Adam said:
>If I call the function using something like:Then Adam laters says:
char message[50];
strcpy(message, "hi there");
print("%s",message);
everything works, but if I do:
print(message);
it doesn't (program crashes with an abort).
Trouble is, I can't replicate it in aThen Adam later says:
simple example (and a complex example would take me well out of
comp.lang.c territory). I though perhaps that some undefined behaviour
was causing problems in one case but not in another, but
I guess I need to look elsewhere for my problem.
Bingo :) That's exactly what it was. The input to my function wasDear Adam,
coming from the GUI element of the app and I hadn't considered
checking for "%" in the string - and that's what was there!
If the 'message' part of your custom print() function comes from an
external source, it's possible your app has a bigger problem than
a mere crash - it contains a serious security vulnerability.
Change
print(message);
to
print("%s", message);
Don't tempt fate, or one day someone will come along and use
C's %n format specifier in 'message' (along with some specifiers
of secondary importance) to overwrite critical portions of memory
and gain control of your computer.
Yours,
Han from China