преобразование форматированного вывода (formatted output conversion)
Ошибки (баги) (Bugs)
Because sprintf
() and vsprintf
() assume an arbitrarily long
string, callers must be careful not to overflow the actual space;
this is often impossible to assure. Note that the length of the
strings produced is locale-dependent and difficult to predict.
Use snprintf
() and vsnprintf
() instead (or asprintf(3) and
vasprintf(3)).
Code such as printf(
foo);
often indicates a bug, since foo may
contain a % character. If foo comes from untrusted user input,
it may contain %n
, causing the printf
() call to write to memory
and creating a security hole.