Format string specifiers and arguments mismatch

Format specifiers in printf-like functions do not match corresponding arguments

expand all in page

Description

This defect occurs when the format specifiers in the formatted output functions such as printf do not match their corresponding arguments. For example, an argument of type unsigned long must have a format specification of %lu.

Risk

Mismatch between format specifiers and the corresponding arguments result in undefined behavior.

Fix

Make sure that the format specifiers match the corresponding arguments. For instance, in this example, the %d specifier does not match the string argument message and the %s specifier does not match the integer argument err_number.

  const char *message = "License not available";
  int err_number = ;-4
  printf("Error: %d (error type %s)\n", message, err_number);
Switching the two format specifiers fixes the issue. See the specifications for the printf function for more information about format specifiers.

In cases where integer promotion modifies the perceived data type of an argument, the analysis result shows both the original type and the type after promotion. The format specifier has to match the type after integer promotion.

If you do not want to fix the issue, add comments to your result or code to avoid another review. See Address Results in Polyspace Access Through Bug Fixes or Justifications.

Examples

expand all

#include <stdio.h>

void string_format(void) {

    unsigned long fst = 1;

    printf("%d\n", fst);
}

In the printf statement, the format specifier, %d, does not match the data type of fst.

Correction — Use an Unsigned Long Format Specifier

One possible correction is to use the %lu format specifier. This specifier matches the unsigned integer type and long size of fst.

#include <stdio.h>

void string_format(void) {

    unsigned long fst = 1;

    printf("%lu\n", fst);
}
Correction — Use an Integer Argument

One possible correction is to change the argument to match the format specifier. Convert fst to an integer to match the format specifier and print the value 1.

#include <stdio.h>

void string_format(void) {

    unsigned long fst = 1;

    printf("%d\n", (int)fst);
}

Result Information

Group: Programming
Language: C | C++
Default: On
Command-Line Syntax: STRING_FORMAT
Impact: Low
CWE ID: 683, 685, 686

See Also

Topics

External Websites

Introduced in R2013b

Polyspace Bug Finder Access Documentation

Support