Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
greiskul
3 months ago
|
parent
|
context
|
favorite
| on:
Lesser known tricks, quirks and features of C
I'm curious about this, didn't know about %n before. What are the common pitfalls and exploits using this enables?
mananaysiempre
3 months ago
|
next
[–]
You would expect a printf call with a user-controlled format string to be, at worst, an arbitrary read. Thanks to %n, it can be a write as well.
lights0123
3 months ago
|
prev
[–]
If the user can control the formatting string, they can write to pointers stored on the stack. It's important to use printf("%s", str) instead of printf(str).
rep_lodsb
3 months ago
|
parent
[–]
Useless use of printf; what's wrong with "puts(str)"?
shawn_w
3 months ago
|
root
|
parent
[–]
puts() adds a newline at the end. gcc will happily turn printf("%s\n", str) into puts(str), though.
I've never tested to see if printf("%s", str) becomes the equivalent fputs(str, stdout)
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search:
