 
                            ...
| Tool | Version | Checker | Description | ||||||
|---|---|---|---|---|---|---|---|---|---|
| Axivion Bauhaus Suite | 
 | CertC-FIO47 | Fully implemented | ||||||
| CodeSonar | 
 | IO.INJ.FMT | Format string injection | ||||||
| Coverity | 
 | PW | Reports when the number of arguments differs from the number of required arguments according to the format string | ||||||
| GCC | 
 | Can detect violations of this recommendation when the  | |||||||
| Klocwork | 
 | SV.FMT_STR.PRINT_FORMAT_MISMATCH.BAD SV.FMT_STR.SCAN_FORMAT_MISMATCH.BAD SV.FMT_STR.SCAN_FORMAT_MISMATCH.UNDESIRED SV.FMT_STR.SCAN_IMPROP_LENGTH SV.FMT_STR.SCAN_PARAMS_WRONGNUM.FEW SV.FMT_STR.SCAN_PARAMS_WRONGNUM.MANY SV.FMT_STR.UNKWN_FORMAT | |||||||
| LDRA tool suite | 
 | 486 S | Fully implemented | ||||||
| Parasoft C/C++test | 
 | CERT_C-FIO47-a | There should be no mismatch between the '%s' and '%c' format specifiers in the format string and their corresponding arguments in the invocation of a string formatting function | ||||||
| PC-lint Plus | 
 | 492, 493, 494, 499, 557, | Fully supported | ||||||
| Polyspace Bug Finder | 
 | CERT C: Rule FIO47-C | Check for format string specifiers and arguments mismatch (rule fully covered) | ||||||
| PRQA QA-C | 
 | 0161, 0162, 0163, 0164, 0165, 0166, 0167, 0168, 0169, 0170, 0171, 0172, 0173, 0174, 0175, 0176, 0177, 0178, 0179 [U], 0180 [C99], 0184 [U], 0185 [U], 0190 [U], 0191 [U], 0192 [U], 0193 [U], 0194 [U], 0195 [U], 0196 [U], 0197 [U], 0198 [U], 0199 [U], 0200 [U], 0201 [U], 0202 [I], 0204 [U], 0206 [U] | Partially implemented | ||||||
| PVS-Studio | 
 | V510, V576 | |||||||
| TrustInSoft Analyzer | 
 | match format and arguments | Exhaustively verified (see the compliant and the non-compliant example). | ||||||
| Helix QAC | 
 | 
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
...