Why is this an issue?
It is a security vulnerability to call printf
with a unique string argument which is not a string literal. Indeed, if this argument
comes from a user input, this user can :
- make the program crash, by executing code equivalent to:
printf("%s%s%s%s%s%s%s%s")
- view the stack or a memory at any location, by executing code equivalent to:
printf("%08x %08x %08x %08x %08x\n")
Noncompliant code example
void f(char* userInput) {
printf(userInput); // Noncompliant
}
Compliant solution
void f(char* userInput) {
printf("%s", userInput); // Compliant
}
Resources