printf field width argument handling
Eric Blake
ebb9@byu.net
Wed Nov 25 19:26:00 GMT 2009
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
According to Corinna Vinschen on 11/25/2009 1:50 AM:
> I don't think we have to return with errno set, either. I'm not even
> sure if we should change the behaviour at all, given that practically
> all BSD-based systems behave that way.
POSIX is explicit that use of an improperly formed specifier (such as
%**s) gives unspecified results; it permits but does not require failure
with EINVAL, and returning successfully after printing an extremely huge
field width still qualifies as a valid action for unspecified results.
Besides, an invalid string is something you can audit for (after all, gcc
- -Wall catches this particular one if you did it via a compile-time string,
and if you are using arbitrary user input as a runtime-provided format
string, you are already vulnerable to %n exploits), so why bloat the code
to stop the user from doing something they should have already prevented
at compile time?
- --
Don't work too hard, make some time for fun as well!
Eric Blake ebb9@byu.net
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (Cygwin)
Comment: Public key at home.comcast.net/~ericblake/eblake.gpg
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAksNLIkACgkQ84KuGfSFAYAFpQCfeEoRkw66xz/6jnV1ctMwniMi
ttAAnR6Sfq4lSJu2lYX4ce5b+vWy0HxY
=8P+x
-----END PGP SIGNATURE-----
More information about the Newlib
mailing list