Friday, June 25, 2010

Format string is not a string literal (potentially insecure)

I love compilers.

Here I am busily working away; I throw in a cheeky NSLog() to see where I've got to:

NSLog([myObject stringRepresentation]);

Hang on! A compiler warning:

Format string is not a string literal (potentially insecure)

What's this about?

A bit of Google (via this forum post) led me to a Wikipedia article on the Format string attack. It turns out that an attacker might use printf style format specifiers to do all sorts of nasty to my heap/stack.

The correct usage is this:

NSLog(@"%@", [myObject stringRepresentation]);

No more warning. We can sleep at night.