SV.FMT_STR.PRINT_FORMAT_MISMATCH.UNDESIRED

Unexpected specification and parameter match

The SV.FMT_STR.PRINT_FORMAT_MISMATCH.UNDESIRED checker flags code in which a print function parameter and the corresponding format-string specification don't match. In these cases, the stack memory block occupied by this parameter matches that expected from the corresponding format-string specification.

Vulnerability and risk

Because the memory block size matches the size expected from the specification, there isn't a chance of memory corruption, but this situation may cause unexpected output. One can also face problems when porting his code to a different platform. In this case those sizes may become different.

Vulnerable code example

Copy
 void foo(FILE* f, char* pc, int i, char c, long l, struct SomeStruct ss) {
     fprintf(f, "%s", pc);
     fprintf(f, "%d", pc);// fprintf format mismatch: unexpected parameter type
     fprintf(f, "%10d", i);
     fprintf(f, "%hx", i);
     fprintf(f, "%c", l); // fprintf format mismatch: unexpected parameter type
     fprintf(f, "%p", i); // fprintf format mismatch: unexpected parameter type
 }

Klocwork flags errors at lines 3, 6, and 7 to indicate mismatches between the format-string specification and the parameter. The format specification shows that in line 3, an integer is expected, in line 6, a character is expected, and in line 7, a pointer address is expected, and none of the parameters in these lines matches the expectation. However, because there is no memory mismatch, the error is considered UNDESIRED rather than BAD. In contrast, lines 2, 4, and 5 show matched examples of specification and parameter.

Fixed code example

Copy
 void foo(FILE* f, char* pc, int i, char c, long l, struct SomeStruct ss) {
     fprintf(f, "%s", pc);
     fprintf(f, "%d", i);
     fprintf(f, "%10d", i);
     fprintf(f, "%hx", i);
     fprintf(f, "%c", c); 
     fprintf(f, "%p", pc); 
 }

In the fixed examples, each format specification and parameter correspond.