safecode/test/mem_safety/format_string/format_string-009.c - llvm-archive - Git at Google

 /* f() is intended to format the printing of an integer
    with user supplied formatting information, but it is unsafe... */
 #include <stdio.h>

 void f(char *number_string, int item)
 {
   char buffer[100];
   sprintf(buffer, "%%%si\n", number_string);
   printf(buffer, item);
 }

 int main()
 {
   f("030", 1000);
   f("%%i%s", 999);
   return 0;
 }
	/* f() is intended to format the printing of an integer
	with user supplied formatting information, but it is unsafe... */
	#include <stdio.h>

	void f(char *number_string, int item)
	{
	char buffer[100];
	sprintf(buffer, "%%%si\n", number_string);
	printf(buffer, item);
	}

	int main()
	{
	f("030", 1000);
	f("%%i%s", 999);
	return 0;
	}