warning: format not a string literal and no format arguments

Question

I want to remove the warning that i get on this line of the code,

FILE *fil; char *imp; (...) fprintf(fil,imp); 

the thing is when i do this it writes on the file exactly what i want, but if i apply the format %s it doesn't, like this

fprintf(fil, "%s", imp); 

Answer 1

This warning is gcc's way of telling you that it cannot verify the format string argument to the printf style function (printf, fprintf... etc). This warning is generated when the compiler can't manually peek into the string and ensure that everything will go as you intend during runtime. Lets look at a couple of examples.

Case 1. This string can be verified at compile time and the compiler will allow it without warning:

printf("This string has no format"); 

Case 2: For this case, the compiler can detect that you have a format specifier and will raise a different warning. On my machine it said "warning: too few arguments for format".

// This will most probably crash your machine printf("Not a safe string to %s");  

Case 3. Now this is somewhat your case. You are taking a string generated at runtime and trying to print it. The warning you are getting is the compiler warning you that there could be a format specifier in the string. Say for eg "bad%sdata". In this case, the runtime will try to access a non-existent argument to match the %s. Even worse, this could be a user trying to exploit your program (causing it to read data that is not safe to read).

char str[200]; scanf("%s", str) printf(str)