[Cfp-interest] printf, NaN, infinity

[Jim Thomas]

The proposal in Fred’s 10/24 email entails release-to-release incompatible changes, which needs a strong rationale.

Martin Sebor's paper is at http://www.open-std.org/jtc1/sc22/wg14/www/docs/n2301.htm <http://www.open-std.org/jtc1/sc22/wg14/www/docs/n2301.htm>.

n-char-sequences are for optional implementation-defined semantics. The current specification was intended to not burden implementations that don’t support the semantics.

Couldn’t the security problem be addressed by limiting the length of any n-char-sequence that might appear in printf output of nan(n-char-sequence), perhaps to the value of an implementation-defined macro? The macro value could be zero if the implementation never printed n-char-sequences.

- Jim Thomas

> On Nov 26, 2018, at 8:39 AM, Fred J. Tydeman <tydeman at tybor.com> wrote:
> 
> On Mon, 26 Nov 2018 08:27:15 -0800 Jim Thomas wrote:
>> 
>> Is this proposal at the request of WG14? If so, what exactly was requested?
> 
> Not exactly.  Martin Sebor presented a paper showing that the output
> of the form NaN(chars) is unbounded, so is a security problem.  He
> presented an idea on how to limit that output.  The committee did not
> like his idea.  So, I decided to come up with my own solution.
> 
> 
> 
> ---
> Fred J. Tydeman        Tydeman Consulting
> tydeman at tybor.com      Testing, numerics, programming
> +1 (702) 608-6093      Vice-chair of PL22.11 (ANSI "C")
> Sample C99+FPCE tests: http://www.tybor.com
> Savers sleep well, investors eat well, spenders work forever.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.oakapple.net/pipermail/cfp-interest/attachments/20181126/c635d6d3/attachment.html