 
                            ...
Valid and meaningful combinations are marked by the  symbol (save for the length modifier columns, as described previously). Valid combinations that have no effect are labeled N/E. Using a combination marked by the 
 symbol, using a specification not represented in the table, or using an argument of an unexpected type is undefined behavior. (See undefined behaviors 153, 155, 157, 158, 161, and 162.) 
| Conversion | 
 | 
 | 
 | 
 | 
 | 
 | 
 | 
 | 
 | 
 | 
 | 
 | Argument  | 
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 
 | 
 | 
 | 
 | 
 | 
 | 
 | 
 | Signed integer | |||||
| 
 | 
 | 
 | 
 | 
 | 
 | 
 | 
 | Unsigned integer | |||||
| 
 | 
 | 
 | 
 | 
 | 
 | 
 | 
 | Unsigned integer | |||||
| 
 | 
 | 
 | 
 | 
 | 
 | 
 | 
 | Unsigned integer | |||||
| 
 | N/E | N/E | 
 | 
 | |||||||||
| 
 | N/E | N/E | 
 | 
 | |||||||||
| 
 | N/E | N/E | 
 | 
 | |||||||||
| 
 | N/E | N/E | 
 | 
 | |||||||||
| 
 | 
 | 
 | |||||||||||
| 
 | NTWS | NTBS or NTWS | |||||||||||
| 
 | 
 | ||||||||||||
| 
 | 
 | 
 | 
 | 
 | 
 | 
 | 
 | Pointer to integer | |||||
| 
 | 
 | ||||||||||||
| 
 | NTWS | ||||||||||||
| 
 | None | 
     SPACE: The space (" ") character
     N/E: No effect
     NTBS: char* argument pointing to a null-terminated character string
     NTWS: wchar_t* argument pointing to a null-terminated wide character string
     XSI: ISO/IEC 9945-2003 XSI extension
...
Incorrectly specified format strings can result in memory corruption or abnormal program termination.
| Rule | Severity | Likelihood | Remediation Cost | Priority | Level | 
|---|---|---|---|---|---|
| FIO47-C | High | Unlikely | Medium | P6 | L2 | 
Automated Detection
| Tool | Version | Checker | Description | ||||||
|---|---|---|---|---|---|---|---|---|---|
| CodeSonar | 
 | IO.INJ.FMT | Format string injection | ||||||
| Coverity | 
 | PW | Reports when the number of arguments differs from the number of required arguments according to the format string | ||||||
| GCC | 
 | 
| Can detect violations of this recommendation when the  | ||||||||
| Klocwork | 
 | SV.FMT_STR.PRINT_FORMAT_MISMATCH.BAD SV.FMT_STR.SCAN_FORMAT_MISMATCH.BAD SV.FMT_STR.SCAN_FORMAT_MISMATCH.UNDESIRED SV.FMT_STR.SCAN_IMPROP_LENGTH SV.FMT_STR.SCAN_PARAMS_WRONGNUM.FEW SV.FMT_STR.SCAN_PARAMS_WRONGNUM.MANY SV.FMT_STR.UNKWN_FORMAT | 
| LDRA tool suite | 
 | 486 S | Fully implemented | ||||||
| Parasoft C/C++test | 
 | 
| 
 | 
| 
 | PB-45,PB-46,PB-47,PB-48,PB-49,PB-50 | Fully implemented | |||||||
| PRQA QA-C | 
 | 0161, 0162, 0163, 0164, 0165, 0166, 0167, 0168, 0169, 0170, 0171, 0172, 0173, 0174, 0175, 0176, 0177, 0178, 0179 (U), 0180 (C99), 0184 (U), 0185 (U) | Partially implemented | ||||||
| PVS-Studio | 6.22 | V510, V576 | General analysis rule set | 
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
...
Key here (explains table format and definitions)
| Taxonomy | Taxonomy item | Relationship | 
|---|---|---|
| CERT C | FIO00-CPP. Take care when creating format strings | Prior to 2018-01-12: CERT: Unspecified Relationship | 
| ISO/IEC TS 17961:2013 | Using invalid format strings [invfmtstr] | Prior to 2018-01-12: CERT: Unspecified Relationship | 
| CWE 2.11 | CWE-686, Function Call with Incorrect Argument Type | 2017-06-29: CERT: Partial overlap | 
| CWE 2.11 | CWE-685 | 2017-06-29: CERT: Partial overlap | 
CERT-CWE Mapping Notes
Key here for mapping notes
...
- Using a trusted but invalid format string
Bibliography
| [ISO/IEC 9899:2011] | Subclause 7.21.6.1, "The fprintfFunction" | 
...
...