Description
This example of printing usage information with formatted output shows a flaw that can be exploited to run arbitrary code. By controlling the content of the format string a user can, in effect, cotrol execution of the formatted output function.
From "Secure Coding in C and C++" by Robert C. Seacord.
Page 204, Figure 6-1
Flaws
Have any comments on this test case? Please, send us an email.