Because printf
format strings are interpreted at runtime, rather than validated by the compiler, they can contain errors that result
in the wrong strings being created. This rule statically validates the correlation of printf
format strings to their arguments.
The related rule {rule:cpp:S2275} is about errors that will create undefined behavior, while this rule is about errors that produce an unexpected string.
printf("%d", 1, 2); // Noncompliant; the second argument "2" is unused printf("%0-f", 1.2); // Noncompliant; flag "0" is ignored because of "-"
printf("%d %d", 1, 2); // Compliant printf("%-f", 1.2); // Compliant
This rule will only work if the format string is provided as a string literal.