Path: csiph.com!4.us.feeder.erje.net!feeder.erje.net!weretis.net!feeder6.news.weretis.net!news.linkpendium.com!news.linkpendium.com!panix!usenet.stanford.edu!not-for-mail From: Chet Ramey Newsgroups: gnu.bash.bug Subject: Re: %q with truncating size loses safeness of %q Date: Fri, 17 Apr 2020 16:12:20 -0400 Organization: ITS, Case Western Reserve University Lines: 32 Approved: bug-bash@gnu.org Message-ID: References: <4bacf2f0-9802-67d3-f30b-80e37d058a4a@case.edu> Reply-To: chet.ramey@case.edu NNTP-Posting-Host: lists.gnu.org Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-Trace: usenet.stanford.edu 1587154350 15393 209.51.188.17 (17 Apr 2020 20:12:30 GMT) X-Complaints-To: action@cs.stanford.edu Cc: chet.ramey@case.edu To: Sam Liddicott , bug-bash@gnu.org, bash@packages.debian.org Envelope-to: bug-bash@gnu.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=case.edu; s=smtp-primary; t=1587154344; bh=JY0sRPYqd2CeWIdrsAT9CxwSNJVy55jIlmqxk/4yrqk=; h=Reply-To:Cc:Subject:To:References:From:Message-ID:Date: MIME-Version:In-Reply-To:Content-Type:Content-Transfer-Encoding; b=WXJCO0s4NseqsRgEAZT1bT7M74eM+rpE2etJ0J6OtIA5WoYJu+xrqxXhYdjlfWsf33 U6uDZWsjkwCFO19AKSaDUgD/pNtuMwDug/RQo7r/S1xl4M9JCgCAB8EhHsDAsDJPqkr aJ7L7zDMuLeaWc5wCUVVwdyFHxfrLs795X54qezAM9Fpb/tQ9QNBpIxTY8+C7mf3c/2 bSmELIm0QSGW6z7h00KmTuSrwjHz2Hm2CA9pjPGyMeGceo9wQsV1Fu668bDGgxyGcRv SvSoZf1AwH1XZXZCFxx7cow8M6Lqw+IEgCpbz8R40bdaRO4GcBnelwvuPJhtMZySib8 DkTMrWtw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=case.edu; s=smtp-primary; t=1587154343; bh=tD9RI4M54VhH17E0KIW5tj95npjFmEI0TTrxeyX4oE8=; h=Reply-To:Cc:Subject:To:References:From:Message-ID:Date: MIME-Version:In-Reply-To:Content-Type:Content-Transfer-Encoding; b=gdbSKUE6vEKAPMWkPvQVpkLrAjPPFgIN/SECTH4hRdTyotD7rxwacDTL9hQFrSXzCE sW79L4PT7V99C/sZzMSliQeDSW3t+f0zsM/4iNUZuiz0g+P5Af4zCqkF4HoNVSmdxSB G8CzDkKN5zp/a9SgbxrOGxzLG2ueLiOTquFUsogp8xv9dsqL4vTji3WCd+HIgRSo1ol yefFyClGhgttRXbkQVIQpBla0s0sWMd+eG3sDT7MZcRylTFImq+aGrwVzGIIGxzD8/w X/jDJFqCIac2FchkK94tbohSYjvA6z7TsqvkXqSXurQwLrRJxnqvqdvfIQ1ivn4rE5m xESyk5VQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=case.edu; s=g-case; h=reply-to:cc:subject:to:references:from:autocrypt:organization :message-id:date:user-agent:mime-version:in-reply-to :content-language:content-transfer-encoding; bh=tD9RI4M54VhH17E0KIW5tj95npjFmEI0TTrxeyX4oE8=; b=JlVMAuGLiRpETqid+2Gdf9xhQHIrHBSZQ0DlIgvzQt85RZTwt7ybpTjuOclP4804aI +svRxY15va5XWRttze4oqk0YZVQVyfrd5/huBe/oOnzU+guKMsonhYGr6Ce47tzY6jgp 8B5KGInHO3o3691Vg7EIX1HrFK1rK5B9fKj1DrKVExA98LRtR47UyxRiKJtPyNfLozlG bdRXJN1vACap1KqjEIpronknT3tW1j1FkG/cTHu21uj5CRdTM5tgAdgfJ3doHoTEZOIG SVH5h1B/erpNXphLz8HYj+DpmxlVv2VM9sVETyErCu4eEqVICxlY1hcmBPeRAghLDMxk c1LA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:reply-to:cc:subject:to:references:from:autocrypt :organization:message-id:date:user-agent:mime-version:in-reply-to :content-language:content-transfer-encoding; bh=tD9RI4M54VhH17E0KIW5tj95npjFmEI0TTrxeyX4oE8=; b=X14JpjLTw9x7ngNJ8ejGmrZGQ9B4LcNVwa8gND6rDYHNxxzOtDexrR6Nsyu22H0v6H BUYvH6gTK6wSLruOl0JzBjLnjo8nXD38eRPcf+ATJ36uyRJGpxSr+IevOjGDTbjDV9ms acvIzFwyO8TE7/6dJW3opFF86uW8bW5Mf5c4X+LgxYNgs/tELkUmItftPrbFTv5eLQUT Uz2QB1SMxdJGvN7KXZsDfTbBtvishHtvOBMnz6lUbk+DKvH3Y9V2NRVyey+WvFcmHNJs O6KBiuU5p0ddawesCHr3qEQW8Rp/1i32ZFo5I5KPZe3YZUaFgtpWEKA8hbCLuPMtS9W3 JSSQ== X-Gm-Message-State: AGi0PuaXFsfTZ2ecCPRmI0+QcEFp6uY71qzU2f9+jyVpHLzBcYAap4d+ c61nJgq7EapECdIzOqc/acDKoZEbObvfKwEiZtPkkRay6G2RkfJr/gt8BS2bkVtvieDOC1I3vbO PLqsfN5WupFs= X-Received: by 2002:ac8:65d4:: with SMTP id t20mr4854596qto.358.1587154342389; Fri, 17 Apr 2020 13:12:22 -0700 (PDT) X-Google-Smtp-Source: APiQypLVTAPsxLmRYZik69CR7ep6BDjIyWJDlCxuAxHszlSs2WllUSPo+hKEul0VD+lZwzKkX/E6FA== X-Received: by 2002:ac8:65d4:: with SMTP id t20mr4854574qto.358.1587154341978; Fri, 17 Apr 2020 13:12:21 -0700 (PDT) Autocrypt: addr=chet.ramey@case.edu; prefer-encrypt=mutual; keydata= mQGiBEEOsGwRBACFa0A1oa71HSZLWxAx0svXzhOZNQZOzqHmSuGOG92jIpQpr8DpvgRh40Yp AwdcXb8QG1J5yGAKeevNE1zCFaA725vGSdHUyypHouV0xoWwukYO6qlyyX+2BZU+okBUqoWQ koWxiYaCSfzB2Ln7pmdys1fJhcgBKf3VjWCjd2XJTwCgoFJOwyBFJdugjfwjSoRSwDOIMf0D /iQKqlWhIO1LGpMrGX0il0/x4zj0NAcSwAk7LaPZbN4UPjn5pqGEHBlf1+xDDQCkAoZ/VqES GZragl4VqJfxBr29Ag0UDvNbUbXoxQsARdero1M8GiAIRc50hj7HXFoERwenbNDJL86GPLAQ OTGOCa4W2o29nFfFjQrsrrYHzVtyA/9oyKvTeEMJ7NA3VJdWcmn7gOu0FxEmSNhSoV1T4vP2 1Wf7f5niCCRKQLNyUy0wEApQi4tSysdz+AbgAc0b/bHYVzIf2uO2lIEZQNNt+3g2bmXgloWm W5fsm/di50Gm1l1Na63d3RZ00SeFQos6WEwLUHEB0yp6KXluXLLIZitEJLQwQ2hldCBSYW1l eSAoQ2FzZSBzdGFuZGFyZCkgPGNoZXQucmFtZXlAY2FzZS5lZHU+iF8EExECAB8FAkPi19EC GwMHCwkIBwMCAQMVAgMDFgIBAh4BAheAAAoJELtYafBk6nSrelkAn31Gsuib7GcCZHbv5L5t VKYR9LklAJ4hzUHKA49Z0QXR+qCb80osIcmPSbkBDQRBDrBvEAQAkK6TAOKBEM+EC4j6V/7o /riVZqcgU5cid2qG9TXdwNtD9a3kvA/ObZBO93sX59wc6Bnwo4VJxsOmMlpGrAjJsxNwg3QH akEtf8LXRbVpj5xStdmBdQZUhIQyalo/2/TZq5OijtddUQcL5cs70hTv/FpT3wUvr2Xr8rjF 41IFEz8AAwcD/A0CZEGlzIrT5WCBnl6xBog/8vKiUCbarByat3d1mL6DbizvKNXQRTC9E/vE dENAWCQCjr75Bu55xT8n3SXGtWdDC5xmZ/P3OBYORP8yl8H8I1FIosWOFirbIeYdZPq8SPD1 HL+EXo9zSiHVrrZRJ19ooCKKbSdXHFCY+aJG+0KZiEkEGBECAAkFAkEOsG8CGwwACgkQu1hp 8GTqdKvjcACfZlkVCDwaz/NTO9cy3t69oWpVPNwAnRwe0qk/WL/gfhH346xh5B3HFbFN User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:68.0) Gecko/20100101 Thunderbird/68.7.0 In-Reply-To: Content-Language: en-US X-Mirapoint-IP-Reputation: reputation=Good-1, source=Queried, refid=tid=0001.0A020303.5E9A0CFD.00D0, actions=tag X-Mirapoint-IP-Reputation: reputation=good-1, source=Fixed, refid=n/a, actions=tag X-Junkmail-Status: score=7/80, host=mpv2-2015.case.edu X-Junkmail-PrAS-Raw: score=7/80, refid=2.7.2:2020.4.17.191217:17:7.944, ip=, rules=__YOUTUBE_RCVD, DKIM_SIGNATURE, __X_GOOGLE_DKIM_SIGNATURE, __HAS_REPLYTO, __HAS_CC_HDR, __SUBJ_REPLY, __BOUNCE_CHALLENGE_SUBJ, __BOUNCE_NDR_SUBJ_EXEMPT, __TO_MALFORMED_2, __MULTIPLE_RCPTS_TO_X2, __TO_NAME, __TO_NAME_DIFF_FROM_ACC, __HAS_REFERENCES, __REFERENCES, __HAS_FROM, FROM_EDU_TLD, __HAS_MSGID, __SANE_MSGID, DATE_TZ_NA, __USER_AGENT, __MOZILLA_USER_AGENT, __MIME_VERSION, __IN_REP_TO, __CT, __CT_TEXT_PLAIN, __CTE, __REPLYTO_SAMEAS_FROM_ADDY, __REPLYTO_SAMEAS_FROM_ACC, __FROM_DOMAIN_IN_ANY_CC1, __FROM_DOMAIN_IN_ANY_CC2, __REPLYTO_SAMEAS_FROM_DOMAIN, __DKIM_ALIGNS_1, __DKIM_ALIGNS_2, __ANY_URI, __URI_MAILTO, __URI_WITH_PATH, __URI_ENDS_IN_SLASH, __URI_NO_WWW, __CP_URI_IN_BODY, __STOCK_PHRASE_7, __FRAUD_MONEY_CURRENCY_DOLLAR, __SUBJ_ALPHA_NEGATE, __URI_IN_BODY, __URI_NOT_IMG, __MAIL_CHAIN, __FORWARDED_MSG, __BODY_NO_MAILTO, __NO_HTML_TAG_RAW, [TRUNCATED], so=2010-03-03 19:42:08, dmn=2016-08-03-0138 X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.4.x-2.6.x [generic] [fuzzy] X-Received-From: 129.22.103.227 X-BeenThere: bug-bash@gnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Bug reports for the GNU Bourne Again SHell List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-Mailman-Original-Message-ID: <4bacf2f0-9802-67d3-f30b-80e37d058a4a@case.edu> X-Mailman-Original-References: Xref: csiph.com gnu.bash.bug:16155 On 4/17/20 10:22 AM, Sam Liddicott wrote: > Bash Version: 4.4 > Patch Level: 20 > Release Status: release > > Also occurs on 5.0.7(1)-release > > Description: > printf %q with a truncating size will emit partially escaped > sequence thus losing the safety and composability that %q > is intended to provide. > > Repeat-By: > $ printf 'echo %.2q%q\n' "a'b" ';ls' > echo a\\;ls > The semi-colon is no longer escaped, the expectation of > the %q formatter is lost I would say this is a programmer error. The way precisions work with string arguments is that the argument is fetched or generated (this includes generating the quoted string for %q or the expanded string for %b) and then printf writes number of bytes (!) from that generated string specified by the precision. Chet -- ``The lyf so short, the craft so long to lerne.'' - Chaucer ``Ars longa, vita brevis'' - Hippocrates Chet Ramey, UTech, CWRU chet@case.edu http://tiswww.cwru.edu/~chet/