Hacker Read

alxmdev | karma 1241 | avg karma 6.3 · 2023-04-07 12:38:05

Bingo, you should never pass arbitrary strings where they could be used as format specifiers, it's like running arbitrary code. Some compilers even issue warnings when you pass non-literal format strings to the printf family.