Never call any formatted I/O function with a format string containing user input.
If the user can control An attacker who can fully or partially control the contents of a format string, they can can exploit to crash the program, view the contents of the stack, view memory content, or write to an arbitrary memory locations. The most common form of this error is in output operation. The rarely used and often forgotten %n format specification causes the number of characters written to be written to a pointer passed on the stacklocation and consequently execute arbitrary code with the permissions of the vulnerable process.
| Wiki Markup |
|---|
Formatted output functions are particularly dangerous because many programmers are unaware of their capabilities (for example, they can write an integer value to a specified address using the {{%n}} conversion specifier) \[[Seacord 05|AA. C References#Seacord 05]\]. |
Non-Compliant Code Example 1
...