|
|
|
|
|
|
by gary_0
1245 days ago
|
|
|
printf() was often used for logging in eg. web servers. If there's no way of strictly checking the size/type of what's being printed (HTTP headers, say) then there are lots of tricky ways you can use it to write arbitrary memory and pwn the server. Type-unsafeness in general also just allows for hard-to-find bugs, since only certain data at runtime will introduce undefined behavior. |
|
|