allow some printf calls in @safe code #22145
Conversation
|
Thanks for your pull request, @WalterBright! Bugzilla referencesYour PR doesn't reference any Bugzilla issue. If your PR contains non-trivial changes, please reference a Bugzilla issue or create a manual changelog. Testing this PR locallyIf you don't have a local development environment setup, you can use Digger to test this PR: dub run digger -- build "master + dmd#22145" |
WalterBright
force-pushed
the
safePrintf
branch
4 times, most recently
from
015bb4c to
bcd0a83
Compare
|
surely this should also check for malformatted arguments too. Also |
|
Malformed arguments are picked up later by checkPrintfFormat(). I cannot think of another dangerous format specifier. Which ones do you see? |
|
Nic has asked me to check some specs for unsafe options. For FreeBSD & Debian:
For Windows: As above: But also |
|
%n is taken care of by checkPrintfFormat(). %S and %Z are not in the C11 Standard and will error out int checkPrintfFormat(). |
thewilsonator
left a comment
thewilsonator
left a comment
There was a problem hiding this comment.
in which case please add them to the test case. Also does this apply to printf with pragma(printf) not applied.
thewilsonator
left a comment
thewilsonator
left a comment
There was a problem hiding this comment.
meant to request changes
|
See https://cplusplus.com/reference/cstdio/printf/ and %S and %Z are not part of the Standard, and are currently rejected by the compiler checks. @rikkimax I'd like to review where they are coming from so we can determine what to do about them. Note that nobody has used them yet, else we would have heard about it. |
https://manpages.debian.org/trixie/manpages-dev/printf.3.en.html |
|
they are GNU extensions/POSIX iirc, if they are rejected outright by the compiler then fine, but we should have aa test for that |
Not an extension, comes from SUS aka Unix. |
|
From https://manpages.debian.org/trixie/manpages-dev/printf.3.en.html :
(emphasis added) They're already rejected by checkPrintfFormat(). They've been obsoleted long ago, and the user can substitute |
|
That covers posix behavior, but not the Windows one for It takes: https://learn.microsoft.com/en-us/windows/win32/api/ntdef/ns-ntdef-string or https://learn.microsoft.com/en-us/windows/win32/api/ntdef/ns-ntdef-_unicode_string |
|
The two cites do not mention %Z. And if %Z does the same thing as the Standard %z, there is no purpose in supporting that extension. |
|
But this does: https://learn.microsoft.com/en-us/cpp/c-runtime-library/format-specification-syntax-printf-and-wprintf-functions?view=msvc-170 Which I linked in my first comment. |
|
It says "VS 2013 and earlier". It was obsolete 12 years ago. |
It mentions UCRT, so it isn't obsolete. I'll verify. |
|
It's kernel only, so I can't test it. So yeah we can ignore that. |
|
Wasn't the change request resolved? |
|
There have been no further pushes to the branch since that request was made, so no. Still need to add those to the test case. |
|
They're already taken care of because an error is issued if they are used. |
|
then please add those to the test case |
WalterBright
force-pushed
the
safePrintf
branch
from
bcd0a83 to
c0e257f
Compare
WalterBright
force-pushed
the
safePrintf
branch
from
c0e257f to
5c5da4a
Compare
4 participants
With the move to @safe by default, this will make using @System printf easier to use.