Click on image to see enlargment

PC-lint/FlexeLint Output | Reference Manual Explanation | Home

            bug592.cpp

1    #include <stdio.h>
2    #include <string.h>
3    const char *presidents[] =
4        {
5        "johnson 61.1%",
6        "f. roosevelt 60.8%",
7        "nixon 60.7%",
8        "harding 60.3%",
9        //...
10       };
11   void add( char *list, int pos )
12       {
13       strcat( list, presidents[pos-1] );
14       strcat( list, " " );
15       }
16   int main()
17       {
18       char buf[ 300 ];
19       buf[0] = 0;
20       add( buf, 1 ); add( buf, 2 ); add( buf, 3 );
21       printf( "Top 3 vote percentages were:\n" );
22       printf( buf );
23       return 0;
24       }

Alfred, a poli-sci major, with the emphasis on poli, wrote this program to print out the top 3 popular vote getters in presidential elections. But the resulting wacky behavior was not what he expected. What did he do wrong?


bug592.cpp lint Output

--- Module:   bug592.cpp (C++)
                _
    printf( buf );
bug592.cpp(22) : Warning 592: Non-literal format specifier used without arguments

Reference Manual Explanation


592    Non-literal format specifier used without arguments  -- A
       printf/scanf style function received a non-literal format
       specifier without trailing arguments.  For example:

                 char msg[100];
                 ...
                 printf( msg );

       This can easily be rewritten to the relatively safe:

                 char msg[100];
                 ...
                 printf( "%s", msg );

       The danger lies in the fact that msg can contain hidden format
       codes.  If msg is read from user input, then in the first
       example, a naive user could cause a glitch or a crash and a
       malicious user might exploit this to undermine system security.
       Since the unsafe form can easily be transformed into the safe
       form the latter should always be used.


If you have comments or questions about this bug, please post them to our   Discussion Forum


Previous Bug - Bug #774 - January 2010

Use our Interactive Demo to Run FlexeLint on our Bugs of the Month

PC-lint/FlexeLint - Product Overview

Home | Contact | Order

PC-lint and FlexeLint are trademarks of Gimpel Software
Copyright 2010, Gimpel Software, All rights reserved.