Примеры ошибок, обнаруженных с помощью диагностики V618

V618. Dangerous call of 'Foo' function. The passed line may contain format specification. Example of safe code: printf("%s", str);

TortoiseSVN

V618 It's dangerous to call the 'printf' function in such a manner, as the line being passed could contain format specification. The example of the safe code: printf("%s", str); pofile.cpp 158

BOOL CPOFile::ParseFile(....)
{
  ....
  printf(File.getloc().name().c_str());
  ....
}

"file%s%i%s.txt" - The file name that will ruin everything.

Source Engine SDK

V618 It's dangerous to call the 'fprintf' function in such a manner, as the line being passed could contain format specification. The example of the safe code: printf("%s", str); Vice vice.cpp 52

static void Exit(const char *msg)
{
  fprintf( stderr, msg );
  Pause();
  exit( -1 );
}

Similar errors can be found in some other places:

• V618 It's dangerous to call the 'printf' function in such a manner, as the line being passed could contain format specification. The example of the safe code: printf("%s", str); Captioncompiler captioncompiler.cpp 94
• V618 It's dangerous to call the 'printf' function in such a manner, as the line being passed could contain format specification. The example of the safe code: printf("%s", str); Vtf2tga vtf2tga.cpp 40

CryEngine 3 SDK

V618 It's dangerous to call the 'sprintf_s' function in such a manner, as the line being passed could contain format specification. The example of the safe code: printf("%s", str); gamephysicssettings.cpp 174

void CGamePhysicsSettings::Debug(....) const
{
  ....
  sprintf_s(buf, bufLen, pEntity->GetName());
  ....
}

WinSCP

V618 It's dangerous to call the 'fprintf' function in such a manner, as the line being passed could contain format specification. The example of the safe code: printf("%s", str); asyncsslsocketlayer.cpp 2247

bool CAsyncSslSocketLayer::CreateSslCertificate(....)
{
  ....
  char buffer[1001];
  int len;
  while ((len = pBIO_read(bio, buffer, 1000)) > 0)
  {
    buffer[len] = 0;
    fprintf(file, buffer);
  }
  ....
}

Miranda NG

V618 It's dangerous to call the 'fprintf' function in such a manner, as the line being passed could contain format specification. The example of the safe code: printf("%s", str); NewXstatusNotify utils.cpp 92

void LogToFile(TCHAR *stzText)
{
  FILE *fp = _tfopen(opt.LogFilePath, _T("a+b, ccs=UTF-8"));
  if (fp) {
    char *encodedText = mir_utf8encodeT(stzText);
    if (encodedText) {
      fprintf(fp, encodedText);
      mir_free(encodedText);
    }
    fclose(fp);
  }
}

LibreOffice

V618 It's dangerous to call the 'fprintf' function in such a manner, as the line being passed could contain format specification. The example of the safe code: printf("%s", str); unoapploader.c 405

void writeError( const char* errstr )
{
  FILE* ferr = getErrorFile( 1 );
  if ( ferr != NULL )
  {
    fprintf( ferr, errstr );
    fflush( ferr );
  }
}

Similar errors can be found in some other places:

• V618 It's dangerous to call the 'printf' function in such a manner, as the line being passed could contain format specification. The example of the safe code: printf("%s", str); climaker_app.cxx 261
• V618 It's dangerous to call the 'printf' function in such a manner, as the line being passed could contain format specification. The example of the safe code: printf("%s", str); climaker_app.cxx 313

Apple II emulator

V618 It's dangerous to call the 'sprintf' function in such a manner, as the line being passed could contain format specification. The example of the safe code: printf("%s", str); debug.cpp 733

Update_t CmdProfile (int nArgs)
{
  ....
  sprintf( g_aArgs[ 1 ].sArg,
           g_aParameters[ PARAM_RESET ].m_sName );
  ....
}

Similar errors can be found in some other places:

• V618 It's dangerous to call the 'wsprintfA' function in such a manner, as the line being passed could contain format specification. The example of the safe code: printf("%s", str); debugger_help.cpp 129
• V618 It's dangerous to call the 'wsprintfA' function in such a manner, as the line being passed could contain format specification. The example of the safe code: printf("%s", str); debugger_help.cpp 672
• V618 It's dangerous to call the 'wsprintfA' function in such a manner, as the line being passed could contain format specification. The example of the safe code: printf("%s", str); debugger_help.cpp 675
• And 17 additional diagnostic messages.

Tizen

V618 It's dangerous to call the 'snprintf' function in such a manner, as the line being passed could contain format specification. The example of the safe code: printf("%s", str); ise-stt-mode.cpp 802

void ise_show_stt_mode(Evas_Object *win)
{
  ....
  snprintf(buf, BUF_LEN, gettext("IDS_ST_SK_CANCEL"));
  ....
}

Similar errors can be found in some other places:

• V618 It's dangerous to call the 'snprintf' function in such a manner, as the line being passed could contain format specification. The example of the safe code: printf("%s", str); app_tracker.c 459
• V618 It's dangerous to call the 'snprintf' function in such a manner, as the line being passed could contain format specification. The example of the safe code: printf("%s", str); screen_reader_system.c 443
• V618 It's dangerous to call the 'snprintf' function in such a manner, as the line being passed could contain format specification. The example of the safe code: printf("%s", str); screen_reader_system.c 447
• And 2 additional diagnostic messages.