Actually, there’s a conceptually simple win: don’t let your format strings determine the byte-level interpretation of data. Especially without bounds.
I mean, duh. Who’d do something so obviously stupid? Well, unfortunately, the C standard library does, and its example has been followed all too many times. I contend that printf()-style formatting is broken and its use should be considered a bug.
In order for this idea to have any chance of taking off, there needs to be a replacement which is at least as convenient as printf()-style formatting. That gives us three goals: safety, convenience, and easy internationalization. To get the ball rolling, I have prototyped such a thing for Objective-C, called JATemplate.
Via Vincent Demay