printf, fprintf, sprintf, snprintf, asprintf, dprintf
vprintf, vfprintf, vsprintf, vsnprintf, vasprintf, vdprintf
Formatted output conversion
#include <stdio.h> int printf(const char * restrict format, …); int fprintf(FILE * restrict stream, const char * restrict format, …); int sprintf(char * restrict str, const char * restrict format, …); int snprintf(char * restrict str, size_t size, const char * restrict format, …); int asprintf(char **ret, const char *format, …); int dprintf(int fd, const char * restrict format, …); #include <stdarg.h> int vprintf(const char * restrict format, va_list ap); int vfprintf(FILE * restrict stream, const char * restrict format, va_list ap); int vsprintf(char * restrict str, const char * restrict format, va_list ap); int vsnprintf(char * restrict str, size_t size, const char * restrict format, va_list ap); int vasprintf(char **ret, const char *format, va_list ap); int vdprintf(int fd, const char * restrict format, va_list ap);The family of functions produces output according to a format.
printf |
Extended locale versions of these functions are documented in printf_l†. See locale
These functions write the output under the control of a format string that specifies how the arguments (or arguments accessed via the variable-length argument facilities of stdarg(3)) are converted for output.
They return:
asprintf
and vasprintf
set *ret
to be a pointer to a buffer sufficiently large to hold the formatted
string. This pointer should be passed to free
to release the allocated storage when it is no longer needed.
If sufficient space cannot be allocated, asprintf() and vasprintf() will return -1 and set ret to be a NULL pointer.
snprintf
and vsnprintf
limit the length of the output to no more than n
-1
and return value is greater than or equal to n
if string
is too small.
sprintf
and vsprintf
effectively assume an unlimited n. (bad avoid)
For functions that output to string, that string and the format strings should not overlap.
%
fetching arguments. %
An optional field, consisting of a decimal digit string followed by a $, specifying the next argument to access. If this field is not provided, the argument following the last argument accessed will be used. Arguments are numbered starting at 1. If unaccessed arguments in the format string are interspersed with ones that are accessed the results will be indeterminate. | ||||||||||||||||||||||||||||||||||||||||||||
Zero or more of the following flags:
| ||||||||||||||||||||||||||||||||||||||||||||
optional separator character ( , | ; | : | _ ) used for separating multiple values when printing an AltiVec or
SSE vector, or other multi-value unit.
an extension Behaviour of these values for | ||||||||||||||||||||||||||||||||||||||||||||
optional decimal digit string specifying a minimum field width. If the converted value has fewer characters than the field width, it will be padded with spaces on the left (or right, if the left-adjustment flag has been given) to fill out the field width. | ||||||||||||||||||||||||||||||||||||||||||||
optional precision, in the form of a period . followed by an optional digit string. If the digit string is omitted, the precision is taken as zero. This gives the minimum number of digits to appear for d, i, o, u, x, and X conversions, the number of digits to appear after the decimal-point for a, A, e, E, f, and F conversions, the maximum number of significant digits for g and G conversions, or the maximum number of characters to be printed from a string for s conversions. | ||||||||||||||||||||||||||||||||||||||||||||
optional length modifier, that specifies the size of the argument. The following length modifiers are valid for the d, i, n, o, u, x, or X conversion:
t modifier, when applied to a o, u, x, or X conversion, indicates that the argument is of an unsigned type
equivalent in size to a ptrdiff_t. The z modifier, when applied to a d or i conversion, indicates that the argument
is of a signed type equivalent in size to a size_t. Similarly, when applied to an n conversion, it indicates that
the argument is a pointer to a signed type equivalent in size to a size_t.
The following length modifier is valid for the a, A, e, E, f, F, g, or G conversion:
As a further extension, for SSE2 64-bit units: vll, llv Treat the argument as a vector of 2 64-bit units. | ||||||||||||||||||||||||||||||||||||||||||||
A character that specifies the type of conversion to be applied.
A field width or precision, or both, may be indicated by an asterisk `*' or an asterisk followed by one or more decimal
digits and a `$' instead of a digit string. In this case, an int argument supplies the field width or precision. The conversion specifiers are:
In no case does a non-existent or small field width cause truncation of a numeric field; if the result of a conversion is wider than the field width, the field is expanded to contain the conversion result. |
#includeTo print pi to five decimal places:fprintf(stdout, "%s, %s %d, %.2d:%.2d\n", weekday, month, day, hour, min);
#includeTo allocate a 128 byte string and print into it:#include fprintf(stdout, "pi = %.5f\n", 4 * atan(1.0));
#include#include #include char *newfmt(const char *fmt, ...) { char *p; va_list ap; if ((p = malloc(128)) == NULL) return (NULL); va_start(ap, fmt); (void) vsnprintf(p, 128, fmt, ap); va_end(ap); return (p); }
void foo(const char *arbitrary_string, const char *and_another) { char onstack[8]; #ifdef BAD /* * This first sprintf is bad behavior. Do not use sprintf! */ sprintf(onstack, "%s, %s", arbitrary_string, and_another); #else /* * The following two lines demonstrate better use of * snprintf(). */ snprintf(onstack, sizeof(onstack), "%s, %s", arbitrary_string, and_another); #endif }The printf() and sprintf() family of functions are also easily misused in a manner allowing malicious users to arbitrarily change a running program's functionality by either causing the program to print potentially sensitive data ``left on the stack'', or causing it to generate a memory fault or bus error by dereferencing an invalid pointer.
%n
can be used to write arbitrary data to potentially carefully-selected addresses. Programmers are therefore strongly
advised to never pass untrusted strings as the format argument, as an attacker can put format specifiers in the string to
mangle your stack, leading to a possible security hole. This holds true even if the string was built using a function
like snprintf(), as the resulting string may still contain user-supplied conversion specifiers for later interpolation by
printf().
Always use the proper secure idiom:
snprintf(buffer, sizeof(buffer), "%s", string);