2 
 #include <stdio.h> void wrapperPrint(char* s) { printf(s); return; } int main() { wrapperPrint("Hello world\n"); wrapperPrint("This is a string"); return 0; }

If the program prints strings correctly (it does, tested on gcc 4.6.3) , why do we need format specifiers like %d, %s etc. Or in other words, what is the potential problem with this program.

Improve this question
4
  • 2
    try this: wrapperPrint("%s%s%s%s%s%s%s%s");. You can crash the process. you can read the process's memory footprint...` Commented Jun 20, 2012 at 4:43
  • Wow. How does that read memory footprint? +1, BTW. Commented Jun 20, 2012 at 4:49
  • 1
    @Anon: printf doesn't know how many arguments were actually passed to it (nor the type of the arguments), so it'll call va_arg for each %s in the format string and retrieve a value from the stack. It treats each value as a char* and attempts to print each one. Your code above is susceptible to format string attacks. Commented Jun 20, 2012 at 4:55
  • @AusCBloke got it. Thanks. Long time since I am using C again. Commented Jun 20, 2012 at 4:56

4 Answers 4

Reset to default
6

As-is, there's no problem at all. If, however, you pass in a string containing a percent-sign, that could cause a problem, because printf would try to treat it as the beginning of a conversion specifier, but 1) the rest of the conversion specifier probably won't be there, and 2) you won't have passed a matching argument when you call printf either, so if you do pass a proper conversion specifier, it'll try to use a nonexistent argument (giving undefined behavior).

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

4

why do we need format specifiers like %d, %s etc?

printf is not format safe. t does not understand type on its own,You have to explicitly tell printf the format(type) of your data arguments.It tells print how you want the argument to be interpreted as, If you don't it just treats it as an string(as in your example code).

Note that if there is a mis-match in the format specifier and the actual data type then what you get is Undefined Behavior.

Improve this answer

Comments

2

You should use puts(), or do printf("%s", s);

If the format string just happens to contain %s or any other format, then printf will try to read arguments that you did not pass, attempt to access random pieces of memory, and the result is not defined.

Try running your program with %s passed in and see what happens. Then try running it again under valgrind to really see the horrible thing that is happening.

Improve this answer

Comments

1

There is nothing that mandates the use of format specifier in printf. Rather, it is because you want to print string according to some format that you use printf. You may use other methods (puts) to output plain string.

For the program above, if there are format specifiers in the string, the program will print garbage, since you will still be calling printf underneath.

Improve this answer

Comments

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.