Formatting strings sometimes crashes program

TheIronDuke
TheIronDuke used Ask the Experts™
on
I sometimes have problems with programs crashing when I format a string incorrectly. For example, using wsprintf. Is there any way to catch these to prevent the program crashing.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
I hesitate to write this because (1) I don't write in the non-portable C++ Microsoft variant, and (2) the printf family of crashes can occur far from the printf code itself, and without having a reproducible code set that illustrates the crash, it is usually difficult to diagnose the problem. Buffer overruns and/or lack of proper string null termination can cause this effect, and this could explain the intermittent behavior of your crash.

>> sometimes problems with programs crashing
Are you able to come up with one set of inputs which always causes the program to crash, or at least crash intermittently? If always, then couldn't you start using the debugger to narrow down where the crash is, and then look at the state of your program just before the crash? If intermittently with the same input, then that issue is sometimes caused by one or more variables being used before being set.

When you whittle the program down to a bare minimum, I'm guessing your problem goes away. If so, you can then start adding pieces a little at a time, until your program begins to crash again.

I assume you added exception handling around your wsprintf statement, and it didn't help you catch any problem.

Here is a general article related to problems with wsprintf.
https://randomascii.wordpress.com/2011/10/09/dangerous-documentation-part-2printing-strings/
I found this api, and ask you to look at the Sequence section double check the variable types against the format definitions. Possibly, e.g., a long vs int vs short issue is incorrect; or likewise, a float vs double mismatch?
https://docs.microsoft.com/en-us/previous-versions/ms942863(v%3Dmsdn.10)
Also, take a look at the Return Values section, and verify that your return value is correct.
The number of characters stored in the output buffer, not counting the terminating null character, indicates success. A value less than the length of the format-control string indicates failure. To get extended error information, call GetLastError.
Eduard GherguArchitect - Coder - Mentor

Commented:
Hi,

Can you be more specific about the errors? Can you provide some samples?
Hi TheIronDuke,

just one point you should think about: do you really have to use printf-like functions?

All printf-like functions have the same problem which very, very often leads to errors, and which makes them a popular target for security attacks.

The main problem is that they use the old C-style method to allow passing a variable number of arguments, which is completeley unsafe regarding the passed type. Internally printf parses the format string, and predicts the passed agruments' types depending on the found placeholders only and casts them even if they're completeley different ... it's i.e. possible to compile something like this, allthough it will for sure fail when executed, coz it's obviously wrong:
double t1, t2;
// ...
printf( "%s: %i", t1, t2 );

Open in new window

Fortunateley some compilers (i.e. current clang or msvc) create warnings about such a wrong usage, but other compilers probably don't, which makes it quite hard to find.

I'd suggest to think about using something different, which is typesafe, i.e. STL streams/stringstreams, or (what I really like a lot sind I know it) the free and easy to use fromatting library fmt: https://github.com/fmtlib/fmt

Best regards,

ZOPPO

Author

Commented:
Thank you everyone for your input.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial