0

Possible Duplicate:
Calling NSLog from C++: “Format string is not a string literal (potentially insecure)”
Why is my string potentially unsecure in my iOS application?

I have this code to log the number of elements in my NSMutableDictionary called "myDictionary" in objective-c.

NSLog([NSString stringWithFormat:@"%d", [myDictionary count]]);

XCode warns me that "Format string is not a string literal. Potentially insecure."

Why? Aren't I using a secure formatted string as opposed to directly casting the count?

Community
  • 1
  • 1
Justin Copeland
  • 1,891
  • 5
  • 23
  • 27
  • 1
    Duplicates: [one](http://stackoverflow.com/questions/9793199/calling-nslog-from-c-format-string-is-not-a-string-literal-potentially-inse), [two](http://stackoverflow.com/questions/9961363/why-is-my-string-potentially-unsecure-in-my-ios-application). – Kurt Revis Apr 03 '12 at 00:44

2 Answers2

6

NSLog() already assumes that you'll be passing in a formatted string. Try this instead:

NSLog(@"%d", [myDictionary count]);
Reed Olsen
  • 9,099
  • 4
  • 37
  • 47
4

The string you pass to NSLog is interpreted like a format string, so the appropriate way to do this is NSLog(@"%d", myDictionary.count);.

The reason it's "unsafe" is that it's possible to crash the program in cases like this:

NSString *someString = @"The integer format specifier is %d";
NSLog([NSString stringWithFormat:@"%@", someString]);

The input to NSLog is treated like a format string, but there's no corresponding value for the %d at the end. In your case it's not a problem, but the compiler isn't smart enough to figure that out.

Ian Henry
  • 22,255
  • 4
  • 50
  • 61