From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail From: Richard Stallman Newsgroups: gmane.emacs.bugs Subject: bug#58966: [Trunk] Xcode 14.1+ (and macOS 13.0+) deprecate sprintf() Date: Mon, 07 Nov 2022 02:46:45 -0500 Message-ID: References: <91d5853d-b810-3b69-93cf-772c81c34f7e@cs.ucla.edu> Reply-To: rms@gnu.org Content-Type: text/plain; charset=Utf-8 Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214"; logging-data="38401"; mail-complaints-to="usenet@ciao.gmane.io" Cc: gerd.moellmann@gmail.com, 58966@debbugs.gnu.org, stefankangas@gmail.com, jacob.fai@gmail.com To: Paul Eggert Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Mon Nov 07 08:47:16 2022 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane-mx.org Original-Received: from lists.gnu.org ([209.51.188.17]) by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1orwqi-0009lK-KN for geb-bug-gnu-emacs@m.gmane-mx.org; Mon, 07 Nov 2022 08:47:16 +0100 Original-Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1orwqW-00005m-SO; Mon, 07 Nov 2022 02:47:05 -0500 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1orwqU-0008VC-90 for bug-gnu-emacs@gnu.org; Mon, 07 Nov 2022 02:47:02 -0500 Original-Received: from debbugs.gnu.org ([209.51.188.43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1orwqT-0005u5-W2 for bug-gnu-emacs@gnu.org; Mon, 07 Nov 2022 02:47:02 -0500 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1orwqT-0005Zr-Lc for bug-gnu-emacs@gnu.org; Mon, 07 Nov 2022 02:47:01 -0500 X-Loop: help-debbugs@gnu.org Resent-From: Richard Stallman Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Mon, 07 Nov 2022 07:47:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 58966 X-GNU-PR-Package: emacs Original-Received: via spool by 58966-submit@debbugs.gnu.org id=B58966.166780721621424 (code B ref 58966); Mon, 07 Nov 2022 07:47:01 +0000 Original-Received: (at 58966) by debbugs.gnu.org; 7 Nov 2022 07:46:56 +0000 Original-Received: from localhost ([127.0.0.1]:33109 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1orwqO-0005ZU-6n for submit@debbugs.gnu.org; Mon, 07 Nov 2022 02:46:56 -0500 Original-Received: from eggs.gnu.org ([209.51.188.92]:52762) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1orwqL-0005ZG-8g for 58966@debbugs.gnu.org; Mon, 07 Nov 2022 02:46:55 -0500 Original-Received: from fencepost.gnu.org ([2001:470:142:3::e]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1orwqF-0004J9-CW; Mon, 07 Nov 2022 02:46:47 -0500 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=Date:References:Subject:In-Reply-To:To:From: mime-version; bh=NwD2pI8Esg/JBbYU3QkW8UgSa9cM1fN3xOScwvqJzgI=; b=NmVPZjxrW5Ab vTrgdq0EVVPotmABr/oOGP9U9O8S1bd6I8TzNQox4XBD4ayS94xlc585q1Qkb4GNWP7LdZ9FT2X1g eAK3XD0qeYWq9pWWtncA/9PXlXVAK+xdxM3fjD2b69aZk4slw0nzB4oUqrYVe6tho0J+ZUrZhh+eS WZDfxGHUWOI/RWXDQsFCVn/90zFxoicNk7uRn9BKVR3G9rJ3A+SgiRq+tun+IOQ04SuD/i1crUwLV kfjG5F1WbVDNnDoXo4TbQXms56XO1TrEdz65i/ki++Z8OtgwJ6mvv+CSs0H1SoMvhI1qnBwZUZRtF gpvVxfJfjBFxKyTYhrtfLw==; Original-Received: from rms by fencepost.gnu.org with local (Exim 4.90_1) (envelope-from ) id 1orwqD-0003mU-W3; Mon, 07 Nov 2022 02:46:46 -0500 In-Reply-To: (message from Paul Eggert on Sat, 5 Nov 2022 13:00:25 -0700) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Original-Sender: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Xref: news.gmane.io gmane.emacs.bugs:247263 Archived-At: [[[ To any NSA and FBI agents reading my email: please consider ]]] [[[ whether defending the US Constitution against all enemies, ]]] [[[ foreign or domestic, requires you to follow Snowden's example. ]]] > While we're on the topic: sprintf and snprintf both have serious design > flaws, in that they cannot generate output longer than INT_MAX bytes, > and this contradicts the GNU design philosophy to avoid arbitrary > limits. I principle, yes. But most of the calls to sprintf I saw seem to generate output that is very limited in size, so there is no danger of buffer overflow in practice. > > We could switch to snprintf, and define snprintf to call sprintf > > in systems where snprintf isn't available. > That wouldn't that easy to do, What is hard about it? > > It is possible to verify > > that sprintf did not overwrite the buffer. > Sorry, I don't know what this comment is trying to say. Sorry if that was too terse. If we define snpritf to call sprintf on some platforms, as I suggested as a fallback, that definition can check the return value of sprintf to make sure that sprintf did not overflow the output buffer that snprintf was given. It can call fatal if that overflow occurs. > In my experience, with a debugging runtime sprintf is better than > snprintf, as sprintf reliably reports bugs What is a "debugging runtime"? sprintf can't try to detect overflow of the output buffer, because nothing tells sprintf how big the buffer is. -- Dr Richard Stallman (https://stallman.org) Chief GNUisance of the GNU Project (https://gnu.org) Founder, Free Software Foundation (https://fsf.org) Internet Hall-of-Famer (https://internethalloffame.org)