Search code examples
cvalidationformatprintf

How to validate user-supplied printf format string against parameter list?


I have a list of numbers and want to give my users the option to enter a printf-style format string to specify how the numbers should be output.

How can I validate the user-supplied format string against my parameter list? Malformed input should not crash the program, and I want to avoid any format string attacks.

I do not care if the validation handles just the format options specified in POSIX or the compiler specific superset. Is there any library call to do this, or will I have to write it myself?

Clarification: What I need is something like this:

float var1, var2, var3, var4;
// var1 .. var2 are given by the program
const char * userSupplied = getFormatStringFromUser();

if( isValidFormat( userSupplied, "float", "float", "float", "float" ) )
    printf( userSupplied, var1, var2, var3, var4 );
else
    printf( "The format you gave was invalid!\n" );

In this example, I know that I have four floats. I want to allow any format that only references zero to four floats.

So the following format strings should be allowed by isValidFormat():

  • "%f %g %e %.1f"
  • "Foo is %g, Bar is %g"
  • "Nothing"

While the following should be rejected:

  • "%s"
  • "Foo is %d"

Solution

  • fmtcheck (https://linux.die.net/man/3/fmtcheck , part of libbsd on Linux, or available on BSDs) does this, though the man page mentions that it does not support all extensions that printf does.

    According to https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=224143 , fmtcheck ignores unused arguments, which may or may not be what you want.