Path: csiph.com!5.us.feeder.erje.net!feeder.erje.net!news.linkpendium.com!news.linkpendium.com!panix!usenet.stanford.edu!not-for-mail From: Sam Liddicott Newsgroups: gnu.bash.bug Subject: Re: %q with truncating size loses safeness of %q Date: Fri, 17 Apr 2020 21:38:56 +0100 Lines: 40 Approved: bug-bash@gnu.org Message-ID: References: <4bacf2f0-9802-67d3-f30b-80e37d058a4a@case.edu> NNTP-Posting-Host: lists.gnu.org Mime-Version: 1.0 Content-Type: text/plain; charset="UTF-8" X-Trace: usenet.stanford.edu 1587155962 16109 209.51.188.17 (17 Apr 2020 20:39:22 GMT) X-Complaints-To: action@cs.stanford.edu Cc: bug-bash@gnu.org, bash@packages.debian.org To: Chester Ramey Envelope-to: bug-bash@gnu.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=liddicott-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=ofbYOu8u+rmKBESl/HYz9HPn1NhXB48IIXRRnZwboks=; b=Y/kKuXJFr8JgiJiuS05V4bp1Sb0lDQkGH/92OIKoX70wPImGU3j2UjsHKtpmtzXPqS nVaVaBMk/YsqHM4cLG8njDX3Z6NLNdHq6JhaNTDSccgwnemiMeUmi3Au2VFiY9a9iDsi CnxbucdkHuf96WW7Kl/ktcMt1zklNL1+BJg5HwuA2ShYW6J+DC3MuTAm13d/s+0klKPW fwZ9N69mScrXabZxhJer0iUMyZlW/lav3H3fgLcEMB0kxeW24yvKevcW6pYvE0nmtFUz Bss6bMLMWppSPBDne6Baa6qc/7/LsUA7sUoesSKKmIcBFjy2+dm2pLTbx8b4p4L0UKAJ 6wRQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=ofbYOu8u+rmKBESl/HYz9HPn1NhXB48IIXRRnZwboks=; b=RhluGYr8bxrxszboraMhOOBpTUk/i0mVVQh/VqiMwLMtc1h/tTwuFHvy4LSDHuuWcS x6ECI9RDk6SlHZVRQi/mm8eqr9oN3e9AeDIdEwNMK5rwdo/C2mqbFvmklQvY4X0uHY/x m2z7EJ1OvUkD7tV6q5V2DA9SM9/tf2FOm52PIXMddgvMjBHb7eUh6P6hWMuuko1f9UWM XaFSXi/uUONMs8kignbYaTd6QSC5RBGCg8F6VPqVP/amuAzLPikpifwzb8nMY7R6zYcS IAf5IBgOFEgzFiAjklxND7kfEhq6kUD+lVvqSF4Eq6rpGfiKfP/uXaVejdsOjtIcyK4d atEQ== X-Gm-Message-State: AGi0Pub/kWS3aWtbbLAVIvoh2vgy+SpyO697hypH23/MkLBXAHNW21/x gWdFALjpXIgGUxp6MhTc8nMIjMo8+nMFZNWn8UeE9Q== X-Google-Smtp-Source: APiQypKBV3e7M3OyZCbFULwGF3Dy/qqQ+5cmLROHQFtmaF/d4oGcO1tWCQAB7y7QXny8cVlF5L4w8lH65/WZn/5CPyk= X-Received: by 2002:a19:992:: with SMTP id 140mr3250273lfj.41.1587155949332; Fri, 17 Apr 2020 13:39:09 -0700 (PDT) In-Reply-To: <4bacf2f0-9802-67d3-f30b-80e37d058a4a@case.edu> X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 2a00:1450:4864:20::134 X-Content-Filtered-By: Mailman/MimeDel 2.1.23 X-BeenThere: bug-bash@gnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Bug reports for the GNU Bourne Again SHell List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-Mailman-Original-Message-ID: X-Mailman-Original-References: <4bacf2f0-9802-67d3-f30b-80e37d058a4a@case.edu> Xref: csiph.com gnu.bash.bug:16160 So is it to be "fixed" in the documentation with a warning that truncating-size specifiers for %q may nullify the safety benefits for which it is used? Sam On Fri, 17 Apr 2020, 21:12 Chet Ramey, wrote: > On 4/17/20 10:22 AM, Sam Liddicott wrote: > > > Bash Version: 4.4 > > Patch Level: 20 > > Release Status: release > > > > Also occurs on 5.0.7(1)-release > > > > Description: > > printf %q with a truncating size will emit partially escaped > > sequence thus losing the safety and composability that %q > > is intended to provide. > > > > Repeat-By: > > $ printf 'echo %.2q%q\n' "a'b" ';ls' > > echo a\\;ls > > The semi-colon is no longer escaped, the expectation of > > the %q formatter is lost > > I would say this is a programmer error. The way precisions work with > string arguments is that the argument is fetched or generated (this > includes generating the quoted string for %q or the expanded string for > %b) and then printf writes number of bytes (!) from that generated string > specified by the precision. > > Chet > > -- > ``The lyf so short, the craft so long to lerne.'' - Chaucer > ``Ars longa, vita brevis'' - Hippocrates > Chet Ramey, UTech, CWRU chet@case.edu http://tiswww.cwru.edu/~chet/ >