Examples of errors detected by the V618 diagnostic
V618. Dangerous call of 'Foo' function. The passed line may contain format specification. Example of safe code: printf("%s", str);
TortoiseSVN
V618 It's dangerous to call the 'printf' function in such a manner, as the line being passed could contain format specification. The example of the safe code: printf("%s", str); pofile.cpp 158
BOOL CPOFile::ParseFile(....)
{
....
printf(File.getloc().name().c_str());
....
}
"file%s%i%s.txt" - The file name that will ruin everything.
Source Engine SDK
V618 It's dangerous to call the 'fprintf' function in such a manner, as the line being passed could contain format specification. The example of the safe code: printf("%s", str); Vice vice.cpp 52
static void Exit(const char *msg)
{
fprintf( stderr, msg );
Pause();
exit( -1 );
}
Similar errors can be found in some other places:
- V618 It's dangerous to call the 'printf' function in such a manner, as the line being passed could contain format specification. The example of the safe code: printf("%s", str); Captioncompiler captioncompiler.cpp 94
- V618 It's dangerous to call the 'printf' function in such a manner, as the line being passed could contain format specification. The example of the safe code: printf("%s", str); Vtf2tga vtf2tga.cpp 40
CryEngine 3 SDK
V618 It's dangerous to call the 'sprintf_s' function in such a manner, as the line being passed could contain format specification. The example of the safe code: printf("%s", str); gamephysicssettings.cpp 174
void CGamePhysicsSettings::Debug(....) const
{
....
sprintf_s(buf, bufLen, pEntity->GetName());
....
}
WinSCP
V618 It's dangerous to call the 'fprintf' function in such a manner, as the line being passed could contain format specification. The example of the safe code: printf("%s", str); asyncsslsocketlayer.cpp 2247
bool CAsyncSslSocketLayer::CreateSslCertificate(....)
{
....
char buffer[1001];
int len;
while ((len = pBIO_read(bio, buffer, 1000)) > 0)
{
buffer[len] = 0;
fprintf(file, buffer);
}
....
}
Miranda NG
V618 It's dangerous to call the 'fprintf' function in such a manner, as the line being passed could contain format specification. The example of the safe code: printf("%s", str); NewXstatusNotify utils.cpp 92
void LogToFile(TCHAR *stzText)
{
FILE *fp = _tfopen(opt.LogFilePath, _T("a+b, ccs=UTF-8"));
if (fp) {
char *encodedText = mir_utf8encodeT(stzText);
if (encodedText) {
fprintf(fp, encodedText);
mir_free(encodedText);
}
fclose(fp);
}
}
LibreOffice
V618 It's dangerous to call the 'fprintf' function in such a manner, as the line being passed could contain format specification. The example of the safe code: printf("%s", str); unoapploader.c 405
void writeError( const char* errstr )
{
FILE* ferr = getErrorFile( 1 );
if ( ferr != NULL )
{
fprintf( ferr, errstr );
fflush( ferr );
}
}
Similar errors can be found in some other places:
- V618 It's dangerous to call the 'printf' function in such a manner, as the line being passed could contain format specification. The example of the safe code: printf("%s", str); climaker_app.cxx 261
- V618 It's dangerous to call the 'printf' function in such a manner, as the line being passed could contain format specification. The example of the safe code: printf("%s", str); climaker_app.cxx 313
Apple II emulator
V618 It's dangerous to call the 'sprintf' function in such a manner, as the line being passed could contain format specification. The example of the safe code: printf("%s", str); debug.cpp 733
Update_t CmdProfile (int nArgs)
{
....
sprintf( g_aArgs[ 1 ].sArg,
g_aParameters[ PARAM_RESET ].m_sName );
....
}
Similar errors can be found in some other places:
- V618 It's dangerous to call the 'wsprintfA' function in such a manner, as the line being passed could contain format specification. The example of the safe code: printf("%s", str); debugger_help.cpp 129
- V618 It's dangerous to call the 'wsprintfA' function in such a manner, as the line being passed could contain format specification. The example of the safe code: printf("%s", str); debugger_help.cpp 672
- V618 It's dangerous to call the 'wsprintfA' function in such a manner, as the line being passed could contain format specification. The example of the safe code: printf("%s", str); debugger_help.cpp 675
- And 17 additional diagnostic messages.
Tizen
V618 It's dangerous to call the 'snprintf' function in such a manner, as the line being passed could contain format specification. The example of the safe code: printf("%s", str); ise-stt-mode.cpp 802
void ise_show_stt_mode(Evas_Object *win)
{
....
snprintf(buf, BUF_LEN, gettext("IDS_ST_SK_CANCEL"));
....
}
Similar errors can be found in some other places:
- V618 It's dangerous to call the 'snprintf' function in such a manner, as the line being passed could contain format specification. The example of the safe code: printf("%s", str); app_tracker.c 459
- V618 It's dangerous to call the 'snprintf' function in such a manner, as the line being passed could contain format specification. The example of the safe code: printf("%s", str); screen_reader_system.c 443
- V618 It's dangerous to call the 'snprintf' function in such a manner, as the line being passed could contain format specification. The example of the safe code: printf("%s", str); screen_reader_system.c 447
- And 2 additional diagnostic messages.