The possible security vulnerability of uncontrolled format
string1
in printf()
and the similar functions can be detected and warned with GCC using the
option -Wformat -Wformat-security.
Example of insecure code: format.c
#include <stdio.h> #include <string.h> #include <stdlib.h> int main(int argc, char** argv) { if (argc == 2) { fprintf(stderr, argv[1]); fprintf(stderr, "\n"); } else { fprintf(stderr,"Usage: %s ARG\n", argv[0]); exit(1); } return 0; }
The insecure program format.c can be compiled without obvious warnings.
$ gcc -Wall format.c
The insecure program format.c can be compiled with the option -Wformat -Wformat-security with warnings.
$ gcc -Wformat -Wformat-security format.c format.c: In function ‘main’: format.c:9:7: warning: format not a string literal and no format arguments [-Wformat-security]
The output shows that the format.c program compiled with the option -Wformat-security warns about the possible security vulnerability of uncontrolled format string.