How To Eliminate The Xcode Warning: Format string is not a string literal (potentially insecure)
February 14, 2013
In this tip I’ll explain more about warning that you may periodically see in Xcode: Format string is not a string literal (potentially insecure).
The reason for this warning is that your code is not using a properly configured format string. For example, I’ve seen this error in code where NSLog is used as follows:
NSString *str = @"test string"; NSLog(str);
If you look at the definition for NSLog it states the proper parameter is a format string followed by the values to output:
void NSLog (NSString *format, ...);
The proper way to call NSLog with the above code is:
NSString *str = @"test string"; NSLog(@"%@", str);
You may get the same warning in other methods/functions that use format strings, for example the C functions printf, scanf and various assertion macros, if you don’t use format strings correctly.
Format Strings And Security Exploits
The reason for the warning is that without a proper format string, the compiler has no means to verify the input you are providing – that is, do the format types jive with the data types passed to the method. Unverified input is a common vulnerability and provides a potential means to write to the stack or other memory locations.
Here is some additional information on format string vulnerabilities.