printf("%d", 1, 2); // Noncompliant; the second argument "2" is unused
printf("%0-f", 1.2); // Noncompliant; flag "0" is ignored because of "-"
Because printf
format strings are interpreted at runtime, rather than validated by the compiler, they can contain errors that result in the wrong strings being created. This rule statically validates the correlation of printf
format strings to their arguments.
The related rule S2275 is about errors that will create undefined behavior, while this rule is about errors that produce an unexpected string.
printf("%d", 1, 2); // Noncompliant; the second argument "2" is unused
printf("%0-f", 1.2); // Noncompliant; flag "0" is ignored because of "-"
printf("%d %d", 1, 2); // Compliant
printf("%-f", 1.2); // Compliant
This rule will only work if the format string is provided as a string literal.
CERT, FIO47-C. - Use valid format strings
(visible only on this page)
XXXX
(visible only on this page)
\[~ann.campbell.2] Removed the performance label, as the performance impact is insignificant.
I’ve updated SQALE characteristic to match [~tamas.vajk]