Never call any formatted I/O function with a format string containing user input.

If the user can control a format string, they can write to arbitrary memory locations.  The most common form of this error is in output operation.  The rarely used and often forgotten %n format specification causes the number of characters written to be written to a pointer passed on the stack.

 Non-compliant C