Description

Because printf format strings are interpreted at runtime, rather than validated by the compiler, they can contain errors that result in the wrong strings being created. This rule statically validates the correlation of printf format strings to their arguments.

The related rule S2275 is about errors that will create undefined behavior, while this rule is about errors that produce an unexpected string.

Noncompliant Code Example

printf("%d", 1, 2); // Noncompliant; the second argument "2" is unused
printf("%0-f", 1.2); // Noncompliant; flag "0" is ignored because of "-"

Compliant Solution

printf("%d %d", 1, 2); // Compliant
printf("%-f", 1.2); // Compliant

Exceptions

This rule will only work if the format string is provided as a string literal.

See


Implementation Specification

(visible only on this page)

Message

XXXX


(visible only on this page)

is duplicated by: S3941

on 10 Dec 2015, 09:07:59 Tamas Vajk wrote:

\[~ann.campbell.2] Removed the performance label, as the performance impact is insignificant.

on 10 Dec 2015, 14:44:05 Ann Campbell wrote:

I’ve updated SQALE characteristic to match [~tamas.vajk]