Next: , Up: Security enhancement options


8.1 Warning for format string

The possible security vulnerability of uncontrolled format string1 in printf() and similars can be detected and warned with GCC using the option -Wformat -Wformat-security.

Example of unsecure code: format.c

     #include <stdio.h>
     #include <string.h>
     #include <stdlib.h>
     
     int main(int argc, char** argv)
     {
       if (argc == 2)
         {
           fprintf(stderr, argv[1]);
           fprintf(stderr, "\n");
         }
       else
         {
           fprintf(stderr,"Usage: %s ARG\n", argv[0]);
           exit(1);
         }
       return 0;
     }
     

The unsecure program format.c can be compiled without obvious warnings.

     $ gcc -Wall format.c

The unsecure program format.c can be compiled with the option -Wformat -Wformat-security with warnings.

     $ gcc -Wformat -Wformat-security format.c
     format.c: In function ‘main’:
     format.c:9:7: warning: format not a string literal and no format arguments
     [-Wformat-security]

The output shows that the format.c program compiled with the option -Wformat-security warns about the possible security vulnerability of uncontrolled format string.


Footnotes

[1] http://en.wikipedia.org/wiki/Uncontrolled_format_string