Format String vulnerability
Rohit Sehgal
Variadic functions
What are format strings?
A format string specifies and controls the representation of different variables.
For eg: %s , %d , %x etc
Postmortem of a printf function call
printf (“%d, %s”, a, b);
The number of arguments to be read off the stack are controlled by the number of format strings
The above call works as following:
It tells the printf function to treat a as an integer and print the value on the stdout, similarly read till you encounter a ‘\0’ form the address pointed to by b.
How dangerous is format string vulnerability