printf prototype is defined like below:
The first argument
const char *format is a format string that contains placeholders marked by
% escape character.
By default, C compiler is doesn’t care if you use
printf correctly or not. The following unsafe code will compile succesfully without warning or error:
The code above seems safe, but it give us unpredictable consequences if
a contains placeholder that there are no argument to be formatted. It is possible that it will print a private value from memory.
So, the correct way to use
printf is always define a format string explicitly:
Compiling the unsafe code with
-Wformat=2 -Werror flag will prevent you from using
printf incorrectly at runtime.