Robert C. Seacord is a senior vulnerability analyst at the CERT/Coordination Center (CERT/CC) at the Software Engineering Institute (SEI) in Pittsburgh, PA, and author of Secure Coding in C and C++ (Addison-Wesley, 2005). An eclectic technologist, Robert is coauthor of two previous books, Building Systems from Commercial Components (Addison-Wesley, 2002) and Modernizing Legacy Systems (Addison-Wesley, 2003).
C/C++ language variadic functions are functions that accept a variable number
of arguments. Variadic functions are implemented using either the ANSI C
stdarg approach or, historically, the UNIX System V vararg approach. Both
approaches require that the contract between the developer and user of the
variadic function not be violated by the user.
Many of the formatted I/O functions in the ISO/IEC 9899:1999 C language
standard (C99) such as printf() and scanf() are defined as variadic functions
(including formatted output functions that operate on a multibyte characters
[e.g., ASCII] and wide characters [e.g., UNICODE]).
These functions accept a fixed format string argument that specifies, among
other things, the number and type of arguments that are expected. If the
contents of the format string are incorrect (by error or by malicious
intent), the resulting behavior o... (more)
Robert C. Seacord is a senior vulnerability analyst at the CERT/Coordination Center (CERT/CC) at the Software Engineering Institute (SEI) in Pittsburgh, PA, and author of Secure Coding in C and C++ (Addison-Wesley, 2005). An eclectic technologist, Robert is coauthor of two previous books, Building Systems from Commercial Components (Addison-Wesley, 2002) and Modernizing Legacy Systems (Addison-Wesley, 2003).
Zakia Bouachraoui
Terry Ray
Charles Araujo
