For other CodeQL resources, including tutorials and examples, see the CodeQL documentation

Printf

Module Printf

A library for dealing with printf-like formatting strings.

Import path


                                import semmle.code.cpp.commons.Printf

Imports

CommonType
FormattingFunction	Provides a class for modeling `printf`-style formatting functions. To use this QL library, create a QL class extending `FormattingFunction` with a characteristic predicate that selects the function or set of functions you are modeling. Within that class, override the predicates provided by `FormattingFunction` to match the flow within that function.
StringAnalysis	Provides a class for calculating the possible length of string expressions.
Type	Provides a hierarchy of classes for modeling C/C++ types.

Predicates

primitiveVariadicFormatter

A standard function such as vprintf that has a format parameter and a variable argument list of type va_arg. formatParamIndex indicates the format parameter and type indicates the type of vprintf: - "" is a vprintf variant, outputParamIndex is -1. - "f" is a vfprintf variant, outputParamIndex indicates the output stream parameter. - "s" is a vsprintf variant, outputParamIndex indicates the output buffer parameter. - "?" if the type cannot be determined. outputParamIndex is -1.

variadicFormatter

Holds if f is a function such as vprintf that has a format parameter and a variable argument list of type va_arg. formatParamIndex indicates the format parameter and type indicates the type of vprintf: - "" is a vprintf variant, outputParamIndex is -1. - "f" is a vfprintf variant, outputParamIndex indicates the output stream parameter. - "s" is a vsprintf variant, outputParamIndex indicates the output buffer parameter. - "?" if the type cannot be determined. outputParamIndex is -1.

Classes

AttributeFormattingFunction	A function that can be identified as a `printf` style formatting function by its use of the GNU `format` attribute.
BufferWriteEstimationReason	A reason for a specific buffer write size estimate.
FormatLiteral	A class to represent format strings that occur as arguments to invocations of formatting functions.
FormattingFunctionCall	A call to one of the formatting functions.
PrintfFormatAttribute
TypeBoundsAnalysis	The estimation comes from rough bounds just based on the type (e.g. `0 <= x < 2^32` for an unsigned 32 bit integer).
UnspecifiedEstimateReason	No particular reason given. This is currently used for backward compatibility so that classes derived from BufferWrite and overriding `getMaxData/0` still work with the queries as intended.
UserDefinedFormattingFunction	A function not in the standard library which takes a `printf`-like formatting string and a variable number of arguments.
ValueFlowAnalysis	The estimation comes from non trivial bounds found via actual flow analysis. For example `unsigned u = x; if (u < 1000) { //... <- estimation done here based on u }`
WidenedValueFlowAnalysis	The estimation comes from non trivial bounds found via actual flow analysis, but a widening approximation might have been used for variables in loops. For example `for (int i = 0; i < 10; ++i) { int j = i + i; //... <- estimation done here based on j }`