tech-pkg archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: gettext 0.16 vs 0.14.6
On Fri, Jul 18, 2008 at 03:45:29PM +0200, Alan Barrett wrote:
> On Fri, 18 Jul 2008, Greg Troxel wrote:
> > I read the NEWS for gettext 0.17, and it didn't say anything about
> > printf argument reordering. Is that something specified in POSIX, or a
> > Linuxism, or something else? I can see it being useful for
> > printing internationalized dates.
>
> I don't know who did it first, but SUSv3 calls it an "XSI"
> option. It's not in the C99 standard, or in NetBSD's libc. See
> <http://www.opengroup.org/onlinepubs/009695399/functions/sprintf.html>,
> which uses internationalised dates as an example.
It is a right PITA to implement, I suspect the original implementation
assumed that all the stack could be treated as an array!
Taking format specifiers from text files is a security nightmare.
An incorrect format (and the code can't specify a dummy one with the
types of the argumemts) can not only crash the program (just use %s),
but, in many cases, overwrite arbitrary stack locations with arbitrary
(although usually relativly small) values (look up %n).
David
--
David Laight: david%l8s.co.uk@localhost
Home |
Main Index |
Thread Index |
Old Index