JavaScript isn't enabled in your browser, so this file can't be opened. Enable and reload.

1 of 5

Format String vulnerability

Rohit Sehgal

2 of 5

Variadic functions

C provides a mechanism to pass variable number of arguments to a function
The prototype is:

func(. . .)

Such functions capable of handling variable number of arguments are called variadic functions
Libc library have such function which are very common.

For eg : scanf(), printf()

3 of 5

What are format strings?

A format string specifies and controls the representation of different variables.

For eg: %s , %d , %x etc

4 of 5

Postmortem of a printf function call

printf (“%d, %s”, a, b);

The number of arguments to be read off the stack are controlled by the number of format strings

The above call works as following:

It tells the printf function to treat a as an integer and print the value on the stdout, similarly read till you encounter a ‘\0’ form the address pointed to by b.

5 of 5

How dangerous is format string vulnerability

You can examine the stack

Information leakage

Make the program crash.