Share via


CHString::Format(UINT, ) method

[The CHString class is part of the WMI Provider Framework which is now considered in final state, and no further development, enhancements, or updates will be available for non-security related issues affecting these libraries. The MI APIs should be used for all new development.]

The Format method formats and stores a series of characters and values in a CHString string.

Syntax

void Format(
             UINT nFormatID,
  [optional]      ...
) throw (CHeap_Exception);

Parameters

  • nFormatID
    String resource identifier that contains the format control string.

  • ... [optional]
    Argument list.

Return value

This method does not return a value.

Remarks

Each optional argument (if any) is converted and output according to the corresponding format specification in lpszFormat, or from the string resource identified by nFormatID.

Note  To reduce exposure to security attacks, always use a format string for Format. For example, Format(input) is exploitable, and Format("%s", input) is not. Never use a user-supplied string for the format string. If your format string is stored for a purpose such as localization, ensure that the string is protected from unauthorized write access. If your function writes to a string rather than standard output, you may need to avoid using a trailing "%s" in the format string. For more information, see www.securityfocus.com/archive/1/81565 and www.securityfocus.com/archive/1/66842.

 

If the string object is offered as a parameter to Format, the call fails. For example, the following code causes unpredictable results.

CHString str = L"Some Data";

// Attention: str is also used in the parameter list.
str.Format(L"%s%d", str, 123);

Note  When you pass a character string as an optional argument, you must cast it explicitly as LPCWSTR. The format argument has the same form and function as the format argument for the printf function. A NULL character is appended to the end of the written characters.

 

Requirements

Minimum supported client

Windows Vista

Minimum supported server

Windows Server 2008

Header

ChString.h (include FwCommon.h)

Library

FrameDyn.lib

DLL

FrameDynOS.dll; FrameDyn.dll

See also

CHString

CHString::GetBuffer

CHString::FormatV