Why is this an issue?
Because printf format strings are interpreted at runtime, rather than validated by the compiler, they can contain errors that result
in the wrong strings being created. This rule statically validates the correlation of printf format strings to their arguments.
The related rule {rule:cpp:S2275} is about errors that will create undefined behavior, while this rule is about errors that produce an unexpected
string.
Noncompliant code example
printf("%d", 1, 2); // Noncompliant; the second argument "2" is unused
printf("%0-f", 1.2); // Noncompliant; flag "0" is ignored because of "-"
Compliant solution
printf("%d %d", 1, 2); // Compliant
printf("%-f", 1.2); // Compliant
Exceptions
This rule will only work if the format string is provided as a string literal.
Resources
