Open main menu
Home
Random
Recent changes
Special pages
Community portal
Preferences
About Wikipedia
Disclaimers
Incubator escapee wiki
Search
User menu
Talk
Dark mode
Contributions
Create account
Log in
Editing
Printf
(section)
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
==Vulnerabilities== === Format string attack === Extra value arguments are ignored, but if the format string has more format specifiers than value arguments passed, the behavior is undefined. For some C compilers, an extra format specifier results in consuming a value even though there isn't one which allows the [[format string attack]]. Generally, for C, arguments are [[Call stack|passed on the stack]]. If too few arguments are passed, then printf can read past the end of the stack frame, thus allowing an attacker to read the stack. Some compilers, like [[GNU Compiler Collection|the GNU Compiler Collection]], will [[static program analysis|statically check]] the format strings of printf-like functions and warn about problems (when using the flags {{kbd|-Wall}} or {{kbd|-Wformat}}). GCC will also warn about user-defined printf-style functions if the non-standard "format" {{code|__attribute__}} is applied to the function. ===Uncontrolled format string exploit=== The format string is often a [[string literal]], which allows [[static program analysis|static analysis]] of the function call. However, the format string can be the value of a [[variable (programming)|variable]], which allows for dynamic formatting but also a security vulnerability known as an [[uncontrolled format string]] exploit. ===Memory write=== Although an output function on the surface, {{code|printf}} allows writing to a memory location specified by an argument via {{code|%n|c}}. This functionality is occasionally used as a part of more elaborate format-string attacks.<ref>{{cite web| url= https://www.exploit-db.com/docs/english/28476-linux-format-string-exploitation.pdf | title= Format String Exploitation Tutorial | website= [[ExploitDB|Exploit Database]] | date= 2013-05-20 | accessdate= 2025-02-12 | first= Saif | last= El-Sherei | others= <!-- names as formatted in source; leave as written --> Contributions by Haroon meer; Sherif El Deeb; Corelancoder; Dominic Wang | publisher= [[OffSec Services Limited]] }}</ref> The {{code|%n|c}} functionality also makes {{code|printf}} accidentally [[Turing-complete]] even with a well-formed set of arguments. A game of tic-tac-toe written in the format string is a winner of the 27th [[IOCCC]].<ref>{{cite web | url= https://www.ioccc.org/2020/carlini/index.html | title= printf machine | website= [[International Obfuscated C Code Contest]] | first= Nicholas | last= Carlini | author-link = Nicholas Carlini | others= Judged by Leonid A. Broukhis and Landon Curt Noll | publisher= Landon Curt Noll | year= 2020 | accessdate= 2025-02-12 }}</ref>
Edit summary
(Briefly describe your changes)
By publishing changes, you agree to the
Terms of Use
, and you irrevocably agree to release your contribution under the
CC BY-SA 4.0 License
and the
GFDL
. You agree that a hyperlink or URL is sufficient attribution under the Creative Commons license.
Cancel
Editing help
(opens in new window)