[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: new module suggestion: fprintftime-check
|
From: |
Florian Weimer |
|
Subject: |
Re: new module suggestion: fprintftime-check |
|
Date: |
Wed, 02 Jan 2019 09:03:50 +0100 |
|
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/26.1 (gnu/linux) |
* Bruno Haible:
> [CCing Florian Weimer.
> Florian, the thread started at
> https://lists.gnu.org/archive/html/bug-gnulib/2018-12/msg00149.html ]
>
> Assaf Gordon wrote:
>> The comment even says:
>> /* Unknown format; output the format, including the '%',
>> since this is most likely the right thing to do if a
>> multibyte string has been misparsed. */
>>
>> This has been the case since 1996 when strftime.c was imported from libc
>> (gnulib commit afabd949).
>>
>> I suspect that changing this behavior would be a disruptive
>> backwards-incompatible change (but other opinions are welcomed).
>
> The "security" and "robustness" aspects of software have gained importance
> over the last 22 years, also in domain of glibc.
>
> Florian, Assaf discovered that glibc processing of time format strings
> (strftime) operates according to the garbage-in - garbage-out principle,
> that is, an invalid format string does not get reported to the caller
> but instead produces output that is "most likely the right thing".
Historically, some Lua scripts have relied on strftime not crashing, but
I think this awas fixed on the Lua side a couple of years ago.
The standards do not provide a way to report errors for malformed format
strings. I think the current behavior is acceptable, all things
considered.
Thanks,
Florian
- Re: new module suggestion: fprintftime-check,
Florian Weimer <=