Page History

...

Failing to exclude user input from format specifiers may allow an attacker to crash a vulnerable process, view the contents of the stack, view memory content, or write to an arbitrary memory location and consequently execute arbitrary code with the permissions of the vulnerable process.

Rule	Severity	Likelihood	Detectable	RepairableRemediation Cost	Priority	Level
FIO30-C	High	Likely	Yes	NoMedium	P18	L1

Automated Detection

4916, 4917, 4918

Tool

Version

Checker

Description

Astrée

Include Page

	Astrée_V
	Astrée_V

Supported via stubbing/taint analysis

Axivion Bauhaus Suite

Include Page

	Axivion Bauhaus Suite_V
	Axivion Bauhaus Suite_V

CertC-FIO30

Partially implemented

CodeSonar

Include Page

	CodeSonar_V
	CodeSonar_V

IO.INJ.FMT
MISC.FMT

Format string injection
Format string

Compass/ROSE

Coverity

Include Page

	Coverity_V
	Coverity_V

TAINTED_STRING

Implemented

Cppcheck Premium

Include Page

	Cppcheck Premium_V
	Cppcheck Premium_V

premium-cert-fio30-c

GCC

Include Page

	GCC_V
	GCC_V

Can detect violations of this rule when the -Wformat-security flag is used

Helix QAC

Include Page

	Helix QAC_V
	Helix QAC_V

DF4916, DF4917, DF4918

Klocwork

Include Page

	Klocwork_V
	Klocwork_V

SV.FMTSTR.GENERIC
SV.TAINTED.FMTSTR

LDRA tool suite

Include Page

	LDRA_V
	LDRA_V

86 D

Partially Implemented

Parasoft C/C++test

Include Page

	Parasoft_V
	Parasoft_V

CERT_C-FIO30-a
CERT_C-FIO30-b
CERT_C-FIO30-c

Avoid calling functions printf/wprintf with only one argument other than string constant
Avoid using functions fprintf/fwprintf with only two parameters, when second parameter is a variable
Never use unfiltered data from an untrusted user as the format parameter

PC-lint Plus

Include Page