On Mon, 31 Dec 2007, Sheri wrote:
> Although I don't quite understand the security issues, this discussion
> suggests that %n should be removed from the standard:
>
> http://www.matasano.com/log/536/format-string-protection-disabling-n-by-default/
But at least one poster disagrees, and lists many applications that use
it. If a competent programmer uses it, it is perfectly safe. The
security issue arises only when an incompetent programmer allows a user
to pass a format string - something which one should *never* do. As a C
novice (actually, probably as a BCPL novice) I learned the difference
between printf(s) and printf("%s",s) when s is a user-supplied string.
Anyway, to remove a feature that has been in the standard for 17 years
and is relatively widely used is going to cause much trouble. I doubt
whether the standards bodies would go along with this. After all, there
are plenty of other features of C that can be abused.
Having said that, there is only one use of %n in pcregrep, and none
anywhere else in the PCRE package. As it happens, it is a particularly
simple usage to remove, so I will do so.
Philip
--
Philip Hazel
