printf format strings contain placeholders, represented by special characters such as %s. These placeholders are
interpreted at runtime rather than validated by the compiler. Using incorrect placeholders or with inappropriate arguments can result in the wrong
string being created or undefined behavior.
Starting with C++20, std::format should be preferred: it is more readable and validated at compile-time, making it more secure. Rule
S6494 covers that. Furthermore, C++23 provides std::print, which is similar to std::format but directly prints
its output instead of generating a std::string.
S2275 covers errors leading to undefined behavior.
This rule is about errors that produce an unexpected string.
These problems are detected when the format string is a string literal:
- Every argument should be used:
printf("Numbers: %d", 1, 2); // Noncompliant: the second argument "2" is unused
You should either remove the extra arguments or add the relevant placeholders.
- The formatting flags
0 and - are mutually exclusive:
printf("Number: %0-10f", 1.2); // Noncompliant: flag "0" is ignored because of "-"
When 0 is used, the number is right-aligned with leading 0s. The flag - aligns the number to the left. Consequently, zero 0 would be used when using both flags, thus making the 0 flag useless. You should choose which flags make sense in your use case and remove the other.
- The formatting flags
␣ (space) and + are mutually exclusive:
printf("Number: % +f", 1.2); // Noncompliant: flag " " is ignored because of "+"
Both the space and the + flags change when the sign character is printed. They are, therefore, incompatible with one another. You should decide which one is appropriate in your case and remove the other.
