bug592.cpp

1    #include <stdio.h>
2    #include <string.h>
3    const char *presidents[] =
4        {
5        "johnson 61.1%",
6        "f. roosevelt 60.8%",
7        "nixon 60.7%",
8        "harding 60.3%",
9        //...
10       };
11   void add( char *list, int pos )
12       {
13       strcat( list, presidents[pos-1] );
14       strcat( list, " " );
15       }
16   int main()
17       {
18       char buf[ 300 ];
19       buf[0] = 0;
20       add( buf, 1 ); add( buf, 2 ); add( buf, 3 );
21       printf( "Top 3 vote percentages were:\n" );
22       printf( buf );
23       return 0;
24       }

Alfred, a poli-sci major, with the emphasis on poli, wrote this program to print out the top 3 popular vote getters in presidential elections. But the resulting wacky behavior was not what he expected. What did he do wrong?

bug592.cpp lint Output

--- Module:   bug592.cpp (C++)
                _
    printf( buf );
bug592.cpp(22) : Warning 592: Non-literal format specifier used without arguments

Reference Manual Explanation

592    Non-literal format specifier used without arguments  -- A
       printf/scanf style function received a non-literal format
       specifier without trailing arguments.  For example:

                 char msg[100];
                 ...
                 printf( msg );

       This can easily be rewritten to the relatively safe:

                 char msg[100];
                 ...
                 printf( "%s", msg );

       The danger lies in the fact that msg can contain hidden format
       codes.  If msg is read from user input, then in the first
       example, a naive user could cause a glitch or a crash and a
       malicious user might exploit this to undermine system security.
       Since the unsafe form can easily be transformed into the safe
       form the latter should always be used.