From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org X-Spam-Level: X-Spam-Status: No, score=-3.1 required=5.0 tests=DKIM_ADSP_CUSTOM_MED, DKIM_INVALID,DKIM_SIGNED,FREEMAIL_FROM,MAILING_LIST_MULTI, RCVD_IN_DNSWL_MED,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.4 Received: (qmail 20105 invoked from network); 22 Jun 2023 23:37:53 -0000 Received: from second.openwall.net (193.110.157.125) by inbox.vuxu.org with ESMTPUTF8; 22 Jun 2023 23:37:53 -0000 Received: (qmail 30483 invoked by uid 550); 22 Jun 2023 23:37:47 -0000 Mailing-List: contact musl-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Reply-To: musl@lists.openwall.com Received: (qmail 30441 invoked from network); 22 Jun 2023 23:37:46 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.ca; s=s2048; t=1687477054; bh=cd9ur0lqnPjdnq9l8jVx2kSqCk3jN1UEm/YK1QsToGE=; h=Date:From:Subject:To:Cc:References:In-Reply-To:From:Subject:Reply-To; b=jwtuPlcm6itz5sitHf9WQlP/5EutUR+NXTFKFaq26HITTBqa46W8U2Ses/ix6Gn2hOsNT+FEkrnYNnk98O2SIB7nCf+lX8wa3ToRJjWu679nbP0CKeNJgaYcZqx4VgATwAJkxmYA/8cITaq7kZ5w/s364Mp5zeEPJ9PtTZQVl+pERm4WWymhs9B0BHSdvPn2X075N2vWNEL8sRDQ+piJmaC5Upc+AN6tXGfUmh3t23GzlcQ5ffI+NDBSs5PwE1U5YDfokMu4y5F9GVLd5aeXicj1oCZJUrS1u/Mxy0gmQJKElkD7AT7Ur3/D+xxH9YfBtauB39Ql4Sa5VcbeC7vduw== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1687477054; bh=6VrRb0M9Z73T9IScZTzfkx6n6wTsAWu1+VzSUECSmHy=; h=X-Sonic-MF:Date:From:Subject:To:From:Subject; b=Fq0mL41E4nyzLCoKA1y8i1QanspIL0OWNVTnYi/w4qpNv+bTudN36PzNWLVQappKNZElaDuhHWP5u+6nUyTP0WNPrbtLANv6a8pxZpT8thMMQnNbMXX27j0nsrXsLTo4ao57tVQD2mKmBU80M1belE9PU5xkK9WQMCg0LYSJeksie2HU295HBKstP6l5/Litkwywkx5pmtugXM8vXiQq0kKSbP8SAf5asvsXykRDBINk+9IeaF3e6Efzx+8AesZsi85SQFL5jIx2+oBm4l7PT2caATgaNtlD9oybSIKpuJWmhgOuX8SXmwRAUenA69QKRVSJzuhVnoCFeUtShYcr9w== X-YMail-OSG: KiQixtMVM1k0Q7Q793WovPThoKX6m75JdivkSjH4P2IBPvIbKmgAI.qyFs90TXN pa2FqjGSpeuVtPklDfGpFbrt_DgLDJNSl3c4hWxjzDKigbux2pdahm9J2hIaMDRYi.sKH4PT.gcV hARmt1Dkk5qrVrM19TYM8RILD2pKr_Dj2qhQUtBUB.4xpTBYM7hj9gpRY68uiv0qsDAgDFa3oQZr ju8NnR.gwwOeklFCkYGuQVoOxYefJ32O1.Uv069J1UYeob_vwL5TKdY5c1p0s2k0lCPC8YT7LvOm hIiUngZgfdgYJDgQOHNmB3.zK1ML2fW.lHQTH0xAXa.7jRNAzcJHCG.Fac5H_NWmfsbWMVueLZsL xjk1eFshMQYKH.gvZBoRmCowvkz9Na_Xam_EVG3BuVjYP03g9Wr54cAnVXmk_2xye4SdfcBRtGbh h0fgRh6CLwWsbPDdxA946eU8GPLk4bIC0hIN1WowSyKEPlBn4yfmUNGF4P7aveVDmQq5lb9gXkxZ GBBGnBWqevlxurepB0zzQAUs4AF7hpEJj6jTg4tZtt.4faoE_c8ApBfrDCDwAY.tMXsWCmRZ.n44 E1pvv5tCHUd3x4lXO7OGJp1n.iUrAqlfZHAY7Vn4Ndhap8OF7G3JnJ4XJg3grujOOHADU9qTbtUs QPftWhmBdCegolxXxzanVzzwiz1DtEz_lJRWaF28mzt7tuqZ7WOpkf8T_dyIfwsdTVPZahEtj5zn BqkOvaCfYuu5WccqLE2ZRsdebsJQEjthf1z8HPArH8UG5BK.k19TdcWui_pT4etcHFKZILgduUVE sPTEaEXLEFCu_jSXxnHGPgEiSM3PsecJ6EZ2Sv_EU3dIRpRx6WwIouu39MYg99FEXsYjin6EXpaO H128Qt4pX2k1Rr5ccTKjXNj3R18RqNk562g3gPj0Mxq1h3Y4xenAu_Jupk8evWR92zQlxF3FjSpG iRwAPdobDHCYlSP81aGbK7XHDdGrAxDUSR3.0s61_R2KkKt14rBuH_7N90SgAgoh3gPVLoRqTYGc 2diQQRcA5yc8CteuohOpwMUbtsz8DIPp3q4_vSrFuaXnsLWhWfvuhbD_BS2H_H0chSsbLNQpcSvv b0_c8bQOemkcPvSns8NE3f5A7lLtmKcjNfdgfIACuG7mLN2il2iDc..fTnUIVlKMV9g3USP8bNz4 RM_B7_cLJ_Xzos3JTgVumIJTTrnV7DxUoFommlR3ba8Bixd1PPKidYohpFcAazRqiZykUpkqoAeK U0wkkYncJdIEQ1WwGiUeDbjPyKT3SnGvyf_MoUaGpIcsXBWyLd3ZNXUJzg13qw0QXaK5jb6b6JI. 5BL9rMVYrilMqUOR0efCCrU9dtEIMoiT0VwcrssXooT_kygcsVdBxlx33tqqoo.2OaIytmw.WqDE QGpp1doqDGSCk.iaNKc4I68F.QiV7MPy3oagTYgYVoLClYeUV5dc4qrI8JIGIba4jB8yOzPLKuTx yWJDIRKyT4wiGHyC7d6vaQO.O_baV_jRJfjjjbPjEmPpF1JsDQtXUI1ErwOAkZiDYFb8aJ90jtS. pLt9TMKmLGCAHDWZCs2SVf1lk0KddG.R4kP.G.HvSSp1EObKrDrMTYfbsKJJ3eGSzXS8bH7yCEOb hbWWUM1hVHLRDQWjjU0OQKDjoiXt6H4BMbJ1fwl3MD8JwmE7NBhP1mI73fiTGKzj1uK44RUZ_gLg ZllqtjBZWxQQP3f3EudxIhw2GexAFZa5WUvUyXRJFE.Fo9ZNK8LE0KoldPuGDaRavLmrjjZpP6Wa qQz1QH8luEMXFxgYgqJ1mO4mTM23q8J7HU5i5Kyks6YyTQP9xNL05ZnNNEVidkRokCngASKjq4Gh 9.R3n2_zrDwykRWIh2._UWudEdmRu8u1UWgCAdOpht0fTxblP6QFUTYGmvoZ7LxaTuaDuHMDQOpj r6xD.De6UXsw7UA7_ZGqgK3LD200x.lHrOn9SL51lTOZ0wpj.u.qa1WSh.jgxfBNH8vInUhmf3em xMK4yCOb7bdBsrfK2huHma7hWfH2XEZEW45SYa8cQkdVGJ_sRMWTIfuX1DHV4cNrK_k3FWZnniX5 J3ZfDgoAwZAWmI_bwNue_ntJpvSlt8YOZlFFvViiedE6a19eSXSmJmuBLL_Xc_T.i1uADbpddpYL Oh9RCgrA10zkV.uo8cK_vmmeeu7GNWE.5SagQ7IOvyDbM.iD_qt63bA5s20573DlgN3QbDiWtS7f ag4SvF.Swj_ItN_L5svK7kaEQWg-- X-Sonic-MF: X-Sonic-ID: 265a92ba-e0c0-444d-afd9-14b08485410c Date: Thu, 22 Jun 2023 19:37:22 -0400 From: "Alex Xu (Hello71)" To: musl@lists.openwall.com Cc: Markus Wichmann , Rich Felker References: <20230621213746.GM4163@brightrain.aerifal.cx> <20230622144550.GN4163@brightrain.aerifal.cx> In-Reply-To: <20230622144550.GN4163@brightrain.aerifal.cx> MIME-Version: 1.0 Message-Id: <1687470871.bzv5u1iuij.none@localhost> Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Mailer: WebService/1.1.21604 mail.backend.jedi.jws.acl:role.jedi.acl.token.atz.jws.hermes.yahoo Subject: Re: [musl] [PATCH] [RFC] trap on invalid printf formats Excerpts from Rich Felker's message of June 22, 2023 10:45 am: > FWIW I don't think there are a lot of these cases left in the wild at > all, but I'm not sure. it might be nice to do some distro-wide testing > with this patch applied (which is what I had in mind posting it) and > see if any problems are caught before really considering whether to > pursue upstreaming it. Unfortunately, it seems fairly widespread: https://codesearch.debian.net/search?q=3Dprintf.*%5B%25%5DL%5Bud%5D+-packag= e%3Agcc+-package%3Allvm*+path%3A.*%5C.c%24&literal=3D0 The most painful example: #if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(__APPLE_CC__) |= | defined(__APPLE__) || defined(ARGUS_SOLARIS) sprintf (pbuf, "%llu", value); #else sprintf (pbuf, "%Lu", value); #endif (copied and pasted 17 times in the same file, of course) I did some research and the most likely source of %Lu is the Linux=20 man-pages, which, before 1999 or thereabouts, said: > =E2=80=A2 The optional character l (ell) specifying that a following d, i= , o,=20 > u, x, or X conversion applies to a pointer to a long int or unsigned=20 > long int argument, or that a following n conversion corresponds to a=20 > pointer to a long int argument. Linux provides a non ANSI compliant=20 > use of two l flags as a synonym to q or L. Thus ll can be used in=20 > combination with float conversions. *This usage is, however, strongly=20 > discouraged.* > > =E2=80=A2 The character L specifying that a following e, E, f, g, or G=20 > conversion corresponds to a long double argument, or a following d, i,=20 > o, u, x, or X conversion corresponds to a long long argument. Note=20 > that long long is not specified in ANSI C and therefore not portable=20 > to all architectures. Emphasis added. So, pre-C99, L was in fact the recommended modifier for=20 long long. Cheers, Alex.