  • © GitHub, Inc.
  • Terms
  • Privacy