NAME
fmtcheck —
sanitizes user-supplied
printf(3)-style format string
LIBRARY
Standard C Library (libc, -lc)
SYNOPSIS
#include <stdio.h>
const char *
fmtcheck(
const
char *fmt_suspect,
const
char *fmt_default);
DESCRIPTION
The
fmtcheck function scans
fmt_suspect
and
fmt_default to determine if
fmt_suspect will consume the same argument types as
fmt_default and to ensure that
fmt_suspect is a valid format string.
The
printf(3) family of functions
can not verify the types of arguments that they are passed at run-time. In
some cases, like
catgets(3), it
is useful or necessary to use a user-supplied format string with no guarantee
that the format string matches the specified parameters.
The
fmtcheck function was designed to be used in these cases,
as in:
printf(fmtcheck(user_format, standard_format), arg1, arg2);
In the check, field widths, fillers, precisions, etc. are ignored (unless the
field width or precision is an asterisk
‘
*
’ instead of a digit string). Also, any
text other than the format specifiers is completely ignored.
Note that the formats may be quite different as long as they accept the same
parameters. For example, "%ld %o %30s %#llx %-10.*e %n" is
compatible with "This number %lu %d%% and string %s has %qd numbers and
%.*g floats (%n)." However, "%o" is not equivalent to
"%lx" because the first requires an integer and the second requires
a long, and "%p" is not equivalent to "%lu" because the
first requires a pointer and the second requires a long.
RETURN VALUES
If
fmt_suspect is a valid format and consumes the same
argument types as
fmt_default, then the
fmtcheck function will return
fmt_suspect. Otherwise, it will return
fmt_default.
SEE ALSO
printf(3)