Wrong type of arguments to formatting function¶
ID: cpp/wrong-type-format-argument
Kind: problem
Severity: error
Precision: high
Tags:
- reliability
- correctness
- security
- external/cwe/cwe-686
Query suites:
- cpp-code-scanning.qls
- cpp-security-extended.qls
- cpp-security-and-quality.qls
Click to see the query in the CodeQL repository
Each call to the printf
function or a related function should include the type and sequence of arguments defined by the format. If the function is passed arguments of a different type or in a different sequence then the arguments are reinterpreted to fit the type and sequence expected, resulting in unpredictable behavior.
Recommendation¶
Review the format and arguments expected by the highlighted function calls. Update either the format or the arguments so that the expected type and sequence of arguments are passed to the function.
Example¶
int main() {
printf("%s\n", 42); //printf will treat 42 as a char*, will most likely segfault
return 0;
}
References¶
CERT C Coding Standard: FIO30-C. Exclude user input from format strings.
cplusplus.com: C++ Functions.
CRT Alphabetical Function Reference: printf, _printf_l, wprintf, _wprintf_l.
Common Weakness Enumeration: CWE-686.