View Help Online

Start here

Home
About Klocwork
What's new
Fixed issues
Release notes
Installation

Reference

C/C++ checkers
Java checkers
C# checkers
MISRA C 2004 checkers
MISRA C++ 2008 checkers
MISRA C 2012 checkers
MISRA C 2012 checkers with Amendment 1
Commands
Metrics
Troubleshooting
Reference

Product components

C/C++ Integration build analysis
Java Integration build analysis
Desktop analysis
Refactoring
Klocwork Static Code Analysis
Klocwork Code Review
Structure101
Tuning
Custom checkers

Coding environments

Visual Studio
Eclipse for C/C++
Eclipse for Java
IntelliJ IDEA
Other

Administration

Project configuration
Build configuration
Administration
Analysis performance
Server performance
Security/permissions
Licensing
Klocwork Static Code Analysis Web API
Klocwork Code Review Web API

Community

View help online
Visit RogueWave.com
Klocwork Support
Rogue Wave Videos

Legal

Legal information

SV.FMT_STR.PRINT_FORMAT_MISMATCH.BAD

Mismatched specification and parameter

Print function parameters can occupy stack memory blocks that consist of whole numbers of machine words. If a print function parameter occupies an amount of stack memory different from that expected from the corresponding format-string specification, a vulnerability can result. The SV.FMT_STR.PRINT_FORMAT_MISMATCH.BAD checker flags code in which the size of the memory block for the print parameter and the corresponding format-string specification don't match.

Vulnerability and risk

A mismatched parameter and format-string specification can cause memory access violation and may lead to undesired program execution results. Undefined behavior and abnormal program termination are possible.

Vulnerable code example


1   # include <string>
2   # include <stdio.h>

3   void print_string(double weight, std::string str) {
4     printf("String of weight %d:", weight);   // defect
5     printf(" %s\n", str);                     // defect
6   }

Klocwork flags line 4 because the %d specification doesn't match the parameter of type double. Different amounts of memory are required for type int, which is expected for the %d specification, and type double, which is actually provided. On most 32-bit systems, type int needs one machine word and type double needs two. A memory access violation may occur when one machine word is read from the stack instead of the two words actually occupied by the parameter.

Line 5 is flagged because there is no call to the std::string::c_str() method. A null-terminated string is expected for the %s specification, but an object is actually provided instead. A memory access violation can be caused when an attempt is made to read the memory bytes occupied by the object and any successive bytes until a null character is met.

Fixed code example


1   # include <string>
2   # include <stdio.h>

3   void print_string(double weight, std::string str) {
4     printf("String of weight %f:", weight);   
5     printf(" %s\n", str.c_str());            
6   }

In line 4 of the fixed code, the correct format specifier, %f, is used for printing a floating point value. In line 5, the call to std::string::c_str() method is added (it is often omitted by mistake).

Related checkers

External guidance

Parent topic: Print functions format
Next topic: SV.FMT_STR.PRINT_FORMAT_MISMATCH.UNDESIRED

© Rogue Wave Software, Inc. All rights reserved. | Contact