cybersecurity · intermediate · ~15 min

Detect format specifiers in input

Spot the dangerous-format-string pattern.

Challenge

Passing user input as a printf format is a vulnerability. Implement int has_format_specifier(const char *s) returning 1 if s contains a '%' followed by a non-'%' character, else 0.

Starter code

int has_format_specifier(const char *s) {
    /* TODO */
    return 0;
}

Solve this exercise in the browser editor — compile and run against the test harness, no setup required.