This is the mail archive of the newlib@sourceware.org mailing list for the newlib project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: printf field width argument handling

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

According to Corinna Vinschen on 11/25/2009 1:50 AM:
> I don't think we have to return with errno set, either.  I'm not even
> sure if we should change the behaviour at all, given that practically
> all BSD-based systems behave that way.

POSIX is explicit that use of an improperly formed specifier (such as
%**s) gives unspecified results; it permits but does not require failure
with EINVAL, and returning successfully after printing an extremely huge
field width still qualifies as a valid action for unspecified results.
Besides, an invalid string is something you can audit for (after all, gcc
- -Wall catches this particular one if you did it via a compile-time string,
and if you are using arbitrary user input as a runtime-provided format
string, you are already vulnerable to %n exploits), so why bloat the code
to stop the user from doing something they should have already prevented
at compile time?

- --
Don't work too hard, make some time for fun as well!

Eric Blake             ebb9@byu.net
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (Cygwin)
Comment: Public key at home.comcast.net/~ericblake/eblake.gpg
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAksNLIkACgkQ84KuGfSFAYAFpQCfeEoRkw66xz/6jnV1ctMwniMi
ttAAnR6Sfq4lSJu2lYX4ce5b+vWy0HxY
=8P+x
-----END PGP SIGNATURE-----
Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]