How print format string passed as argument ?
example.cpp:
#include
int main(int ac, char* av[])
{
printf(av[1],\"anything\");
passing user arguments directly to printf causes a exploit called "String format attack"
See Wikipedia and Much more details
At least if I understand correctly, you question is really about converting the "\n" escape sequence into a new-line character. That happens at compile time, so if (for example) you enter the "\n" on the command line, it gets printed out as "\n" instead of being converted to a new-line character.
I wrote some code years ago to convert escape sequences when you want it done. Please don't pass it as the first argument to printf though. If you want to print a string entered by the user, use fputs, or the "%s" conversion format:
int main(int argc, char **argv) {
if (argc > 1)
printf("%s", translate(argv[1]));
return 0;
}
There's no way to automatically have the string contain a newline. You'll have to do some kind of string replace on your own before you use the parameter.
No, do not do that! That is a very severe vulnerability. You should never accept format strings as input. If you would like to print a newline whenever you see a "\n", a better approach would be:
#include <iostream> #include <cstdlib> int main(int argc, char* argv[]) { if ( argc != 2 ){ std::cerr << "Exactly one parameter required!" << std::endl; return 1; } int idx = 0; const char* str = argv[1]; while ( str[idx] != '\0' ){ if ( (str[idx]=='\\') && (str[idx+1]=='n') ){ std::cout << std::endl; idx+=2; }else{ std::cout << str[idx]; idx++; } } return 0; }
Or, if you are including the Boost C++ Libraries in your project, you can use the boost::replace_all
function to replace instances of "\\n" with "\n", as suggested by Pukku.
You can't do that because \n
and the like are parsed by the C compiler. In the generated code, the actual numerical value is written.
What this means is that your input string will have to actually contain the character value 13 (or 10 or both) to be considered a new line because the C functions do not know how to handle these special characters since the C compiler does it for them.
Alternatively you can just replace every instance of \\n
with \n
in your string before sending it to printf
.
It is only the compiler that converts \n etc to the actual ASCII character when it finds that sequence in a string.
If you want to do it for a string that you get from somewhere, you need to manipulate the string directly and replace the string "\n" with a CR/LF etc. etc.
If you do that, don't forget that "\\" becomes '\' too.
Please never ever use char* buffers in C++, there is a nice std::string class that's safer and more elegant.