[VPM] perl segfault

abez abez at abez.ca
Fri Feb 13 19:58:53 CST 2004


On Fri, 13 Feb 2004, Malcolm Dew-Jones wrote:

> %ve ?  I don't seem to be able to use %ve in printf in perl on two
> different platforms.  Is this a typo?

A. What platform are you using?

B. Try running this:
perl -e "printf('%ve'); print 'Done',$/";

If you don't see Done.. Something is wrong. It could be you aren't
seeing anything because the program has already crashed.

> But the user should never be entering the %ve in the first place.  That is
> part of your code, not the data that a user would ever normally be allowed
> to enter (at least not without proper value and taint checking before you
> used it).

Imagine in some code we have 

print "$floatingvalue:$uservalue$/";

Imagine the boss asks us to only print 2 decimal placeS?

print "%.02f:$uservalue$/",$floatingvalue;

The user enters in "%ve".

> If your code had passed a variable to printf then everything would have
> worked ok no matter what the value of that variable happened to be.

The point is what could happen by accident. Your perl interpretter is
supposed to protect you from certain things like segfaults for the
simple operations.

Interestingly enough 

perl -e "printf('%ve',2.2); print 'Done',$/"; #works
perl -e "printf('%ve'); print 'Done',$/"; #doesn't
perl -e "printf('%.02f %ve',2.2); print 'Done',$/"; #doesn't
perl -e "printf('%.02f %ve',2.2,undef); print 'Done',$/"; #works

I would gather that the %*e makes it look for another arguement on the
printf arg stack. But it doesn't do proper checking (it's not there) and
thus it seg faults.

-- 
abez ------------------------------------------
http://www.abez.ca/ Abram Hindle (abez at abez.ca)
------------------------------------------ abez




More information about the Victoria-pm mailing list