Examples of errors detected by the V618 diagnostic

V618. It's dangerous to call the 'Foo' function in such a manner, as the line being passed could contain format specification. The example of the safe code: printf("%s", str);


TortoiseSVN

V618 It's dangerous to call the 'printf' function in such a manner, as the line being passed could contain format specification. The example of the safe code: printf("%s", str); pofile.cpp 158


BOOL CPOFile::ParseFile(....)
{
  ....
  printf(File.getloc().name().c_str());
  ....
}

"file%s%i%s.txt" - The file name that will ruin everything.


Source Engine SDK

V618 It's dangerous to call the 'fprintf' function in such a manner, as the line being passed could contain format specification. The example of the safe code: printf("%s", str); Vice vice.cpp 52


static void Exit(const char *msg)
{
  fprintf( stderr, msg );
  Pause();
  exit( -1 );
}

Identical errors can be found in some other places:

  • V618 It's dangerous to call the 'printf' function in such a manner, as the line being passed could contain format specification. The example of the safe code: printf("%s", str); Captioncompiler captioncompiler.cpp 94
  • V618 It's dangerous to call the 'printf' function in such a manner, as the line being passed could contain format specification. The example of the safe code: printf("%s", str); Vtf2tga vtf2tga.cpp 40

CryEngine 3 SDK

V618 It's dangerous to call the 'sprintf_s' function in such a manner, as the line being passed could contain format specification. The example of the safe code: printf("%s", str); gamephysicssettings.cpp 174


void CGamePhysicsSettings::Debug(....) const
{
  ....
  sprintf_s(buf, bufLen, pEntity->GetName());
  ....
}

WinSCP

V618 It's dangerous to call the 'fprintf' function in such a manner, as the line being passed could contain format specification. The example of the safe code: printf("%s", str); asyncsslsocketlayer.cpp 2247


bool CAsyncSslSocketLayer::CreateSslCertificate(....)
{
  ....
  char buffer[1001];
  int len;
  while ((len = pBIO_read(bio, buffer, 1000)) > 0)
  {
    buffer[len] = 0;
    fprintf(file, buffer);
  }
  ....
}

Miranda NG

V618 It's dangerous to call the 'fprintf' function in such a manner, as the line being passed could contain format specification. The example of the safe code: printf("%s", str); NewXstatusNotify utils.cpp 92


void LogToFile(TCHAR *stzText)
{
  FILE *fp = _tfopen(opt.LogFilePath, _T("a+b, ccs=UTF-8"));
  if (fp) {
    char *encodedText = mir_utf8encodeT(stzText);
    if (encodedText) {
      fprintf(fp, encodedText);
      mir_free(encodedText);
    }
    fclose(fp);
  }
}

LibreOffice

V618 It's dangerous to call the 'fprintf' function in such a manner, as the line being passed could contain format specification. The example of the safe code: printf("%s", str); unoapploader.c 405


void writeError( const char* errstr )
{
  FILE* ferr = getErrorFile( 1 );
  if ( ferr != NULL )
  {
    fprintf( ferr, errstr );
    fflush( ferr );
  }
}

Identical errors can be found in some other places:

  • V618 It's dangerous to call the 'printf' function in such a manner, as the line being passed could contain format specification. The example of the safe code: printf("%s", str); climaker_app.cxx 261
  • V618 It's dangerous to call the 'printf' function in such a manner, as the line being passed could contain format specification. The example of the safe code: printf("%s", str); climaker_app.cxx 313

Apple II emulator

V618 It's dangerous to call the 'sprintf' function in such a manner, as the line being passed could contain format specification. The example of the safe code: printf("%s", str); debug.cpp 733


Update_t CmdProfile (int nArgs)
{
  ....
  sprintf( g_aArgs[ 1 ].sArg,
           g_aParameters[ PARAM_RESET ].m_sName );
  ....
}

Identical errors can be found in some other places:

  • V618 It's dangerous to call the 'wsprintfA' function in such a manner, as the line being passed could contain format specification. The example of the safe code: printf("%s", str); debugger_help.cpp 129
  • V618 It's dangerous to call the 'wsprintfA' function in such a manner, as the line being passed could contain format specification. The example of the safe code: printf("%s", str); debugger_help.cpp 672
  • V618 It's dangerous to call the 'wsprintfA' function in such a manner, as the line being passed could contain format specification. The example of the safe code: printf("%s", str); debugger_help.cpp 675
  • And 17 additional diagnostic messages.


Do you make errors in the code?

Check your code
with PVS-Studio

Static code analysis
for C, C++ and C#

goto PVS-Studio;