From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on dcvr.yhbt.net X-Spam-Level: X-Spam-ASN: AS22989 208.118.235.0/24 X-Spam-Status: No, score=-4.0 required=3.0 tests=AWL,BAYES_00, DKIM_ADSP_CUSTOM_MED,DKIM_INVALID,DKIM_SIGNED, FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI,SPF_PASS shortcircuit=no autolearn=ham autolearn_force=no version=3.4.2 Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by dcvr.yhbt.net (Postfix) with ESMTPS id A732E1F405 for ; Sat, 29 Dec 2018 15:34:46 +0000 (UTC) Received: from localhost ([127.0.0.1]:38851 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1gdGdR-0005wv-0Q for normalperson@yhbt.net; Sat, 29 Dec 2018 10:34:45 -0500 Received: from eggs.gnu.org ([208.118.235.92]:57968) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1gdGdI-0005lN-57 for bug-gnulib@gnu.org; Sat, 29 Dec 2018 10:34:40 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1gdGQU-0002ph-2l for bug-gnulib@gnu.org; Sat, 29 Dec 2018 10:21:26 -0500 Received: from mail-pf1-x42e.google.com ([2607:f8b0:4864:20::42e]:34952) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1gdGQT-0002op-TL for bug-gnulib@gnu.org; Sat, 29 Dec 2018 10:21:22 -0500 Received: by mail-pf1-x42e.google.com with SMTP id z9so11648226pfi.2 for ; Sat, 29 Dec 2018 07:21:21 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:cc:references:from:message-id:date:user-agent :mime-version:in-reply-to:content-language:content-transfer-encoding; bh=n+mDC3eCzUL335JYLkLIFPpecUT8vnHULwv0exPTZTg=; b=iFZgyXEUISnp9AsGvLcqaYK34nRzpPkFj4vuhziBZ3IbaPNf28GkheaetcnuNTxMIz Clwy/3GjP4V1tv/UbCCVwXpdiGQ49kQ4G2va+bgpDasi8Mg5/wG+TIF4R1NrlbRuI3aN 7HVlxmCu2KAyDYn9v3zkhAsGkjOaxKi5v92pxNmIc0fiCgpe68A4iyjHhwPoKzI9qzIR Hq00dLzSsNz+gvzqHtB3pTD0lxCbAvX/x7Jv8K0LRMRpQDj0tMYKugrtYq63LDuqX2nA qVWOCh60G5VCCarOIAtbALyVcUCOW+zFARzFlFjEdNPpuiGrb3SVzjm7ivaH5fRtAA/6 xosQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=n+mDC3eCzUL335JYLkLIFPpecUT8vnHULwv0exPTZTg=; b=rK6eNDmJ31AnbdY0wBA1hUhkhn+dgBa2LMJDENSBqqbA82+qjc4TVmZtnA/qfT18BE oO4lauJ7nQon7VjKpMA1KaO7FnmaqEak3MBxmVV+EFGjDL+mqq7F9B+NaGZy7nFR65Sw 843zpLaKH4lAlG6uyerbIwyO2KgF1fdQ4gFxxPyVXlZ4L8YlQNEEYpXXf1t0hI4ZQ6K0 0psjk2sTdycDximmuEYo1ofODIh05H8t9i2oQrQiVQESVLYj+Cq/ii9i939OAbkosCxE nff0OoHzAyLxdELA15euawXZkSoG+YEbIYw/eQHDbjGKH6mBQFFKiW3/mIdA/fqJN+Op NopA== X-Gm-Message-State: AJcUukeJARyt65vAh4395I+fMRGEQl21igYqc23mmVHanJf66lD8UbBj xCh3Y3W9p0xUa8e1UQKrsOc= X-Google-Smtp-Source: ALg8bN7V0DHuTvKPRR2f7ypBNQebasg4JlqN+qLDO77hKrI/rLeRsLElq+d0vkzPn8TpSpeHex2qow== X-Received: by 2002:a63:2109:: with SMTP id h9mr1921103pgh.277.1546096880862; Sat, 29 Dec 2018 07:21:20 -0800 (PST) Received: from tomato.housegordon.com (moose.housegordon.com. [184.68.105.38]) by smtp.googlemail.com with ESMTPSA id f67sm83751852pff.29.2018.12.29.07.21.19 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sat, 29 Dec 2018 07:21:19 -0800 (PST) Subject: Re: new module suggestion: fprintftime-check To: Bruno Haible References: <5c116236-dfd7-9bd9-a18e-3e55789ae985@gmail.com> <42958301.nlEivnNqOc@omega> <3472199.bSzxmTJ3n3@omega> From: Assaf Gordon Message-ID: <8e104d55-9347-4904-f7fc-8d6933314afa@gmail.com> Date: Sat, 29 Dec 2018 08:21:18 -0700 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.3.0 MIME-Version: 1.0 In-Reply-To: <3472199.bSzxmTJ3n3@omega> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 2607:f8b0:4864:20::42e X-BeenThere: bug-gnulib@gnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: Gnulib discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Florian Weimer , bug-gnulib@gnu.org Errors-To: bug-gnulib-bounces+normalperson=yhbt.net@gnu.org Sender: "bug-gnulib" On 2018-12-28 11:08 p.m., Bruno Haible wrote: > [CCing Florian Weimer. > Florian, the thread started at > https://lists.gnu.org/archive/html/bug-gnulib/2018-12/msg00149.html ] > > Assaf Gordon wrote: >> The comment even says: >> /* Unknown format; output the format, including the '%', >> since this is most likely the right thing to do if a >> multibyte string has been misparsed. */ >> >> This has been the case since 1996 when strftime.c was imported from libc >> (gnulib commit afabd949). >> >> I suspect that changing this behavior would be a disruptive >> backwards-incompatible change (but other opinions are welcomed). > > The "security" and "robustness" aspects of software have gained importance > over the last 22 years, also in domain of glibc. > > Florian, Assaf discovered that glibc processing of time format strings > (strftime) operates according to the garbage-in - garbage-out principle, > that is, an invalid format string does not get reported to the caller > but instead produces output that is "most likely the right thing". > > Is this still considered the adequate processing, from a glibc point of > view? > For reference, this is about ./time/strftime_l.c lines 1414-1428: https://sourceware.org/git/?p=glibc.git;a=blob;f=time/strftime_l.c;h=c71f9f47a9525046b59a89c005de22a304367d4d;hb=HEAD#l1414 Also, POSIX says: "If a conversion specification does not correspond to any of the above, the behavior is undefined." http://pubs.opengroup.org/onlinepubs/9699919799/functions/strftime.html Looking at the "bigger picture", I'll just say my goal is to provide a helpful warning in date(1), not to change any APIs... regards, - assaf