codeql/cpp/ql/src/Security/CWE/CWE-134/UncontrolledFormatStringThroughGlobalVar.qhelp

<!DOCTYPE qhelp PUBLIC
  "-//Semmle//qhelp//EN"
  "qhelp.dtd">
<qhelp>
<overview>
<p>The program uses input from the user, propagated via a global variable, as a format string for <code>printf</code> style functions. 
This can lead to buffer overflows or data representation problems. An attacker can exploit this weakness to crash the program, 
disclose information or even execute arbitrary code.</p>

<p>This rule only identifies inputs from the user that are transferred through global variables before being used in <code>printf</code> style functions.
Analyzing the flow of data through global variables is more prone to errors and so this rule may identify some examples of code where 
the input is not really from the user. For example, when a global variable is set in two places, one that comes from the user and one that does not.
In this case we would mark all usages of the global variable as input from the user, but the input from the user may always came after the call to the
<code>printf</code> style functions.</p>

<p>The results of this rule should be considered alongside the related rule "Uncontrolled format string" which tracks the flow of the 
values input by a user, excluding global variables, until the values are used as the format argument for a <code>printf</code> like function call.</p>

</overview>
<recommendation>
<p>Use constant expressions as the format strings. If you need to print a value from the user, use <code>printf("%s", value_from_user)</code>.</p>

</recommendation>
<example>
<sample src="UncontrolledFormatStringThroughGlobalVar.c" />

</example>
<references>

<li>CERT C Coding
Standard: <a href="https://www.securecoding.cert.org/confluence/display/c/FIO30-C.+Exclude+user+input+from+format+strings">FIO30-C. Exclude
user input from format strings</a>.</li>


</references>
</qhelp>