发表新帖
发表新帖

C++ printf: newline (\n) from commandline argument

前端 未结
关注
7 1740
刺人心
刺人心 2020-12-20 02:07

How print format string passed as argument ?

example.cpp:

#include  
int main(int ac, char* av[]) 
{
     printf(av[1],\"anything\");
相关标签:
7条回答
  • 有刺的猬
    2020-12-20 02:54

    passing user arguments directly to printf causes a exploit called "String format attack"

    See Wikipedia and Much more details

    0 讨论(0)
  • 春和景丽
    2020-12-20 02:56

    At least if I understand correctly, you question is really about converting the "\n" escape sequence into a new-line character. That happens at compile time, so if (for example) you enter the "\n" on the command line, it gets printed out as "\n" instead of being converted to a new-line character.

    I wrote some code years ago to convert escape sequences when you want it done. Please don't pass it as the first argument to printf though. If you want to print a string entered by the user, use fputs, or the "%s" conversion format:

    int main(int argc, char **argv) { 
    if (argc > 1) 
        printf("%s", translate(argv[1]));
    return 0;
}
    0 讨论(0)
  • 时光说笑
    2020-12-20 02:58

    There's no way to automatically have the string contain a newline. You'll have to do some kind of string replace on your own before you use the parameter.

    0 讨论(0)
  • 不思量自难忘°
    2020-12-20 03:01

    No, do not do that! That is a very severe vulnerability. You should never accept format strings as input. If you would like to print a newline whenever you see a "\n", a better approach would be:

    #include <iostream>
#include <cstdlib>

int main(int argc, char* argv[])
{
     if ( argc != 2 ){
         std::cerr << "Exactly one parameter required!" << std::endl;
         return 1;
     }

     int idx = 0;
     const char* str = argv[1];
     while ( str[idx] != '\0' ){
          if ( (str[idx]=='\\') && (str[idx+1]=='n') ){
                 std::cout << std::endl;
                 idx+=2;
          }else{
                 std::cout << str[idx];
                 idx++;
          }
     }
     return 0;
}

    Or, if you are including the Boost C++ Libraries in your project, you can use the boost::replace_all function to replace instances of "\\n" with "\n", as suggested by Pukku.

    0 讨论(0)
  • 长发绾君心
    2020-12-20 03:04

    You can't do that because \n and the like are parsed by the C compiler. In the generated code, the actual numerical value is written.

    What this means is that your input string will have to actually contain the character value 13 (or 10 or both) to be considered a new line because the C functions do not know how to handle these special characters since the C compiler does it for them.

    Alternatively you can just replace every instance of \\n with \n in your string before sending it to printf.

    0 讨论(0)
  • 隐瞒了意图╮
    2020-12-20 03:04

    It is only the compiler that converts \n etc to the actual ASCII character when it finds that sequence in a string.

    If you want to do it for a string that you get from somewhere, you need to manipulate the string directly and replace the string "\n" with a CR/LF etc. etc.

    If you do that, don't forget that "\\" becomes '\' too.

    Please never ever use char* buffers in C++, there is a nice std::string class that's safer and more elegant.

    0 讨论(0)
 看不清?
提交回复
热议问题