Uncontrolled format string is a type of software vulnerability, discovered around 1999, that can be used in security exploits. Previously thought harmless, format string exploits can be used to crash a program or to execute harmful code. The problem stems from the use of unchecked user input as the format string parameter in certain C functions that perform formatting, such as printf
. A malicious user may use the %s
and %x
format tokens, among others, to print data from the stack or possibly other locations in memory. One may also write arbitrary data to arbitrary locations using the %n
format token, which commands printf
and similar functions to write the number of bytes formatted to an address stored on the stack.
Read more about Uncontrolled Format String: Details, Prevention
Famous quotes containing the word string:
“The Indian remarked as before, Must have hard wood to cook moose-meat, as if that were a maxim, and proceeded to get it. My companion cooked some in California fashion, winding a long string of the meat round a stick and slowly turning it in his hand before the fire. It was very good. But the Indian, not approving of the mode, or because he was not allowed to cook it his own way, would not taste it.”
—Henry David Thoreau (18171862)