[PATCH] fix invalid printf format strings
Rich Felker
dalias at aerifal.cx
Sun Mar 26 06:43:52 UTC 2006
On Fri, Mar 24, 2006 at 09:52:34PM -0500, Rob Landley wrote:
> On Friday 24 March 2006 3:13 pm, Rich Felker wrote:
> > > No.
> > >
> > > See tail of platform.h
> > >
> > > We want make CC="cc -U_ -UN_" to dtrt, so pretty please rip them out
> > > while you're touching these very same lines and resend. TIA.
> >
> > OK, updated patch attached. Is this better?
>
> Bernhard, I'll leave it to you to check this in if you're happy with it...
If anyone wants a motivation for this patch, it's that my
implementation of printf rejects format strings containing %L[diouxX]
as invalid and does not print anything. In my view, this is the only
safe thing to do in the case of unspecified format strings, since
guessing on an interpretation could lead to serious bugs (including
vulnerabilities if %n is also used), due to reading the wrong size
types off the stack and misaligning the arguments.
Before anyone says that %Ld is sufficiently well established that it
should be standard, remember what happened with the stupid GNU
extensions to scanf. GNU scanf will barf horribly on:
double foo;
sscanf("0x0.1s", "%as", &foo);
due to using yet-unspecified characters for nonstandard extensions,
which ended up conflicting with C99.
Rich
More information about the busybox
mailing list