[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: new module suggestion: fprintftime-check
From: |
Bruno Haible |
Subject: |
Re: new module suggestion: fprintftime-check |
Date: |
Sat, 29 Dec 2018 07:08:12 +0100 |
User-agent: |
KMail/5.1.3 (Linux/4.4.0-141-generic; KDE/5.18.0; x86_64; ; ) |
[CCing Florian Weimer.
Florian, the thread started at
https://lists.gnu.org/archive/html/bug-gnulib/2018-12/msg00149.html ]
Assaf Gordon wrote:
> The comment even says:
> /* Unknown format; output the format, including the '%',
> since this is most likely the right thing to do if a
> multibyte string has been misparsed. */
>
> This has been the case since 1996 when strftime.c was imported from libc
> (gnulib commit afabd949).
>
> I suspect that changing this behavior would be a disruptive
> backwards-incompatible change (but other opinions are welcomed).
The "security" and "robustness" aspects of software have gained importance
over the last 22 years, also in domain of glibc.
Florian, Assaf discovered that glibc processing of time format strings
(strftime) operates according to the garbage-in - garbage-out principle,
that is, an invalid format string does not get reported to the caller
but instead produces output that is "most likely the right thing".
Is this still considered the adequate processing, from a glibc point of
view?
Bruno