[VPM] perl segfault
Malcolm Dew-Jones
yf110 at victoria.tc.ca
Fri Feb 13 19:36:20 CST 2004
On Fri, 13 Feb 2004, abez wrote:
>
> If you type at the commandline
> perl -e "printf '%ve'"; echo $?
%ve ? I don't seem to be able to use %ve in printf in perl on two
different platforms. Is this a typo?
> You will notice the program segfaults and returns with code 139
> (interesting enough this is the netbios/samba port).
>
> I've determined it's the printf trying to print a double which doesn't
> exist and isn't a double.
>
> It doesn't sound very serious but imagine you use a printf in a web app
> and the user types in a %ve..
But the user should never be entering the %ve in the first place. That is
part of your code, not the data that a user would ever normally be allowed
to enter (at least not without proper value and taint checking before you
used it).
You have asked printf to format one variable but then you didn't pass it
(at least) one variable, which is a bug.
If your code had passed a variable to printf then everything would have
worked ok no matter what the value of that variable happened to be.
(I have used %e here cause %ve does nothing for me)
e.g.
perl -e "my $printf '%e',undef" # pass in undef
0.000000e+000
perl -e "my $printf '%e',''" # pass in empty string
0.000000e+000
perl -e "my $printf '%e',1" # pass in a number
1.000000e+000
perl -e "printf '%e',\my %var" # pass a variable reference!
3.775808e+006
More information about the Victoria-pm
mailing list