From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org
X-Spam-Level: 
X-Spam-Status: No, score=-3.3 required=5.0 tests=MAILING_LIST_MULTI,
	RCVD_IN_DNSWL_MED,T_SCC_BODY_TEXT_LINE autolearn=ham
	autolearn_force=no version=3.4.4
Received: (qmail 864 invoked from network); 21 Jun 2023 21:38:06 -0000
Received: from second.openwall.net (193.110.157.125)
  by inbox.vuxu.org with ESMTPUTF8; 21 Jun 2023 21:38:06 -0000
Received: (qmail 12247 invoked by uid 550); 21 Jun 2023 21:38:02 -0000
Mailing-List: contact musl-help@lists.openwall.com; run by ezmlm
Precedence: bulk
List-Post: <mailto:musl@lists.openwall.com>
List-Help: <mailto:musl-help@lists.openwall.com>
List-Unsubscribe: <mailto:musl-unsubscribe@lists.openwall.com>
List-Subscribe: <mailto:musl-subscribe@lists.openwall.com>
List-ID: <musl.lists.openwall.com>
Reply-To: musl@lists.openwall.com
Received: (qmail 12206 invoked from network); 21 Jun 2023 21:38:01 -0000
Date: Wed, 21 Jun 2023 17:37:49 -0400
From: Rich Felker <dalias@libc.org>
To: musl@lists.openwall.com
Message-ID: <20230621213746.GM4163@brightrain.aerifal.cx>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="5fECsWged6836Ycf"
Content-Disposition: inline
User-Agent: Mutt/1.5.21 (2010-09-15)
Subject: [musl] [PATCH] [RFC] trap on invalid printf formats


--5fECsWged6836Ycf
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

Inspired by a new instance of some bitrotted software using %Lu
instead of %llu, attached is a draft patch to catch such errors rather
than silently leaving missing output.

I don't know if this is a good idea to actually do (note: probably
matching changes should be made in wide printf and maybe also scanf if
so) but I'm posting it here in case anyone wants to experiment or
discuss. Note that there is no conformance distinction since invalid
format strings are undefined behavior.

Rich

--5fECsWged6836Ycf
Content-Type: text/plain; charset=us-ascii
Content-Disposition: attachment; filename="printf-trap.diff"

diff --git a/src/stdio/vfprintf.c b/src/stdio/vfprintf.c
index 33019ff1..c3bd4d31 100644
--- a/src/stdio/vfprintf.c
+++ b/src/stdio/vfprintf.c
@@ -10,6 +10,7 @@
 #include <inttypes.h>
 #include <math.h>
 #include <float.h>
+#include "atomic.h"
 
 /* Some useful macros */
 
@@ -652,8 +653,7 @@ static int printf_core(FILE *f, const char *fmt, va_list *ap, union arg *nl_arg,
 	return 1;
 
 inval:
-	errno = EINVAL;
-	return -1;
+	a_crash();
 overflow:
 	errno = EOVERFLOW;
 	return -1;

--5fECsWged6836Ycf--