Potentially insecure warning?


I have tried 3 different ways of writing the code for the challenge. They all give the same result. But for the third one I get a warning:
Format string is not a string literal (potentially insecure)
I am not shure, why the third NSLog is insecure? Maybe someone can explain this for me.

        NSString *locNam = [[NSHost currentHost] localizedName];
        NSLog(@"%@", locNam);
        NSLog(@"%@", [[NSHost currentHost] localizedName]);
        NSLog([[NSHost currentHost] localizedName]);


This is a bit difficult to explain, but here goes:

The format string gets interpreted by NSLog, stepping through the string looking for %d, %s, %f, etc. Each time it finds one, it goes and reads an argument and inserts it in the string that gets logged. The arguments are found on the stack.

Imagine that the name of your host was “Herbert%f”, then this would work:

And the user would see:

OK, so pause here and make sure that you’ve understood this so far.

Now, what if I don’t supply 0.4? The function goes looking on the stack where 0.4 would be and reads that and prints it out. And what if there are a lot of % tokens? Well, it just keeps stepping through the stack and logging them out to the user. What if there is a a secret password somewhere the stack? It might get read and and displayed to the user.

Sounds far-fetched, right? In some ways it is, but it can be a very real security hole in your code.