PRINTF(3) BSD Library Functions

printf,   fprintf,  sprintf,  snprintf,  asprintf,  dprintf
vprintf, vfprintf, vsprintf, vsnprintf, vasprintf, vdprintf

Formatted output conversion 

     #include <stdio.h>

     int   printf(const char * restrict format, …); 
     int  fprintf(FILE * restrict stream, const char * restrict format, …); 
     int  sprintf(char * restrict str, const char * restrict format, …); 
     int snprintf(char * restrict str, size_t size, const char * restrict format, …); 
     int asprintf(char **ret, const char *format, …); 
     int  dprintf(int fd, const char * restrict format, …);

     #include <stdarg.h> 
     int vprintf(const char * restrict format, va_list ap); 
     int vfprintf(FILE * restrict stream, const char * restrict format, va_list ap); 
     int vsprintf(char * restrict str, const char * restrict format, va_list ap); 
     int vsnprintf(char * restrict str, size_t size, const char * restrict format, va_list ap); 
     int vasprintf(char **ret, const char *format, va_list ap); 
     int vdprintf(int fd, const char * restrict format, va_list ap);
The family of functions produces output according to a format.
  printf vprintf to stdout
 fprintf vfprintf to an output stream;
 dprintf vdprintf to a file descriptor;
 sprintf
snprintf 		vsprintf
vsnprintf		to the character string s;
   With limited output length ← prefered
asprintf vasprintf to a dynamically allocated new string with malloc(3).

Extended locale versions of these functions are documented in printf_l. See locale

These functions write the output under the control of a format string that specifies how the arguments (or arguments accessed via the variable-length argument facilities of stdarg(3)) are converted for output.

They return:

  • the number of characters output (not including the final null). or
  • a negative value if an output error occurs,

    asprintf and vasprintf set *ret to be a pointer to a buffer sufficiently large to hold the formatted string. This pointer should be passed to free to release the allocated storage when it is no longer needed. If sufficient space cannot be allocated, asprintf() and vasprintf() will return -1 and set ret to be a NULL pointer.

    snprintf and vsnprintf limit the length of the output to no more than n-1 and return value is greater than or equal to n if string is too small.

    sprintf and vsprintf effectively assume an unlimited n. (bad avoid)

    For functions that output to string, that string and the format strings should not overlap.

    Format string

    Ordinary characters are copied to the output.
    Conversion specifications introduced by % fetching arguments.
    The arguments must correspond with the conversion specifier.
    After the %
    An optional field, consisting of a decimal digit string followed by a $, specifying the next argument to access.
    If this field is not provided, the argument following the last argument accessed will be used.
    Arguments are numbered starting at 1. If unaccessed arguments in the format string are interspersed with ones that are accessed the results will be indeterminate.
    Zero or more of the following flags:
    0 Zero padding on left rather than blanks for all conversions except n
    If a precision is given with a numeric conversion (d, i, o, u, i, x, and X), the 0 flag is ignored.
    - value is left adjusted on the field boundary. Except for n conversions,
    padded on the right with blanks .
    overrides a 0 if both are given.
    (space) blank should be left before a positive number produced by a signed conversion (a, A, d, e, E, f, F, g, G, or i).
    + sign is placed before a number, overrides a space if both are used.
    ' Decimal conversions (d, u, or i) or the integral portion of a floating point conversion (f or F) is grouped and separated by thousands using the non-monetary separator returned by localeconv
    # alternate form.
    o the precision of the number is increased to force the first character of the output string to a zero.
    x and X 0x is prepended for a non-zero result
    a, A, e, E, f, F, g, and G include a decimal point, even if no digits follow it (normally, a decimal point appears in the results of those conversions only if a digit follows).
    g and G trailing zeros are not removed
    c, d, i, n, p, s, and u are unaffected.
    optional separator character ( , | ; | : | _ ) used for separating multiple values when printing an AltiVec or SSE vector, or other multi-value unit.

    an extension Behaviour of these values for printf() is only defined for operating systems conforming to the AltiVec Technology Programming Interface Manual. (At time of writing this includes only Mac OS X 10.2 and later.)

    optional decimal digit string specifying a minimum field width.
    If the converted value has fewer characters than the field width, it will be padded with spaces on the left (or right, if the left-adjustment flag has been given) to fill out the field width.
    optional precision, in the form of a period . followed by an optional digit string.
    If the digit string is omitted, the precision is taken as zero. This gives the minimum number of digits to appear for d, i, o, u, x, and X conversions, the number of digits to appear after the decimal-point for a, A, e, E, f, and F conversions, the maximum number of significant digits for g and G conversions, or the maximum number of characters to be printed from a string for s conversions.
    optional length modifier, that specifies the size of the argument.
    The following length modifiers are valid for the d, i, n, o, u, x, or X conversion:
    Modifier d, i o, u, x, X n
    hh signed char unsigned char signed char *
    h short unsigned short short *
    l (ell) long unsigned long long *
    ll (ell ell) long long unsigned long long long long *
    j intmax_t uintmax_t intmax_t *
    signed integer type capable of representing any value of any signed integer type.
    may be long long or __int128
    t ptrdiff_t (see note) ptrdiff_t * result of any valid pointer subtraction
    z (see note) size_t (see note)
    q (deprecated) quad_t u_quad_t quad_t *
    The t modifier, when applied to a o, u, x, or X conversion, indicates that the argument is of an unsigned type equivalent in size to a ptrdiff_t.
    The z modifier, when applied to a d or i conversion, indicates that the argument is of a signed type equivalent in size to a size_t. Similarly, when applied to an n conversion, it indicates that the argument is a pointer to a signed type equivalent in size to a size_t.

    The following length modifier is valid for the a, A, e, E, f, F, g, or G conversion:

    Modifier a, A, e, E, f, F, g, G
    l (ell) double (ignored, same behavior as without it)
    L long double
    The following length modifier is valid for the c or s conversion:
    Modifier c s
    l (ell) wint_t wchar_t *
    The AltiVec Technology Programming Interface Manual also defines five additional length modifiers which can be used (in place of the conventional length modifiers) for the printing of AltiVec or SSE vectors:
    v Treat the argument as a vector value, unit length will be determined by the conversion specifier (default = 16 8-bit units for all integer conversions, 4 32-bit units for floating point conversions).
    vh, hv Treat the argument as a vector of 8 16-bit units.
    vl, lv Treat the argument as a vector of 4 32-bit units.
    NOTE: The vector length specifiers are extensions to the printf() specification. Behaviour of these values for printf() is only defined for operating systems conforming to the AltiVec Technology Programming Interface Manual.

    As a further extension, for SSE2 64-bit units: vll, llv Treat the argument as a vector of 2 64-bit units.

    A character that specifies the type of conversion to be applied.

    A field width or precision, or both, may be indicated by an asterisk `*' or an asterisk followed by one or more decimal digits and a `$' instead of a digit string. In this case, an int argument supplies the field width or precision.
    A negative field width is treated as a left adjustment flag followed by a positive field width; a negative precision is treated as though it were missing.
    If a single format directive mixes positional (nn$) and non-positional arguments, the results are undefined.

    The conversion specifiers are:

    diu
    xX
    o     		The int (or appropriate variant) argument is converted to signed decimal (d and i), unsigned decimal (u), or unsigned hexadecimal (x and X) notation
    octal (o),
    abcdef are used for x; ABCDEF for X .
    The precision, if any, gives the minimum number of digits that must appear;
    if the converted value requires fewer digits, it is padded on the left with zeros.
    DOU The long int argument is converted to signed decimal, unsigned octal, or unsigned decimal.
    ld, lo, or lu conversion characters are deprecated
    eE The double argument is rounded and converted in the style [-]d.ddde+-dd where there is one digit before the decimal-point character and the number of digits after it is equal to the precision;
    Precision default is 6; If the precision is zero, no decimal-point character appears.
    An E conversion uses the letter E (rather than e) to introduce the exponent.
    The exponent always contains at least two digits; if the value is zero, the exponent is 00.

    Special values as inf and -inf and NaN with a e f g and
    INF and -INF and NAN when using A E F G .

    fF The double argument is rounded and converted to decimal notation in the style [-]ddd.ddd
    Where the number of digits after the decimal-point character is equal to the precision specification.
    If the precision is missing, it is taken as 6;
    if the precision is explicitly zero, no decimal-point character appears.
    If a decimal point appears, at least one digit appears before it.
    gG The double argument is converted in style f or e (or F or E for G ).
    Style e is used if the exponent from its conversion is less than -4 or greater than or equal to the precision.
    The precision specifies the number of significant digits.
    If the precision is missing, 6 digits are given;
    if the precision is zero, it is treated as 1.
    Trailing zeros are removed from the fractional part of the result
    a decimal point appears only if it is followed by at least one digit.
    aA The double argument is rounded and converted to hexadecimal notation in the style [-]0xh.hhhp[+-]d
    Where the number of digits after the hexadecimal-point character is equal to the precision specification.
    If the precision is missing, it is taken as enough to represent the floating-point number exactly, and no rounding occurs.
    If the precision is zero, no hexadecimal-point character appears.
    The p is a literal character p, and the exponent consists of a positive or negative sign followed by a decimal number representing an exponent of 2.
    The A conversion uses the prefix 0X (rather than 0x), the letters ABCDEF (rather than abcdef) to represent the hex digits, and the letter P (rather than p) to separate the mantissa and exponent.
    There may be multiple valid ways to represent floating-point numbers in this hexadecimal format.
    For example, 0x1.92p+1, 0x3.24p+0, 0x6.48p-1, and 0xc.9p-2 are all equivalent. The format chosen depends on the internal representation of the number, but the implementation guarantees that the length of the mantissa will be minimized.
    Zeroes are always represented with a mantissa of 0 (preceded by a - if appropriate) and an exponent of +0.
    c The int argument is converted to an unsigned char, and the resulting character is written. If the l (ell) modifier is used, the wint_t argument shall be converted to a wchar_t , and the (potentially multibyte) sequence representing the single wide character is written, including any shift sequences. If a shift sequence is used, the shift state is also restored to the original state after the character.
    C Treated as c with the l (ell) modifier.
    s The char * argument is expected to be a pointer to an array of character type (pointer to a string). Characters from the array are written up to (but not including) a terminating NUL character; if a precision is specified, no more than the number specified are written. If a precision is given, no null character need be present; if the precision is not specified, or is greater than the size of the array, the array must contain a terminating NUL character.

    If the l (ell) modifier is used, the wchar_t * argument is expected to be a pointer to an array of wide characters (pointer to a wide string). For each wide character in the string, the (potentially multi-byte) sequence representing the wide character is written, including any shift sequences. If any shift sequence is used, the shift state is also restored to the original state after the string. Wide characters from the array are written up to (but not including) a terminating wide NUL character; if a precision is specified, no more than the number of bytes specified are written (including shift sequences). Partial characters are never written. If a precision is given, no null character need be present; if the precision is not specified, or is greater than the number of bytes required to render the multibyte representation of the string, the array must contain a terminating wide NUL character.

    S Treated as s with the l (ell) modifier.
    p The void * pointer argument is printed in hexadecimal (as if by %#x or %#lx).
    n The number of characters written so far is stored into the integer indicated by the int * (or variant) pointer argument. No argument is converted.
    % A % is written. No argument is converted. The complete conversion specification is %%.
    The decimal point character is defined in the program's locale (category LC_NUMERIC).

    In no case does a non-existent or small field width cause truncation of a numeric field; if the result of a conversion is wider than the field width, the field is expanded to contain the conversion result.

    EXAMPLES

    To print a date and time in the form ``Sunday, July 3, 10:02'', where weekday and month are pointers to strings:
    #include fprintf(stdout, "%s, %s %d, %.2d:%.2d\n", weekday, month, day, hour, min);
    To print pi to five decimal places:
    #include #include fprintf(stdout, "pi = %.5f\n", 4 * atan(1.0));
    To allocate a 128 byte string and print into it:
    #include #include #include char *newfmt(const char *fmt, ...) { char *p; va_list ap; if ((p = malloc(128)) == NULL) return (NULL); va_start(ap, fmt); (void) vsnprintf(p, 128, fmt, ap); va_end(ap); return (p); }

    SECURITY CONSIDERATIONS

    The sprintf() and vsprintf() functions are easily misused in a manner which enables malicious users to arbitrarily change a running program's functionality through a buffer overflow attack. Because sprintf() and vsprintf() assume an infinitely long string, callers must be careful not to overflow the actual space; this is often hard to assure. For safety, programmers should use the snprintf() interface instead. For example:
    void foo(const char *arbitrary_string, const char *and_another) { char onstack[8]; #ifdef BAD /* * This first sprintf is bad behavior. Do not use sprintf! */ sprintf(onstack, "%s, %s", arbitrary_string, and_another); #else /* * The following two lines demonstrate better use of * snprintf(). */ snprintf(onstack, sizeof(onstack), "%s, %s", arbitrary_string, and_another); #endif }
    The printf() and sprintf() family of functions are also easily misused in a manner allowing malicious users to arbitrarily change a running program's functionality by either causing the program to print potentially sensitive data ``left on the stack'', or causing it to generate a memory fault or bus error by dereferencing an invalid pointer.

    %n can be used to write arbitrary data to potentially carefully-selected addresses. Programmers are therefore strongly advised to never pass untrusted strings as the format argument, as an attacker can put format specifiers in the string to mangle your stack, leading to a possible security hole. This holds true even if the string was built using a function like snprintf(), as the resulting string may still contain user-supplied conversion specifiers for later interpolation by printf(). Always use the proper secure idiom:

    snprintf(buffer, sizeof(buffer), "%s", string);

    COMPATIBILITY

    The conversion formats %D, %O, and %U are not standard and are provided only for backward compatibility. The effect of padding the %p format with zeros (either by the 0 flag or by specifying a precision), and the benign effect (i.e., none) of the # flag on %n and %p conversions, as well as other nonsensical combinations such as %Ld, are not standard; such combinations should be avoided.

    ERRORS

    In addition to the errors documented for the write(2) system call, the printf() family of functions may fail if: [EILSEQ] An invalid wide character code was encountered. [ENOMEM] Insufficient storage space is available. SEE ALSO printf(1), printf_l(3), fmtcheck(3), scanf(3), setlocale(3), stdarg(3), wprintf(3)