From: Yair Lenga <yair.lenga@gmail.com>
To: Adhemerval Zanella <adhemerval.zanella@linaro.org>
Cc: libc-help@sourceware.org
Subject: Re: Buffer size checking for scanf* functions
Date: Wed, 6 Jul 2022 00:50:34 +0300 [thread overview]
Message-ID: <C02D2DBD-B73C-466A-870D-48D3D8C9FA6B@gmail.com> (raw)
>
> Adhemerval,
Thanks for taking time to review my posting.
I agree 100% with the critic on annex K. I believe there is (almost) universal agreement that it was half baked solution, rushed into the standard without proper review - which is why it got very little traction.
However, the fact the the annex K has many flaws does not mean that there are no good ideas in it. In particular, the ability to create “safer” vararg lists for atomic types, and use them in scanf* and similar, is significant improvement (IHMO). I believe it improve safety, while keeping code clean, readable, and can be used for many use cases (e.g., my scanf from a result set, parsing csv-like data, …).
Also worth mentioning that one mentioned alternative (OBS - object size checking) can fit into the proposed scanf change, given it ability to identify object sizes for static/dynamic char *.
Hoping to get feedback on my proposal for this limited use case.
Also, regarding the proposal for using stringifying macros, etc. Those are interesting ideas, but will break code clarity/readability . They Will not fit nicely into large scale projects, given their limitation (e.g. with dynamic size strings, etc.)
Thanks again for your time/ideas/feedback,
Yair
Sent from my iPad
> On Jul 5, 2022, at 3:39 PM, Adhemerval Zanella <adhemerval.zanella@linaro.org> wrote:
> The glibc does not support hooks for scanf and I don’t think we will even
> will, the printf hooks itself has some drawbacks (MT-safeness, etc.). Also
> scan_s and similar ‘enhanced’ functions from TR-24731 have not been widely
> implemented mainly because they do not actually improve much. Carlos and
> Martim, both GNU developers, wrote a paper discussing the problems with
> these interfaces [1].
next reply other threads:[~2022-07-05 21:50 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-07-05 21:50 Yair Lenga [this message]
2022-07-06 12:10 ` Adhemerval Zanella
2022-07-06 15:04 ` Yair Lenga
2022-07-11 12:38 ` Adhemerval Zanella
-- strict thread matches above, loose matches on Subject: below --
2022-07-05 7:31 Yair Lenga
2022-07-05 12:39 ` Adhemerval Zanella
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=C02D2DBD-B73C-466A-870D-48D3D8C9FA6B@gmail.com \
--to=yair.lenga@gmail.com \
--cc=adhemerval.zanella@linaro.org \
--cc=libc-help@sourceware.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).