[Cfp-interest] printf, NaN, infinity
Jim Thomas
jaswthomas at sbcglobal.net
Mon Nov 26 10:33:04 PST 2018
The proposal in Fred’s 10/24 email entails release-to-release incompatible changes, which needs a strong rationale.
Martin Sebor's paper is at http://www.open-std.org/jtc1/sc22/wg14/www/docs/n2301.htm <http://www.open-std.org/jtc1/sc22/wg14/www/docs/n2301.htm>.
n-char-sequences are for optional implementation-defined semantics. The current specification was intended to not burden implementations that don’t support the semantics.
Couldn’t the security problem be addressed by limiting the length of any n-char-sequence that might appear in printf output of nan(n-char-sequence), perhaps to the value of an implementation-defined macro? The macro value could be zero if the implementation never printed n-char-sequences.
- Jim Thomas
> On Nov 26, 2018, at 8:39 AM, Fred J. Tydeman <tydeman at tybor.com> wrote:
>
> On Mon, 26 Nov 2018 08:27:15 -0800 Jim Thomas wrote:
>>
>> Is this proposal at the request of WG14? If so, what exactly was requested?
>
> Not exactly. Martin Sebor presented a paper showing that the output
> of the form NaN(chars) is unbounded, so is a security problem. He
> presented an idea on how to limit that output. The committee did not
> like his idea. So, I decided to come up with my own solution.
>
>
>
> ---
> Fred J. Tydeman Tydeman Consulting
> tydeman at tybor.com Testing, numerics, programming
> +1 (702) 608-6093 Vice-chair of PL22.11 (ANSI "C")
> Sample C99+FPCE tests: http://www.tybor.com
> Savers sleep well, investors eat well, spenders work forever.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.oakapple.net/pipermail/cfp-interest/attachments/20181126/c635d6d3/attachment.html
More information about the Cfp-interest
mailing list