fmtcheck (3)

Leading comments

Copyright (c) 2000 The NetBSD Foundation, Inc.
All rights reserved.

This file was contributed to The NetBSD Foundation by Allen Briggs.

Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions
are met:
1. Redistributions of source code must retain the above copyright
   notice, this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright
   notice, this ...

(The comments found at the beginning of the groff file "man3/fmtcheck.3bsd".)

NAME

fmtcheck - sanitizes user-supplied printf(3)Ns-style format string

LIBRARY

Lb libbsd

SYNOPSIS

In stdio.h (See libbsd(7) for include usage.) Ft const char * Fn fmtcheck const char *fmt_suspect const char *fmt_default

DESCRIPTION

The Fn fmtcheck scans Fa fmt_suspect and Fa fmt_default to determine if Fa fmt_suspect will consume the same argument types as Fa fmt_default and to ensure that Fa fmt_suspect is a valid format string.

The printf(3) family of functions cannot verify the types of arguments that they are passed at run-time. In some cases, like catgets(3), it is useful or necessary to use a user-supplied format string with no guarantee that the format string matches the specified arguments.

The Fn fmtcheck was designed to be used in these cases, as in:

printf(fmtcheck(user_format, standard_format), arg1, arg2);

In the check, field widths, fillers, precisions, etc. are ignored (unless the field width or precision is an asterisk `*' instead of a digit string). Also, any text other than the format specifiers is completely ignored.

RETURN VALUES

If Fa fmt_suspect is a valid format and consumes the same argument types as Fa fmt_default , then the Fn fmtcheck will return Fa fmt_suspect . Otherwise, it will return Fa fmt_default .

SECURITY CONSIDERATIONS

Note that the formats may be quite different as long as they accept the same arguments. For example, Qq Li %p %o %30s %#llx %-10.*e %n is compatible with Qq Li This number %lu %d%% and string %s has %qd numbers and %.*g floats (%n) . However, Qq Li %o is not equivalent to Qq Li %lx because the first requires an integer and the second requires a long.

SEE ALSO

printf(3)

BUGS

The Fn fmtcheck function does not understand all of the conversions that printf(3) does.