c array - warning: format not a string literal
When using printf
, the format string is better be a string literal and not a variable:
printf("%s", str_a);
Just to add something to other answers, you better do this because a (long?) time ago people wrote printf like that and hackers found a way to read from and write to the stack, more here.
For example, a simple program like this:
blackbear@blackbear-laptop:~$ cat format_vul.c#include <stdio.h>#include <stdlib.h>#include <string.h>int main(int argc, char *argv[]){ char text[1024]; static int test_var = -1; if(argc < 2) { printf("Use: %s <input>\n", argv[0]); exit(-1); } strcpy(text, argv[1]); printf("The correct way:\n"); printf("%s", text); printf("\nThe wrong way:\n"); printf(text); printf("\n[*]: test_var @ %8p = %d ( 0x%x )\n", &test_var, test_var, test_var);}blackbear@blackbear-laptop:~$ ./format_vul AAAAThe correct way:AAAAThe wrong way:AAAA[*]: test_var @ 0x804a024 = -1 ( 0xffffffff )
Can be used to change test_var's value from 0xffffff to something else, like 0xaabbccdd:
blackbear@blackbear-laptop:~$ ./format_vul $(printf "\x24\xa0\x04\x08JUNK\x25\xa0\x04\x08JUNK\x26\xa0\x04\x08JUNK\x27\xa0\x04\x08").%8x.%8x.%8x.%8x.%8x.%8x.%8x.%8x.%8x.%110x.%n%239x%n%239x%n%239x%nThe correct way:$�JUNK%�JUNK&�JUNK'�.%8x.%8x.%8x.%8x.%8x.%8x.%8x.%8x.%8x.%110x.%n%239x%n%239x%n%239x%nThe wrong way:$�JUNK%�JUNK&�JUNK'�.bfffefec. 154d7c. 155d7c. 155d7c. f0. f0.bffff4a4. 4. 4. 174. 50415243 50415243 50415243[*]: test_var @ 0x804a024 = -1430532899 ( 0xaabbccdd )
The warning is caused by the compiler wanting the first argument of printf
to be a string literal. It wants you to write this:
printf("%s\n", str_a);
This is because the first parameter of printf
is the format string. The format arguments are then passed after that.
Note: You can in fact use a variable as a format string, but you probably shouldn't do that. That's why the compiler issues a warning and not an error.