Friday, June 25, 2010

Format string is not a string literal (potentially insecure)

I love compilers.

Here I am busily working away; I throw in a cheeky NSLog() to see where I've got to:

NSLog([myObject stringRepresentation]);

Hang on! A compiler warning:

Format string is not a string literal (potentially insecure)

What's this about?

A bit of Google (via this forum post) led me to a Wikipedia article on the Format string attack. It turns out that an attacker might use printf style format specifiers to do all sorts of nasty to my heap/stack.

The correct usage is this:

NSLog(@"%@", [myObject stringRepresentation]);

No more warning. We can sleep at night.

4 comments:

Daniel said...

Thanks alot, i spent literally hours on that error :)

Manu said...

As Daniel said, thank you for posting that error and the way to avoid it. You helped me too.

Greetings,
Manu.

artillery129 said...

Thank you

Ben Holmes said...

Thanks for this post. This error just started showing up in my code after yesterday's update to XCode.