473,422 Members | 2,008 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > c / c++ > questions > (part 14) han from china answers your c questions

Join Bytes to post your question to a community of 473,422 software developers and data experts.

(part 14) Han from China answers your C questions

No format string passed to variable argument list function

Adam said:
>If I call the function using something like:
char message[50];
strcpy(message, "hi there");
print("%s",message);

everything works, but if I do:
print(message);

it doesn't (program crashes with an abort).
Then Adam laters says:
Trouble is, I can't replicate it in a
simple example (and a complex example would take me well out of
comp.lang.c territory). I though perhaps that some undefined behaviour
was causing problems in one case but not in another, but
I guess I need to look elsewhere for my problem.
Then Adam later says:
Bingo :) That's exactly what it was. The input to my function was
coming from the GUI element of the app and I hadn't considered
checking for "%" in the string - and that's what was there!
Dear Adam,

If the 'message' part of your custom print() function comes from an
external source, it's possible your app has a bigger problem than
a mere crash - it contains a serious security vulnerability.

Change
print(message);
to
print("%s", message);

Don't tempt fate, or one day someone will come along and use
C's %n format specifier in 'message' (along with some specifiers
of secondary importance) to overwrite critical portions of memory
and gain control of your computer.

Yours,
Han from China

Nov 10 '08 #1
0 1273
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

1
(part 11) Han from China answers your C questions
by: Nomen Nescio | last post by:
A new learner's question Flash Gordon wrote: To the OP, please be aware that Flash Gordon has a history of either deliberately misleading and "miss-informing" posters to this newsgroup or...
C / C++
0
(part 12) Han from China answers your C questions
by: Nomen Nescio | last post by:
what is the type for this call? Neo said: Neo, buddy, I've decided to give you a little summary for reference so that you don't have to sift through excess verbiage, cryptic meanderings,...
C / C++
2
Re: (part 15) Han from China answers your C questions
by: Chris Dollin | last post by:
Joachim Schmitz wrote: I think that remark is an ill-considered and unhelpful generalisation. -- "We dance, and the worlds melt away." - Curved Air, /Metamorphosis/ ...
C / C++
2
(part 23) Han from China answers your C questions
by: Borked Pseudo Mailed | last post by:
float and integers c.lang.myself@gmail.com said I will be making assumptions here about your system that will infuriate the pedants, but I don't care. Given your X-HTTP-UserAgent string, it...
C / C++
1
(part 22) Han from China answers your C questions
by: George Orwell | last post by:
its urgent.pls help me. mona said: mona said: Hey again, mona. Please check the thread "(part 21) Han from China answers your C questions", in which I gave you a program with
C / C++
0
(part 27) Han from China answers your C questions
by: George Orwell | last post by:
fread breaks file descriptors opened in "w" mode. ... Yes, once you break out of ANSI/ISO C, all things are possible. You have posted an on-topic question to comp.lang.c. See version 2.0 of...
C / C++
16
(part 30) Han from China answers your C questions
by: Borked Pseudo Mailed | last post by:
Error handling in C Nick Keighley said: ... ... To the OP, please be aware that Nick Keighley is a known troll and is deliberately providing you with unsound advice. You asked for error...
C / C++
2
(part 29) Han from China answers your C questions
by: Nomen Nescio | last post by:
What is this? Eric said: That looks like either someone's poor coding or someone's poor pasting for an implementation of offsetof() from stddef.h. The (char *) leads me to think that there's...
C / C++
1
(part 32) Han from China answers your C questions
by: George Orwell | last post by:
File Seeking / Overwriting bytes Martien Verbruggen said: And this is, of course, also not right. fseek() does support SEEK_END on text streams. If you want to know why, please start a...
C / C++
0
BarryA
Navigating the Data Structures and Algorithms (DSA)
by: BarryA | last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
Algorithms / Advanced Math
1
Looking to do Android software development, any suggestions? Is flutter better?
by: nemocccc | last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
General
1
Is that possible of reading the .csv file in column wise and the column have different lengths ?
by: Sonnysonu | last post by:
This is the data of csv file 1 2 3 1 2 3 1 2 3 1 2 3 2 3 2 3 3 the lengths should be different i have to store the data by column-wise with in the specific length. suppose the i have to...
C / C++
0
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
General
0
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
Windows Server
0
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers,...
C / C++
1
The easy way to turn off automatic updates for Windows 10/11
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
Windows Server
0
agi2029
AI Job Threat for Devs
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
Career Advice
0
Couldn’t get equations in html when convert word .docx file to html file in C#.
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and...
C# / C Sharp

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!