[Cfp-interest] printf, NaN, infinity
Mike Cowlishaw
mfc at speleotrove.com
Mon Nov 26 11:16:23 PST 2018
Fairly clear that the length of the sequence could be limited to some small
constant plus a maximum length of the payload .. at worst 64 characters for
64-bit NaNs?
_____
From: cfp-interest-bounces at oakapple.net
[mailto:cfp-interest-bounces at oakapple.net] On Behalf Of Jim Thomas
Sent: 26 November 2018 18:33
To: Fred J. Tydeman
Cc: CFP
Subject: Re: [Cfp-interest] printf, NaN, infinity
The proposal in Fred's 10/24 email entails release-to-release incompatible
changes, which needs a strong rationale.
Martin Sebor's paper is at
http://www.open-std.org/jtc1/sc22/wg14/www/docs/n2301.htm.
n-char-sequences are for optional implementation-defined semantics. The
current specification was intended to not burden implementations that don't
support the semantics.
Couldn't the security problem be addressed by limiting the length of any
n-char-sequence that might appear in printf output of nan(n-char-sequence),
perhaps to the value of an implementation-defined macro? The macro value
could be zero if the implementation never printed n-char-sequences.
- Jim Thomas
On Nov 26, 2018, at 8:39 AM, Fred J. Tydeman <tydeman at tybor.com> wrote:
On Mon, 26 Nov 2018 08:27:15 -0800 Jim Thomas wrote:
Is this proposal at the request of WG14? If so, what exactly was requested?
Not exactly. Martin Sebor presented a paper showing that the output
of the form NaN(chars) is unbounded, so is a security problem. He
presented an idea on how to limit that output. The committee did not
like his idea. So, I decided to come up with my own solution.
---
Fred J. Tydeman Tydeman Consulting
tydeman at tybor.com Testing, numerics, programming
+1 (702) 608-6093 Vice-chair of PL22.11 (ANSI "C")
Sample C99+FPCE tests: http://www.tybor.com
Savers sleep well, investors eat well, spenders work forever.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.oakapple.net/pipermail/cfp-interest/attachments/20181126/b988551e/attachment.html
More information about the Cfp-interest
mailing list