Prevention
Many compilers can statically check format strings and produce warnings for dangerous or suspect formats.
In the GNU Compiler Collection, the relevant compiler flags are, -Wall,-Wformat, -Wno-format-extra-args, -Wformat-security, -Wformat-nonliteral, and -Wformat=2.
This is only useful for detecting bad format strings that are known at compile-time. If the format string may come from the user or from a source external to the application, the application must validate the format string before using it. Care must also be taken if the application generates or selects format strings on the fly.
Read more about this topic: Uncontrolled Format String
Famous quotes containing the word prevention:
“... if this world were anything near what it should be there would be no more need of a Book Week than there would be a of a Society for the Prevention of Cruelty to Children.”
—Dorothy Parker (1893–1967)