|
|
|
|
|
|
by yakubin
1248 days ago
|
|
|
In C you can use “%g” printf format string (which indicates a value of type double), and then not pass a double to it, but e.g. an int. Easy mistake to make, when changing pre-existing code. On x86 what will happen is the code will compile, but the function is going to read its argument from a floating point register instead of an integer register as it should. This: 1. Is a bug, since a completely unrelated garbage value is going to be printed. 2. Leaks the value of a register, which may be a security issue. There are still other common issues which can easily turn into vulnerabilities, leaking private process memory, when people pass untrusted strings as format strings with the intention of printing them raw. So you want a safe print to prevent trivial bugs in general, and security vulnerabilities in particular. |
|
|