printf behaviour with illegal or malformed format string
Poul-Henning Kamp
phk at phk.freebsd.dk
Tue Dec 13 00:40:34 PST 2005
In message <20051213175413.H80942 at delplex.bde.org>, Bruce Evans writes:
>There is also fmtcheck(3).
I didn't even know about that one, but given that there is only two
uses in all of /src I do not feel ashamed.
>Extensions should rarely be needed for printf(),
Actually I disagree with you on that.
It was my list of "things I keep doing over and over" that convinced
me otherwise.
Here are some of the formats I miss, and which I will probably write
extensions for so people can trivially enable them:
%T print a time_t
%lT print a struct timeval
%llT print a struct timespec
%I print an IP#
%lI print an IPv6#
%H Hexdump
%V stringvis a string
%M Metric (like the "engineering" format on HP calculators)
%H "Human" (Tera,Giga,Mega,Kilo{bits,bytes})
>>> I'm leaning towards doing what phkmalloc has migrated to over time:
>>> Make a variable which can select between "normal/paranoia" and force
>>> it to paranoia for (uid==0 || gid==0 || setuid || setgid).
>>>
>>> If the variable is set, a bogus format string will result in abort(2).
>
>This sometimes breaks defined behaviour.
It does ? I didn't think there were defined behaviour for bogus
format strings ?
>>> If it is not set, the format string will be output unformatted in
>>> the message "WARNING: Illegal printf() format string: \"...\".
>
>malloc()'s messages are better ("<progname>: error ...").
Obviously.
--
Poul-Henning Kamp | UNIX since Zilog Zeus 3.20
phk at FreeBSD.ORG | TCP/IP since RFC 956
FreeBSD committer | BSD since 4.3-tahoe
Never attribute to malice what can adequately be explained by incompetence.
More information about the freebsd-arch
mailing list