c - Why is printf with a single argument (without conversion specifiers) deprecated?

Question

Welcome To Ask or Share your Answers For Others

c - Why is printf with a single argument (without conversion specifiers) deprecated?

asked Oct 17, 2021 in Technique[技术] by 深蓝 (71.8m points)

c - Why is printf with a single argument (without conversion specifiers) deprecated?

In a book that I'm reading, it's written that printf with a single argument (without conversion specifiers) is deprecated. It recommends to substitute

printf("Hello World!");

with

puts("Hello World!");

or

printf("%s", "Hello World!");

Can someone tell me why printf("Hello World!"); is wrong? It is written in the book that it contains vulnerabilities. What are these vulnerabilities?

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙；凝视深渊过久,深渊将回以凝视…

1 Answer

深蓝 · Answer 1 · 2021-10-17T00:05:53+0000

printf("Hello World!"); is IMHO not vulnerable but consider this:

const char *str;
...
printf(str);

If str happens to point to a string containing %s format specifiers, your program will exhibit undefined behaviour (mostly a crash), whereas puts(str) will just display the string as is.

Example:

printf("%s");   //undefined behaviour (mostly crash)
puts("%s");     // displays "%s
"

Categories

c - Why is printf with a single argument (without conversion specifiers) deprecated?

c - Why is printf with a single argument (without conversion specifiers) deprecated?

Please log in or register to add a comment.

Please log in or register to answer this question.

1 Answer

Please log in or register to add a comment.

Just Browsing Browsing

Most popular tags