On 11/9/06, Cassio B. Caporal <[EMAIL PROTECTED]> wrote:
I have problems to print '%' in stdout... Suppose code below:
#include <stdio.h>
main() {
char foo[] = "bar=30%\n";
fprintf(stdout, bar);
When posting code, please cut-and-paste it into your message, as the
above code won't compile. I presume you meant to write:
fprintf(stdout, foo);
That passes 'foo' as the format argument to fprintf(). The format
argument is a compact description of what should be output and *NOT*
simply a string to be output. If you want to simply output a literal
string you should *not* pass that string as the format to fprintf, but
rather pass a format saying "just output the next argument as a
string" and pass the string as the next argument, ala:
fprintf(stdout, "%s", foo);
If the string being printed is under the control of an outside party,
then it is *critical* that you do something like the above to avoid
security holes.
IMHO, you should never invoke fprintf() with exactly two arguments,
nor printf() with exactly one argument. Either use a format of "%s"
or switch to fputs()/puts().
(...though you have to reverse the order of the arguments when going
from fprintf() to fputs()...)
Philip Guenther
