C: sprintf w/o format specifier

Posted on 2012-09-20
Last Modified: 2012-09-20

In "C",

I stumbled upon the following statement in our source code:

sprintf(filename, TempIndexTextFileName);

Is this statement OK? I don't know what I was thinking when I wrote it...  :)
I always use format specs e.g.

sprintf(filename, "%s",  TempIndexTextFileName);

sprintf(filename, "%-10.10s",  TempIndexTextFileName);

Question by:Stephen Kairys
    LVL 32

    Assisted Solution

    sprintf expects at least two arguments, a char buffer for output and a format string. for each % specifier you used in the format string you need to add the appropriate argument. so if we assume that TempIndexTextFileName doesn't contain a % specifier, the sprintf is correct and would do same as strcpy. it also has same problem as strcpy that the second string needs to be zero-terminated and the first string buffer must be big enough to take that string.

    i personally would always add checks on length and size and use strncpy or strcat when the size check was ok. printf and sprintf are mighty and comfortable but they also were responsible for a good deal of bugs and security leaks of c and c++ programs.

    LVL 45

    Expert Comment

    Hi Steve,

    In this case, the string contained in *TempIndexTextFileName* will be written to the output stream.  However, if the string contains something that looks like a format specifier, (%s, %f, %d, %x, etc.) fprintf will try to do the substitution.  That's probably not what you want, but since this appears to be a file name it probably won't happen either.

    Better would be to write the string using fputs().  It will write the string without attempting to do any kind of substitution.

    Good Luck,
    LVL 4

    Author Comment

    by:Stephen Kairys
    Sara and Kent,
    Thanks for your replies.

    Per Kent, please clarify why you suggested using fputs() when we're dealing with a function call that essentially copies a string.

    LVL 45

    Accepted Solution

    Hi Steve,

    Sorry, I misread the question and thought you were writing to a stream, not copying a string.  But the same issues are in play.

      char *filename;
      char *TempIndexTextFileName;

    //  assume that both variables are properly initialized.

      TempIndexTextFileName = "ThisIsMyFile.txt";
      sprintf(filename, TempIndexTextFileName);

      TempIndexTextFileName = "ThisNameHasFunnyCharacter%s.txt";
      sprintf(filename, TempIndexTextFielName);

    The first call to sprintf (above) will work as you intend.  The results of the second call are undefined as sprintf() will attempt to perform the string substitution for %s, using whatever the next object on the stack is.  It's probably the remnant of a previous function call so it could literally be anything.  At best, it's a valid pointer to 0, which will look like an empty string and the resulting string will be the original string without the %s characters.  At worse, it's a pointer to a very long string that results in a buffer overflow.  Almost as bad is if the item on the stack is data that is not a pointer, resulting in an address error and program abort (hardware fault).

    Since you want to just copy the string, the correct thing to do is use a function specifically designed to do that.  In this case, use strcpy() to copy the string or strdup() to create a copy of the string and assign the buffer to the variable.

    Apologies for the confusion,
    LVL 4

    Author Closing Comment

    by:Stephen Kairys
    Thank you both for your responses. Fortunately the souce buffer would never contain a format spcifier. That said, I probably should change the call to strcpy().

    Tks again.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Highfive + Dolby Voice = No More Audio Complaints!

    Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

    Suggested Solutions

    Title # Comments Views Activity
    memory mapped I/O query 6 119
    How to create project in Eclipse ? 1 172
    Handling string inputs in C/Linux 23 157
    Line meaning 9 56
    This tutorial is posted by Aaron Wojnowski, administrator at  To view more iPhone tutorials, visit This is a very simple tutorial on finding the user's current location easily. In this tutorial, you will learn ho…
    This is a short and sweet, but (hopefully) to the point article. There seems to be some fundamental misunderstanding about the function prototype for the "main" function in C and C++, more specifically what type this function should return. I see so…
    The goal of this video is to provide viewers with basic examples to understand opening and writing to files in the C programming language.
    Video by: Grant
    The goal of this video is to provide viewers with basic examples to understand and use while-loops in the C programming language.

    760 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    9 Experts available now in Live!

    Get 1:1 Help Now