Dear Sean,
In message <[email protected]> you wrote:
>
> The issue with this is twofold. First, there is no portable way to
> construct a va_list from C code. So the likely way to do this would be
> to set an arbitrary limit, and then just pass the arguments in. E.g.
> something like
We already have an argument list: it's what's being passed to the
"setexpr" command, minus the initial arguments.
> snprintf(buf, sizeof(buf), argv[3], argc >= 4 ? argv[4] : NULL, /* etc
> */);
Why this test on argc? If it's less than 4, argv[4] should be NULL
anyway.
> but of course there is no way to check that the format string matches
> the correct number of arguments. This is a pretty big footgun.
You have this problem always when you have user provided format
strings and arguments. We don't have to re-invent the wheel here.
I repeat myself: maybe we should have a look at bash's
implementation of the printf builtin command? there I get for
example this:
$ printf "%d %d %d\n" 3
3 0 0
$ printf "%d %d %d\n" foo bar
-bash: printf: foo: invalid number
-bash: printf: bar: invalid number
0 0 0
> The other problem is that things like `%d` expect a number and not a
> string. So you would have to reimplement snprintf anyway so that it
> expects all of its arguments to be strings, and calls strtoul as
> appropriate. And considering that the *printf functions take 5k
> already, this reimplementation may add a significant amount of code.
> For this reason, I'd much prefer to just have `hex` and `dec` functions
> which do the appropriate conversions.
Eventually the format checking can be kept out of the generic
*printf() code; it could then be optional/configurable with the
"fmt" option in the setexpr command.
Best regards,
Wolfgang Denk
--
DENX Software Engineering GmbH, Managing Director: Wolfgang Denk
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
Phone: (+49)-8142-66989-10 Fax: (+49)-8142-66989-80 Email: [email protected]
Every program has at least one bug and can be shortened by at least
one instruction -- from which, by induction, one can deduce that
every program can be reduced to one instruction which doesn't work.
