printf behaviour with illegal or malformed format string

[Poul-Henning Kamp]

In message <20051213175413.H80942 at delplex.bde.org>, Bruce Evans writes:

>There is also fmtcheck(3).

I didn't even know about that one, but given that there is only two
uses in all of /src I do not feel ashamed.

>Extensions should rarely be needed for printf(),

Actually I disagree with you on that.

It was my list of "things I keep doing over and over" that convinced
me otherwise.

Here are some of the formats I miss, and which I will probably write
extensions for so people can trivially enable them:

	%T	print a time_t
	%lT	print a struct timeval
	%llT	print a struct timespec
	%I	print an IP#
	%lI	print an IPv6#
	%H	Hexdump
	%V	stringvis a string
	%M	Metric (like the "engineering" format on HP calculators)
	%H	"Human" (Tera,Giga,Mega,Kilo{bits,bytes})

>>> I'm leaning towards doing what phkmalloc has migrated to over time:
>>> Make a variable which can select between "normal/paranoia" and force
>>> it to paranoia for (uid==0 || gid==0 || setuid || setgid).
>>>
>>> If the variable is set, a bogus format string will result in abort(2).
>
>This sometimes breaks defined behaviour.

It does ?  I didn't think there were defined behaviour for bogus
format strings ?

>>> If it is not set, the format string will be output unformatted in
>>> the message "WARNING: Illegal printf() format string: \"...\".
>
>malloc()'s messages are better ("<progname>: error ...").

Obviously.


-- 
Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
phk at FreeBSD.ORG         | TCP/IP since RFC 956
FreeBSD committer       | BSD since 4.3-tahoe    
Never attribute to malice what can adequately be explained by incompetence.