Too many arguments to formatting function¶

ID: cpp/too-many-format-arguments
Kind: problem
Security severity: 
Severity: recommendation
Precision: high
Tags:
   - reliability
   - correctness
Query suites:
   - cpp-security-and-quality.qls

Click to see the query in the CodeQL repository

Each call to the printf function, or a related function, should include the number of arguments defined by the format. Passing the function more arguments than required is usually harmless from a security perspective but indicates that different behavior was intended.

Recommendation¶

Review the format and arguments expected by the highlighted function calls. Update either the format or the arguments so that the expected number of arguments are passed to the function.

Example¶

void log_connection_attempt(const char *user_name, char char *ip_address) {
  // This does not print `ip_address`.
  fprintf(stderr, "Connection attempted by '%s'\n", user_name, ip_address);
}

References¶

CERT C Coding Standard: FIO47-C. Use valid format strings.
Microsoft C Runtime Library Reference: printf, wprintf.

© GitHub, Inc.
Terms
Privacy

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.

Alternative Proxies:

Alternative Proxy