From the course: Secure Coding in C++
Join today to access over 25,500 courses taught by industry experts.
Preventing format string vulnerabilities - C++ Tutorial
From the course: Secure Coding in C++
Preventing format string vulnerabilities
- [Instructor] Here's a harmless program that reads a message from the user and prints it back to the screen. We use getline in line 12 to get the full input. And then in line 14, we call Printf passing the user's input directly as the format string. Now this is a great opportunity to show how AI can help us make our code safer and more secure. Let me right click on the body of the main function, select Copilot, and then review and comment. And there it is. It's flagging this line as vulnerable to format string attacks. It warns that if the user enters something like %X or %s, the program could behave unpredictably or even expose internal data. Let's run it and see. I will enter %X X three times. Yep, we get hexadecimal values printed. This is data from the stack, and that's exactly the risk Copilot is warning us about. So let's follow its advice and fix the line. I can either type the suggested modification or I can simply accept this suggestion by pressing the apply button. Notice…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.