* Percent sign in message
@ 2006-09-11 6:15 Whitfield Diffie
2006-09-11 6:38 ` Michaël Cadilhac
0 siblings, 1 reply; 16+ messages in thread
From: Whitfield Diffie @ 2006-09-11 6:15 UTC (permalink / raw)
Sunday 10 September 2006 at 23:03
I am sending this message to emacs-devel rather than bug-gnu-emacs
because, although I think this is arguable a bug, it could be fixed by
changing the documentation but the fix I propose is more substantial.
The command
(message "%")
produces the error
(error "Not enough arguments for format string")
because message hands its arguments directly to format and format makes
special use of percent signs. A reasonably careful look at the
documentation of format finds the warning that if you want a percent
in the format string, you should double it. That isn't so bad because
there is no reason to use format if you don't want the special way it
processes its string.
Message is another thing. It is perfectly reasonable to call message
to print a fixed string or, as produced the trouble, a string that is not
under the program's control. In my case, I have a function called
`describe-last-kbd-macro' that constructs a definition and calls message to
present it and my macro operated on comments in TeX. Clearly I could
pre-process the message to double the percent signs but it doesn't seem
that should be necessary.
What I propose is changing format so that it specially interprets as
many percent signs as it has arguments for and just passes the rest
verbatum, with a possible warning in the *Messages* buffer.
Whit
^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: Percent sign in message
2006-09-11 6:15 Percent sign in message Whitfield Diffie
@ 2006-09-11 6:38 ` Michaël Cadilhac
2006-09-11 6:57 ` Whitfield Diffie
0 siblings, 1 reply; 16+ messages in thread
From: Michaël Cadilhac @ 2006-09-11 6:38 UTC (permalink / raw)
Cc: emacs-devel
[-- Attachment #1.1: Type: text/plain, Size: 719 bytes --]
Whitfield Diffie <whitfield.diffie@sun.com> writes:
> In my case, I have a function called `describe-last-kbd-macro' that
> constructs a definition and calls message to present it and my macro
> operated on comments in TeX. Clearly I could pre-process the message
> to double the percent signs but it doesn't seem that should be
> necessary.
Why don't you use (message "%s" whatever)?
--
| Michaël `Micha' Cadilhac | Mieux vaut se taire |
| Epita/LRDE Promo 2007 | Que de parler trop fort. |
| http://michael.cadilhac.name | -- As de trèfle |
`-- - JID: micha@amessage.be --' - --'
[-- Attachment #1.2: Type: application/pgp-signature, Size: 188 bytes --]
[-- Attachment #2: Type: text/plain, Size: 142 bytes --]
_______________________________________________
Emacs-devel mailing list
Emacs-devel@gnu.org
http://lists.gnu.org/mailman/listinfo/emacs-devel
^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: Percent sign in message
2006-09-11 6:38 ` Michaël Cadilhac
@ 2006-09-11 6:57 ` Whitfield Diffie
2006-09-11 7:18 ` David Kastrup
0 siblings, 1 reply; 16+ messages in thread
From: Whitfield Diffie @ 2006-09-11 6:57 UTC (permalink / raw)
Cc: emacs-devel
Sunday 10 September 2006 at 23:55
> Why don't you use (message "%s" whatever)?
Because I'm an idiot. Thank you.
Whit
^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: Percent sign in message
2006-09-11 6:57 ` Whitfield Diffie
@ 2006-09-11 7:18 ` David Kastrup
2006-09-11 8:26 ` Kim F. Storm
0 siblings, 1 reply; 16+ messages in thread
From: David Kastrup @ 2006-09-11 7:18 UTC (permalink / raw)
Cc: Michaël Cadilhac, emacs-devel
Whitfield Diffie <whitfield.diffie@sun.com> writes:
> Sunday 10 September 2006 at 23:55
>
>> Why don't you use (message "%s" whatever)?
>
> Because I'm an idiot. Thank you.
Well, we have had enough "idiots" asking this question by now that it
would not seem amiss to mention this idiom in DOC-string and/or Elisp
manual entry. It does not seem immediately obvious.
--
David Kastrup, Kriemhildstr. 15, 44793 Bochum
^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: Percent sign in message
2006-09-11 7:18 ` David Kastrup
@ 2006-09-11 8:26 ` Kim F. Storm
2006-09-11 14:07 ` Stefan Monnier
0 siblings, 1 reply; 16+ messages in thread
From: Kim F. Storm @ 2006-09-11 8:26 UTC (permalink / raw)
Cc: Whitfield Diffie, Michaël Cadilhac, emacs-devel
David Kastrup <dak@gnu.org> writes:
>>> Why don't you use (message "%s" whatever)?
>>
> Well, we have had enough "idiots" asking this question by now that it
> would not seem amiss to mention this idiom in DOC-string and/or Elisp
> manual entry. It does not seem immediately obvious.
Done.
--
Kim F. Storm <storm@cua.dk> http://www.cua.dk
^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: Percent sign in message
2006-09-11 8:26 ` Kim F. Storm
@ 2006-09-11 14:07 ` Stefan Monnier
2006-09-11 19:57 ` Richard Stallman
0 siblings, 1 reply; 16+ messages in thread
From: Stefan Monnier @ 2006-09-11 14:07 UTC (permalink / raw)
Cc: Whitfield Diffie, Michaël Cadilhac, emacs-devel
>>>> Why don't you use (message "%s" whatever)?
>> Well, we have had enough "idiots" asking this question by now that it
>> would not seem amiss to mention this idiom in DOC-string and/or Elisp
>> manual entry. It does not seem immediately obvious.
Of course, we could also add a compiler warning whenever we see
(message <exp>) and <exp> is not a constant string.
Stefan
^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: Percent sign in message
2006-09-11 14:07 ` Stefan Monnier
@ 2006-09-11 19:57 ` Richard Stallman
2006-09-11 21:00 ` Stefan Monnier
0 siblings, 1 reply; 16+ messages in thread
From: Richard Stallman @ 2006-09-11 19:57 UTC (permalink / raw)
Cc: whitfield.diffie, emacs-devel, michael.cadilhac, storm
Of course, we could also add a compiler warning whenever we see
(message <exp>) and <exp> is not a constant string.
I think that would give too many false warnings, because it is not
unusual to obtain the format string from some non-constant source.
^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: Percent sign in message
2006-09-11 19:57 ` Richard Stallman
@ 2006-09-11 21:00 ` Stefan Monnier
2006-09-11 21:03 ` David Kastrup
2006-09-12 15:27 ` Richard Stallman
0 siblings, 2 replies; 16+ messages in thread
From: Stefan Monnier @ 2006-09-11 21:00 UTC (permalink / raw)
Cc: whitfield.diffie, emacs-devel, michael.cadilhac, storm
> Of course, we could also add a compiler warning whenever we see
> (message <exp>) and <exp> is not a constant string.
> I think that would give too many false warnings, because it is not
> unusual to obtain the format string from some non-constant source.
Could be. But the warning can be turned off by using (message "%s" <exp>).
Stefan
^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: Percent sign in message
2006-09-11 21:00 ` Stefan Monnier
@ 2006-09-11 21:03 ` David Kastrup
2006-09-11 22:05 ` Stefan Monnier
2006-09-12 15:27 ` Richard Stallman
1 sibling, 1 reply; 16+ messages in thread
From: David Kastrup @ 2006-09-11 21:03 UTC (permalink / raw)
Cc: whitfield.diffie, storm, michael.cadilhac, rms, emacs-devel
Stefan Monnier <monnier@iro.umontreal.ca> writes:
>> Of course, we could also add a compiler warning whenever we see
>> (message <exp>) and <exp> is not a constant string.
>
>> I think that would give too many false warnings, because it is not
>> unusual to obtain the format string from some non-constant source.
>
> Could be. But the warning can be turned off by using (message "%s" <exp>).
That would need to be
(message "%s" (format <exp>))
It is not unusual to obtain a _format_ string from some non-constant
source.
--
David Kastrup, Kriemhildstr. 15, 44793 Bochum
^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: Percent sign in message
2006-09-11 21:03 ` David Kastrup
@ 2006-09-11 22:05 ` Stefan Monnier
2006-09-11 22:13 ` David Kastrup
0 siblings, 1 reply; 16+ messages in thread
From: Stefan Monnier @ 2006-09-11 22:05 UTC (permalink / raw)
Cc: whitfield.diffie, storm, michael.cadilhac, rms, emacs-devel
>>> Of course, we could also add a compiler warning whenever we see
>>> (message <exp>) and <exp> is not a constant string.
>>
>>> I think that would give too many false warnings, because it is not
>>> unusual to obtain the format string from some non-constant source.
>>
>> Could be. But the warning can be turned off by using (message "%s" <exp>).
> That would need to be
> (message "%s" (format <exp>))
Well, only if <exp> contains escaped % signs. It's generally not the case.
> It is not unusual to obtain a _format_ string from some non-constant
> source.
But it then comes with some arguments as well, doesn't it?
Stefan
^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: Percent sign in message
2006-09-11 22:05 ` Stefan Monnier
@ 2006-09-11 22:13 ` David Kastrup
2006-09-12 3:20 ` Stefan Monnier
0 siblings, 1 reply; 16+ messages in thread
From: David Kastrup @ 2006-09-11 22:13 UTC (permalink / raw)
Cc: whitfield.diffie, storm, michael.cadilhac, rms, emacs-devel
Stefan Monnier <monnier@iro.umontreal.ca> writes:
>>>> Of course, we could also add a compiler warning whenever we see
>>>> (message <exp>) and <exp> is not a constant string.
>>>
>>>> I think that would give too many false warnings, because it is not
>>>> unusual to obtain the format string from some non-constant source.
>>>
>>> Could be. But the warning can be turned off by using (message "%s" <exp>).
>
>> That would need to be
>> (message "%s" (format <exp>))
>
> Well, only if <exp> contains escaped % signs. It's generally not
> the case.
>
>> It is not unusual to obtain a _format_ string from some non-constant
>> source.
>
> But it then comes with some arguments as well, doesn't it?
So what you mean is not
"the warning can be turned off by using (message "%s" <exp>)"
but rather
"the warning can be turned off by using (message <exp> <exp>+)"
Namely: warn if we use a _single_ non-constant expression as argument,
but don't complain if we use more than one expression as argument.
I'd consider that a good idea, but I find it hard to gather this as
your proposal from the wording you used.
--
David Kastrup, Kriemhildstr. 15, 44793 Bochum
^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: Percent sign in message
2006-09-11 22:13 ` David Kastrup
@ 2006-09-12 3:20 ` Stefan Monnier
0 siblings, 0 replies; 16+ messages in thread
From: Stefan Monnier @ 2006-09-12 3:20 UTC (permalink / raw)
Cc: whitfield.diffie, storm, michael.cadilhac, rms, emacs-devel
> So what you mean is not
> "the warning can be turned off by using (message "%s" <exp>)"
> but rather
> "the warning can be turned off by using (message <exp> <exp>+)"
No I really meant just what I said:
Output a warning when we see (message <exp>).
And such a warning can be silenced by replacing the offending expression
with (message "%s" <exp>).
> Namely: warn if we use a _single_ non-constant expression as argument,
Isn't that what I said:
whenever we see (message <exp>) and <exp> is not a constant string
-- Stefan
^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: Percent sign in message
2006-09-11 21:00 ` Stefan Monnier
2006-09-11 21:03 ` David Kastrup
@ 2006-09-12 15:27 ` Richard Stallman
2006-09-12 15:37 ` David Kastrup
1 sibling, 1 reply; 16+ messages in thread
From: Richard Stallman @ 2006-09-12 15:27 UTC (permalink / raw)
Cc: whitfield.diffie, emacs-devel, michael.cadilhac, storm
> I think that would give too many false warnings, because it is not
> unusual to obtain the format string from some non-constant source.
Could be. But the warning can be turned off by using (message "%s" <exp>).
Hmm. If the warning is given only in the case of one arg, maybe it won't
get too many spurious hits. I was thinking of getting nontrivial format
strings from nonconstant sources; but those cases would usually have
further arguments.
But let's save this for later.
^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: Percent sign in message
2006-09-12 15:27 ` Richard Stallman
@ 2006-09-12 15:37 ` David Kastrup
2006-09-19 19:39 ` Stuart D. Herring
0 siblings, 1 reply; 16+ messages in thread
From: David Kastrup @ 2006-09-12 15:37 UTC (permalink / raw)
Cc: whitfield.diffie, storm, michael.cadilhac, Stefan Monnier,
emacs-devel
Richard Stallman <rms@gnu.org> writes:
> > I think that would give too many false warnings, because it is not
> > unusual to obtain the format string from some non-constant source.
>
> Could be. But the warning can be turned off by using (message
> "%s" <exp>).
>
> Hmm. If the warning is given only in the case of one arg, maybe it won't
> get too many spurious hits. I was thinking of getting nontrivial format
> strings from nonconstant sources; but those cases would usually have
> further arguments.
>
> But let's save this for later.
I'd want to mention that format string vulnerabilities are a common
attack vector for viruses. They will not likely be exploitable in
Elisp, but it shows that they are not rare among programmers (indeed,
one such case prompted the release of Emacs 21.4), and could cause
weird effects.
I think such a warning would not be amiss, and should probably be
extended to `error' as well.
--
David Kastrup, Kriemhildstr. 15, 44793 Bochum
^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: Percent sign in message
2006-09-12 15:37 ` David Kastrup
@ 2006-09-19 19:39 ` Stuart D. Herring
2006-09-19 21:49 ` David Kastrup
0 siblings, 1 reply; 16+ messages in thread
From: Stuart D. Herring @ 2006-09-19 19:39 UTC (permalink / raw)
Cc: emacs-devel
> I'd want to mention that format string vulnerabilities are a common
> attack vector for viruses. They will not likely be exploitable in
> Elisp, but it shows that they are not rare among programmers (indeed,
> one such case prompted the release of Emacs 21.4), and could cause
> weird effects.
This is off-topic, but what was the case that prompted 21.4? I've never
seen it described.
Thanks,
Davis
--
This product is sold by volume, not by mass. If it appears too dense or
too sparse, it is because mass-energy conversion has occurred during
shipping.
^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: Percent sign in message
2006-09-19 19:39 ` Stuart D. Herring
@ 2006-09-19 21:49 ` David Kastrup
0 siblings, 0 replies; 16+ messages in thread
From: David Kastrup @ 2006-09-19 21:49 UTC (permalink / raw)
Cc: emacs-devel
"Stuart D. Herring" <herring@lanl.gov> writes:
>> I'd want to mention that format string vulnerabilities are a common
>> attack vector for viruses. They will not likely be exploitable in
>> Elisp, but it shows that they are not rare among programmers (indeed,
>> one such case prompted the release of Emacs 21.4), and could cause
>> weird effects.
>
> This is off-topic, but what was the case that prompted 21.4? I've never
> seen it described.
Well, the diff is short enough. A format string vulnerability in the
movemail executable.
--
David Kastrup, Kriemhildstr. 15, 44793 Bochum
^ permalink raw reply [flat|nested] 16+ messages in thread
end of thread, other threads:[~2006-09-19 21:49 UTC | newest]
Thread overview: 16+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2006-09-11 6:15 Percent sign in message Whitfield Diffie
2006-09-11 6:38 ` Michaël Cadilhac
2006-09-11 6:57 ` Whitfield Diffie
2006-09-11 7:18 ` David Kastrup
2006-09-11 8:26 ` Kim F. Storm
2006-09-11 14:07 ` Stefan Monnier
2006-09-11 19:57 ` Richard Stallman
2006-09-11 21:00 ` Stefan Monnier
2006-09-11 21:03 ` David Kastrup
2006-09-11 22:05 ` Stefan Monnier
2006-09-11 22:13 ` David Kastrup
2006-09-12 3:20 ` Stefan Monnier
2006-09-12 15:27 ` Richard Stallman
2006-09-12 15:37 ` David Kastrup
2006-09-19 19:39 ` Stuart D. Herring
2006-09-19 21:49 ` David Kastrup
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/emacs.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).