-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 According to Simon Josefsson on 2/2/2009 5:16 AM: >> In m4, I was using xprintf instead of printf. Is it worth the extra >> security here? printf can fail for reasons like ENOMEM which do not set >> the ferror flag and thus are not caught by the close_stdout atexit module, >> so a robust program should be checking for failures. > > Does this problem occur in practice on any modern platform?
Yes - Jim noticed real problems on a GNU/Linux system when implementing printf(1), where the printf(3) failed due to malloc failure without printing any output, but also without setting the stream error indicator, such that printf(1) exited with status 0. Which is why he implemented xprintf in the first place. On the other hand, the failure scenario is more likely to occur when using formats that produce lots of output (large precisions), or convert floating point to decimal, neither of which should be the case for these statements. - -- Don't work too hard, make some time for fun as well! Eric Blake e...@byu.net -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (Cygwin) Comment: Public key at home.comcast.net/~ericblake/eblake.gpg Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkmG9hEACgkQ84KuGfSFAYBD2QCcCpM5F380eY/QnjiEViOetb0B P+8AnRSgpQ17rV/n7Dd4ONDBRk/jvCG0 =YTXf -----END PGP SIGNATURE-----
