Updated: 2022/Sep/29
Please read Privacy Policy. It's for your privacy.
PRINTF(3) Library Functions Manual PRINTF(3)
NAME
printf, fprintf, dprintf, sprintf, snprintf, snprintf_ss, asprintf,
vprintf, vfprintf, vsprintf, vdprintf, vsnprintf, vsnprintf_ss, vasprintf
- formatted output conversion
LIBRARY
Standard C Library (libc, -lc)
SYNOPSIS
#include <stdio.h>
int
printf(const char * restrict format, ...);
int
fprintf(FILE * restrict stream, const char * restrict format, ...);
int
dprintf(int fd, const char * restrict format, ...);
int
sprintf(char * restrict str, const char * restrict format, ...);
int
snprintf(char * restrict str, size_t size, const char * restrict format,
...);
int
snprintf_ss(char * restrict str, size_t size,
const char * restrict format, ...);
int
asprintf(char ** restrict ret, const char * restrict format, ...);
#include <stdarg.h>
int
vprintf(const char * restrict format, va_list ap);
int
vfprintf(FILE * restrict stream, const char * restrict format,
va_list ap);
int
vsprintf(char * restrict str, const char * restrict format, va_list ap);
int
vdprintf(int fd, const char * restrict format, va_list ap);
int
vsnprintf(char * restrict str, size_t size, const char * restrict format,
va_list ap);
int
vsnprintf_ss(char * restrict str, size_t size,
const char * restrict format, va_list ap);
int
vasprintf(char ** restrict ret, const char * restrict format,
va_list ap);
DESCRIPTION
The printf() family of functions produces output according to a format as
described below. The printf() and vprintf() functions write output to
stdout, the standard output stream; fprintf() and vfprintf() write output
to the given output stream; dprintf() and vdprintf() write output to the
given file descriptor fd; sprintf(), snprintf(), snprintf_ss(),
vsprintf(), vsnprintf(), and vsnprintf_ss() write to the character string
str; and asprintf() and vasprintf() write to a dynamically allocated
string that is stored in ret.
These functions write the output under the control of a format string
that specifies how subsequent arguments (or arguments accessed via the
variable-length argument facilities of stdarg(3)) are converted for
output.
snprintf_ss() and vsnprintf_ss() are signal-safe standalone versions that
do not handle floating point formats, positional arguments, and wide
characters.
asprintf() and vasprintf() set the ret argument to a pointer containing
the formatted string. This pointer points to a newly allocated buffer
and should be passed to free(3) to release the allocated storage when it
is no longer needed. If sufficient space cannot be allocated, these
functions will return -1 and set ret to be a NULL pointer. Please note
that these functions are not standardized, and not all implementations
can be assumed to set the ret argument to NULL on error. It is more
portable to check for a return value of -1 instead.
snprintf(), vsnprintf(), and vsnprintf_ss() will write at most size-1 of
the characters printed into the output string (the size'th character then
gets the terminating `\0'); if the return value is greater than or equal
to the size argument, the string was too short and some of the printed
characters were discarded. If size is zero, nothing is written and str
may be a NULL pointer.
sprintf() and vsprintf() effectively assume an infinite size.
The format string is composed of zero or more directives: ordinary
characters (not %), which are copied unchanged to the output stream; and
conversion specifications, each of which results in fetching zero or more
subsequent arguments. Each conversion specification is introduced by the
character %. The arguments must correspond properly (after type
promotion) with the conversion specifier. After the %, the following
appear in sequence:
⊕ An optional field, consisting of a decimal digit string followed by a
$, specifying the next argument to access. If this field is not
provided, the argument following the last argument accessed will be
used. Arguments are numbered starting at 1. If unaccessed arguments
in the format string are interspersed with ones that are accessed the
results will be indeterminate.
⊕ Zero or more of the following flags:
`#' The value should be converted to an "alternate
form". For c, d, i, n, p, s, and u conversions,
this option has no effect. For o conversions, the
precision of the number is increased to force the
first character of the output string to a zero
(except if a zero value is printed with an explicit
precision of zero). For x and X conversions, a
non-zero result has the string `0x' (or `0X' for X
conversions) prepended to it. For a, A, e, E, f,
F, g, and G conversions, the result will always
contain a decimal point, even if no digits follow
it (normally, a decimal point appears in the
results of those conversions only if a digit
follows). For g and G conversions, trailing zeros
are not removed from the result as they would
otherwise be.
`0' (zero) Zero padding. For all conversions except n, the
converted value is padded on the left with zeros
rather than blanks. If a precision is given with a
numeric conversion (d, i, o, u, x, and X), the 0
flag is ignored.
`-' A negative field width flag; the converted value is
to be left adjusted on the field boundary. Except
for n conversions, the converted value is padded on
the right with blanks, rather than on the left with
blanks or zeros. A `-' overrides a `0' if both are
given.
` ' (space) A blank should be left before a positive number
produced by a signed conversion (a, A d, e, E, f,
F, g, G, or i).
`+' A sign must always be placed before a number
produced by a signed conversion. A `+' overrides a
space if both are used.
`'' Decimal conversions (d, u, or i) or the integral
portion of a floating point conversion (f or F)
should be grouped and separated by thousands using
the non-monetary separator returned by
localeconv(3).
⊕ An optional decimal digit string specifying a minimum field width.
If the converted value has fewer characters than the field width, it
will be padded with spaces on the left (or right, if the left-
adjustment flag has been given) to fill out the field width.
⊕ An optional precision, in the form of a period `.' followed by an
optional digit string. If the digit string is omitted, the precision
is taken as zero. This gives the minimum number of digits to appear
for d, i, o, u, x, and X conversions, the number of digits to appear
after the decimal-point for a, A, e, E, f, and F conversions, the
maximum number of significant digits for g and G conversions, or the
maximum number of characters to be printed from a string for s
conversions.
⊕ An optional length modifier, that specifies the size of the argument.
The following length modifiers are valid for the d, i, n, o, u, x, or
X conversions:
Modifier d, i o, u, x, X n
hh signed char unsigned char signed char *
h short unsigned short short *
l (ell) long unsigned long long *
ll (ell ell) long long unsigned long long long long *
j intmax_t uintmax_t intmax_t *
t ptrdiff_t (see note) ptrdiff_t *
z (see note) size_t (see note)
q (deprecated) quad_t u_quad_t quad_t *
Note: the t modifier, when applied to a o, u, x, or X conversion,
indicates that the argument is of an unsigned type equivalent in size
to a ptrdiff_t. The z modifier, when applied to a d or i conversion,
indicates that the argument is of a signed type equivalent in size to
a size_t. Similarly, when applied to an n conversion, it indicates
that the argument is a pointer to a signed type equivalent in size to
a size_t.
Note: if the standard integer types described in stdint(3) are used,
it is recommended that the predefined format string specifier macros
are used when possible. These are further described in inttypes(3).
The following length modifiers are valid for the a, A, e, E, f, F, g,
or G conversions:
Modifier a, A, e, E, f, F, g, G
l (ell) double (ignored, same behavior as without it)
L long double
The following length modifier is valid for the c or s conversions:
Modifier c s
l (ell) wint_t wchar_t *
⊕ A character that specifies the type of conversion to be applied.
A field width or precision, or both, may be indicated by an asterisk `*'
or an asterisk followed by one or more decimal digits and a `$' instead
of a digit string. In this case, an int argument supplies the field
width or precision. A negative field width is treated as a left
adjustment flag followed by a positive field width; a negative precision
is treated as though it were missing. If a single format directive mixes
positional (nn$) and non-positional arguments, the results are undefined.
The conversion specifiers and their meanings are:
diouxX The int (or appropriate variant) argument is converted to
signed decimal (d and i), unsigned octal (o), unsigned
decimal (u), or unsigned hexadecimal (x and X) notation. The
letters "abcdef" are used for x conversions; the letters
"ABCDEF" are used for X conversions. The precision, if any,
gives the minimum number of digits that must appear; if the
converted value requires fewer digits, it is padded on the
left with zeros.
DOU The long int argument is converted to signed decimal,
unsigned octal, or unsigned decimal, as if the format had
been ld, lo, or lu respectively. These conversion characters
are deprecated, and will eventually disappear.
eE The double argument is rounded and converted in the style
[-]d.ddde+-dd where there is one digit before the decimal-
point character and the number of digits after it is equal to
the precision; if the precision is missing, it is taken as 6;
if the precision is zero, no decimal-point character appears.
An E conversion uses the letter `E' (rather than `e') to
introduce the exponent. The exponent always contains at
least two digits; if the value is zero, the exponent is 00.
For a, A, e, E, f, F, g, and G conversions, positive and
negative infinity are represented as inf and -inf
respectively when using the lowercase conversion character,
and INF and -INF respectively when using the uppercase
conversion character. Similarly, NaN is represented as nan
when using the lowercase conversion, and NAN when using the
uppercase conversion.
fF The double argument is rounded and converted to decimal
notation in the style [-]ddd.ddd, where the number of digits
after the decimal-point character is equal to the precision
specification. If the precision is missing, it is taken as
6; if the precision is explicitly zero, no decimal-point
character appears. If a decimal point appears, at least one
digit appears before it.
gG The double argument is converted in style f or e (or in style
F or E for G conversions). The precision specifies the
number of significant digits. If the precision is missing, 6
digits are given; if the precision is zero, it is treated as
1. Style e is used if the exponent from its conversion is
less than -4 or greater than or equal to the precision.
Trailing zeros are removed from the fractional part of the
result; a decimal point appears only if it is followed by at
least one digit.
aA The double argument is rounded and converted to hexadecimal
notation in the style [-]0xh.hhhp[+-]d, where the number of
digits after the hexadecimal-point character is equal to the
precision specification. If the precision is missing, it is
taken as enough to represent the floating-point number
exactly, and no rounding occurs. If the precision is zero,
no hexadecimal-point character appears. The p is a literal
character `p', and the exponent consists of a positive or
negative sign followed by a decimal number representing an
exponent of 2. The A conversion uses the prefix "0X" (rather
than "0x"), the letters "ABCDEF" (rather than "abcdef") to
represent the hex digits, and the letter `P' (rather than
`p') to separate the significand and exponent.
Note that there may be multiple valid ways to represent
floating-point numbers in this hexadecimal format. For
example, 0x3.24p+0, 0x6.48p-1 and 0xc.9p-2 are all
equivalent. The format chosen depends on the internal
representation of the number, but the implementation
guarantees that the length of the significand will be
minimized. Zeroes are always represented with a significand
of 0 (preceded by a `-' if appropriate) and an exponent of
+0.
C Treated as c with the l (ell) modifier.
c The int argument is converted to an unsigned char, and the
resulting character is written.
If the l (ell) modifier is used, the wint_t argument shall be
converted to a wchar_t, and the (potentially multi-byte)
sequence representing the single wide character is written,
including any shift sequences. If a shift sequence is used,
the shift state is also restored to the original state after
the character.
S Treated as s with the l (ell) modifier.
s The char * argument is expected to be a pointer to an array
of character type (pointer to a string). Characters from the
array are written up to (but not including) a terminating NUL
character; if a precision is specified, no more than the
number specified are written. If a precision is given, no
null character need be present; if the precision is not
specified, or is greater than the size of the array, the
array must contain a terminating NUL character.
If the l (ell) modifier is used, the wchar_t * argument is
expected to be a pointer to an array of wide characters
(pointer to a wide string). For each wide character in the
string, the (potentially multi-byte) sequence representing
the wide character is written, including any shift sequences.
If any shift sequence is used, the shift state is also
restored to the original state after the string. Wide
characters from the array are written up to (but not
including) a terminating wide NUL character; if a precision
is specified, no more than the number of bytes specified are
written (including shift sequences). Partial characters are
never written. If a precision is given, no null character
need be present; if the precision is not specified, or is
greater than the number of bytes required to render the
multibyte representation of the string, the array must
contain a terminating wide NUL character.
p The void * pointer argument is printed in hexadecimal (as if
by `%#x' or `%#lx').
n The number of characters written so far is stored into the
integer indicated by the int * (or variant) pointer argument.
No argument is converted.
% A `%' is written. No argument is converted. The complete
conversion specification is `%%'.
The decimal point character is defined in the program's locale (category
LC_NUMERIC).
In no case does a non-existent or small field width cause truncation of a
numeric field; if the result of a conversion is wider than the field
width, the field is expanded to contain the conversion result.
RETURN VALUES
These functions return the number of characters printed, or that would be
printed if there was adequate space in case of snprintf(), vsnprintf(),
and vsnprintf_ss() (not including the trailing `\0' used to end output to
strings). If an output error was encountered, these functions shall
return a negative value.
EXAMPLES
To print a date and time in the form "Sunday, July 3, 10:02", where
weekday and month are pointers to strings:
#include <stdio.h>
fprintf(stdout, "%s, %s %d, %.2d:%.2d\n",
weekday, month, day, hour, min);
To print pi to five decimal places:
#include <math.h>
#include <stdio.h>
fprintf(stdout, "pi = %.5f\n", 4 * atan(1.0));
To allocate a 128 byte string and print into it:
#include <stdio.h>
#include <stdlib.h>
#include <stdarg.h>
char *newfmt(const char *fmt, ...)
{
char *p;
va_list ap;
if ((p = malloc(128)) == NULL)
return (NULL);
va_start(ap, fmt);
(void) vsnprintf(p, 128, fmt, ap);
va_end(ap);
return (p);
}
ERRORS
In addition to the errors documented for the write(2) system call, the
printf() family of functions may fail if:
[EILSEQ] An invalid wide-character code was encountered.
[ENOMEM] Insufficient storage space is available.
[EOVERFLOW] The size argument exceeds INT_MAX, or the return value
would be too large to be represented by an int.
SEE ALSO
printf(1), fmtcheck(3), scanf(3), setlocale(3), snprintb(3), wprintf(3),
printf(9)
STANDARDS
Subject to the caveats noted in the BUGS section below, the fprintf(),
printf(), sprintf(), vprintf(), vfprintf(), and vsprintf() functions
conform to ANSI X3.159-1989 ("ANSI C89") and ISO/IEC 9899:1999
("ISO C99"). With the same reservation, the snprintf() and vsnprintf()
functions conform to ISO/IEC 9899:1999 ("ISO C99").
HISTORY
The functions snprintf() and vsnprintf() first appeared in 4.4BSD. The
functions asprintf() and vasprintf() are modeled on the ones that first
appeared in the GNU C library. The function vsnprintf_ss() is non-
standard and appeared in NetBSD 4.0. The functions dprintf() and
vdprintf() are parts of IEEE Std 1003.1-2008 ("POSIX.1") and appeared in
NetBSD 6.0.
CAVEATS
Because sprintf() and vsprintf() assume an infinitely long string,
callers must be careful not to overflow the actual space; this is often
impossible to assure. For safety, programmers should use the snprintf()
and asprintf() family of interfaces instead. Unfortunately, the
snprintf() interfaces are not available on older systems and the
asprintf() interfaces are not yet portable.
It is important never to pass a string with user-supplied data as a
format without using `%s'. An attacker can put format specifiers in the
string to mangle your stack, leading to a possible security hole. This
holds true even if you have built the string "by hand" using a function
like snprintf(), as the resulting string may still contain user-supplied
conversion specifiers for later interpolation by printf().
Be sure to use the proper secure idiom:
snprintf(buffer, sizeof(buffer), "%s", string);
There is no way for printf() to know the size of each argument passed.
If you use positional arguments you must ensure that all parameters, up
to the last positionally specified parameter, are used in the format
string. This allows for the format string to be parsed for this
information. Failure to do this will mean your code is non-portable and
liable to fail.
In this implementation, passing a NULL char * argument to the %s format
specifier will output (null) instead of crashing. Programs that depend
on this behavior are non-portable and may crash on other systems or in
the future.
BUGS
The conversion formats %D, %O, and %U are not standard and are provided
only for backward compatibility. The effect of padding the %p format
with zeros (either by the `0' flag or by specifying a precision), and the
benign effect (i.e. none) of the `#' flag on %n and %p conversions, as
well as other nonsensical combinations such as %Ld, are not standard;
such combinations should be avoided.
The printf() family of functions do not correctly handle multibyte
characters in the format argument.
SECURITY CONSIDERATIONS
The sprintf() and vsprintf() functions are easily misused in a manner
which enables malicious users to arbitrarily change a running program's
functionality through a buffer overflow attack. Because sprintf() and
vsprintf() assume an infinitely long string, callers must be careful not
to overflow the actual space; this is often hard to assure. For safety,
programmers should use the snprintf() interface instead. For example:
void
foo(const char *arbitrary_string, const char *and_another)
{
char onstack[8];
#ifdef BAD
/*
* This first sprintf is bad behavior. Do not use sprintf!
*/
sprintf(onstack, "%s, %s", arbitrary_string, and_another);
#else
/*
* The following two lines demonstrate better use of
* snprintf().
*/
snprintf(onstack, sizeof(onstack), "%s, %s", arbitrary_string,
and_another);
#endif
}
The printf() and sprintf() family of functions are also easily misused in
a manner allowing malicious users to arbitrarily change a running
program's functionality by either causing the program to print
potentially sensitive data "left on the stack", or causing it to generate
a memory fault or bus error by dereferencing an invalid pointer.
%n can be used to write arbitrary data to potentially carefully-selected
addresses. Programmers are therefore strongly advised to never pass
untrusted strings as the format argument, as an attacker can put format
specifiers in the string to mangle your stack, leading to a possible
security hole. This holds true even if the string was built using a
function like snprintf(), as the resulting string may still contain user-
supplied conversion specifiers for later interpolation by printf().
Always use the proper secure idiom:
snprintf(buffer, sizeof(buffer), "%s", string);
NetBSD 10.99 April 3, 2022 NetBSD 10.99