Uncontrolled format string¶
ID: cpp/tainted-format-stringKind: path-problemSecurity severity: 9.3Severity: warningPrecision: highTags: - reliability - security - external/cwe/cwe-134Query suites: - cpp-code-scanning.qls - cpp-security-extended.qls - cpp-security-and-quality.qls
Click to see the query in the CodeQL repository
The program uses input from the user as a format string forprintf style functions. This can lead to buffer overflows or data representation problems. An attacker can exploit this weakness to crash the program, disclose information or even execute arbitrary code.
The results of this rule do not include inputs from the user that are transferred through global variables. Those can be found in the related rule “Uncontrolled format string (through global variable)”.
Recommendation¶
Use constant expressions as the format strings. If you need to print a value from the user, useprintf("%s",value_from_user).
Example¶
#include<stdio.h>voidprintWrapper(char*str){printf(str);}intmain(intargc,char**argv){// This should be avoidedprintf(argv[1]);// This should be avoided too, because it has the same effectprintWrapper(argv[1]);// This is fineprintf("%s",argv[1]);}
References¶
CERT C Coding Standard:FIO30-C. Exclude user input from format strings.
Common Weakness Enumeration:CWE-134.