Skip to main content

Format String Bugs

A format string is solution to the problem of allowing a string to be output that includes variables formatted precisely as dictated by the programmer.

The data format is specified into a string using placeholders.

For example in C we have the printf function, with some placeholders:

  • %d or %i decimal
  • %u unsigned decimal
  • %o unsigned octal
  • %X or %x unsigned hex
  • %c char
  • %s string (char*), prints chars until \0

Other functions use the same mechanism: printf, fprintf, vfprintf, sprintf, vsprintf, snprintf, vsnprintf, ...

Consider the following example code:

#include <stdio.h>
int main (int argc, char* argv[]) {
	printf(argv[1]);
	return 0;
}

$ gcc -o vuln vuln.c
$ ./vuln "ciao"
ciao
Back to top