How To Eliminate The Xcode Warning: Format string is not a string literal (potentially insecure)

February 14, 2013

In this tip I’ll explain more about warning that you may periodically see in Xcode: Format string is not a string literal (potentially insecure).

The reason for this warning is that your code is not using a properly configured format string. For example, I’ve seen this error in code where NSLog is used as follows:

NSString *str = @"test string";

If you look at the definition for NSLog it states the proper parameter is a format string followed by the values to output:

void NSLog (NSString *format, ...);

The proper way to call NSLog with the above code is:

NSString *str = @"test string";
NSLog(@"%@", str);

You may get the same warning in other methods/functions that use format strings, for example the C functions printf, scanf and various assertion macros, if you don’t use format strings correctly.

Format Strings And Security Exploits

The reason for the warning is that without a proper format string, the compiler has no means to verify the input you are providing – that is, do the format types jive with the data types passed to the method. Unverified input is a common vulnerability and provides a potential means to write to the stack or other memory locations.

Here is some additional information on format string vulnerabilities.

Leave a Comment