printf field width argument handling
Jeff Johnston
jjohnstn@redhat.com
Tue Dec 1 03:39:00 GMT 2009
On 25/11/09 08:09 AM, Eric Blake wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> According to Corinna Vinschen on 11/25/2009 1:50 AM:
>> I don't think we have to return with errno set, either. I'm not even
>> sure if we should change the behaviour at all, given that practically
>> all BSD-based systems behave that way.
>
> POSIX is explicit that use of an improperly formed specifier (such as
> %**s) gives unspecified results; it permits but does not require failure
> with EINVAL, and returning successfully after printing an extremely huge
> field width still qualifies as a valid action for unspecified results.
> Besides, an invalid string is something you can audit for (after all, gcc
> - -Wall catches this particular one if you did it via a compile-time string,
> and if you are using arbitrary user input as a runtime-provided format
> string, you are already vulnerable to %n exploits), so why bloat the code
> to stop the user from doing something they should have already prevented
> at compile time?
>
Agreed.
-- Jeff J.
> - --
> Don't work too hard, make some time for fun as well!
>
> Eric Blake ebb9@byu.net
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.9 (Cygwin)
> Comment: Public key at home.comcast.net/~ericblake/eblake.gpg
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>
> iEYEARECAAYFAksNLIkACgkQ84KuGfSFAYAFpQCfeEoRkw66xz/6jnV1ctMwniMi
> ttAAnR6Sfq4lSJu2lYX4ce5b+vWy0HxY
> =8P+x
> -----END PGP SIGNATURE-----
More information about the Newlib
mailing list