Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > gnu.bash.bug > #16160
| From | Sam Liddicott <sam@liddicott.com> |
|---|---|
| Newsgroups | gnu.bash.bug |
| Subject | Re: %q with truncating size loses safeness of %q |
| Date | 2020-04-17 21:38 +0100 |
| Message-ID | <mailman.546.1587155961.3066.bug-bash@gnu.org> (permalink) |
| References | <CAOj-5WCqxqh=Gcda9k6y4orQaQYXPgsOgNEOVN1AdZQrkCVbtg@mail.gmail.com> <4bacf2f0-9802-67d3-f30b-80e37d058a4a@case.edu> <CAOj-5WAM4c38uJ4kWb-=_4qx_2umkHYVyWOGhPAac-ASNZqw4Q@mail.gmail.com> |
So is it to be "fixed" in the documentation with a warning that truncating-size specifiers for %q may nullify the safety benefits for which it is used? Sam On Fri, 17 Apr 2020, 21:12 Chet Ramey, <chet.ramey@case.edu> wrote: > On 4/17/20 10:22 AM, Sam Liddicott wrote: > > > Bash Version: 4.4 > > Patch Level: 20 > > Release Status: release > > > > Also occurs on 5.0.7(1)-release > > > > Description: > > printf %q with a truncating size will emit partially escaped > > sequence thus losing the safety and composability that %q > > is intended to provide. > > > > Repeat-By: > > $ printf 'echo %.2q%q\n' "a'b" ';ls' > > echo a\\;ls > > The semi-colon is no longer escaped, the expectation of > > the %q formatter is lost > > I would say this is a programmer error. The way precisions work with > string arguments is that the argument is fetched or generated (this > includes generating the quoted string for %q or the expanded string for > %b) and then printf writes number of bytes (!) from that generated string > specified by the precision. > > Chet > > -- > ``The lyf so short, the craft so long to lerne.'' - Chaucer > ``Ars longa, vita brevis'' - Hippocrates > Chet Ramey, UTech, CWRU chet@case.edu http://tiswww.cwru.edu/~chet/ >
Back to gnu.bash.bug | Previous | Next | Find similar
Re: %q with truncating size loses safeness of %q Sam Liddicott <sam@liddicott.com> - 2020-04-17 21:38 +0100
csiph-web