BC not validating sprintf/ printf arguments correctly

0 Likes

Problem:

The following program runs

without any warnings or errors and I don't think it should:

#include <stdio.h>

#include <string.h>

int main( /*int argc, char ** argv */)

{

  char buf[32];

  sprintf(buf,"%d %d %d %f", 666.0);   // should get "not enough arguments for this format string"

  printf("%d",3.333,24,666);               // should get "too many argumenta for this format string"

  return 0;

}

Resolution:

In order for BoundsChecker to catch this error you must use a dynamic version of the runtime library ( i.e. MSVCRT.DLL ).  If you statically link the lib ( i.e. libcmt ), BoundsChecker is unable to catch this error because we cannot hook the statically linked version of the CRT; for this we use the symbols found in your DEFAULT.DAT and ROUTINE.DAT in your BoundsChecker\Data directory.

Old KB# 12231
Comment List
Anonymous
Related Discussions
Recommended