[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

%q with truncating size loses safeness of %q

From: Sam Liddicott
Subject: %q with truncating size loses safeness of %q
Date: Fri, 17 Apr 2020 15:22:16 +0100

Configuration Information [Automatically generated, do not change]:
Machine: x86_64
OS: linux-gnu
Compiler: gcc
Compilation CFLAGS:  -DPROGRAM='bash' -DCONF_HOSTTYPE='x86_64'
-DCONF_OSTYPE='linux-gnu' -DCONF_MACHTYPE='x86_64-pc-linux-gnu'
-DCONF_VENDOR='pc' -DLOCALEDIR='/usr/share/locale' -DPACKAGE='bash'
-DSHELL -DHAVE_CONFIG_H   -I.  -I../. -I.././include -I.././lib
-Wdate-time -D_FORTIFY_SOURCE=2 -g -O2
-fstack-protector-strong -Wformat -Werror=format-security -Wall
-Wno-parentheses -Wno-format-security
uname output: Linux sojojojo 5.3.0-46-generic #38~18.04.1-Ubuntu SMP
Tue Mar 31 04:17:56 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
Machine Type: x86_64-pc-linux-gnu

Bash Version: 4.4
Patch Level: 20
Release Status: release

Also occurs on 5.0.7(1)-release

printf %q with a truncating size will emit partially escaped
sequence thus losing the safety and composability that %q
is intended to provide.

$ printf 'echo %.2q%q\n' "a'b" ';ls'
echo a\\;ls
The semi-colon is no longer escaped, the expectation of
the %q formatter is lost

If it the escape sequence that is to be limited in size,
then it should avoid emitting a partial sequence

If the product of the  sequence is to be limited in size, then
the truncating  size quantifer should apply to the input, so
that it will emit output which will produce a value of the
specified length

reply via email to

[Prev in Thread] Current Thread [Next in Thread]