diff options
author | Alejandro Colomar <alx@kernel.org> | 2023-12-06 15:36:51 +0100 |
---|---|---|
committer | Alejandro Colomar <alx@kernel.org> | 2023-12-06 18:15:22 +0100 |
commit | 30cdb698f6f1af19f13b26c9a1b64bb67b45768a (patch) | |
tree | 12117cd8a36fd29859a07900760f00b5962b0e77 | |
parent | 082aa268e483357dab7d6c2132a475d7986181ae (diff) |
sscanf.3: Remove term 'deprecated', and expand BUGS
Several programmers have been confused about this use of 'deprecated'.
Also, maximum field width can be used with these fields to mitigate the
problem. Still, it's only a mitigation, since it limits the number of
characters read, but that means an input of LONG_MAX+1 --which takes up
the same number of characters than LONG_MAX-- would still cause UB; or
one can limit that to well below the limit of UB, but then it
artificially invalidates valid input. No good way to avoid UB with
sscanf(3), but it's not necessarily bad with trusted input (and
strtol(3) isn't the panacea either: it avoids UB, but error checking is
hard; strtoi(3) is good, though, but not standard).
Link: <https://stackoverflow.com/questions/77601832/man-sscanf-d-is-deprecated-in-c-or-glibc/>
Cc: Lee Griffiths <poddster@gmail.com>
Cc: Zack Weinberg <zack@owlfolio.org>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
-rw-r--r-- | man3/sscanf.3 | 15 |
1 files changed, 2 insertions, 13 deletions
diff --git a/man3/sscanf.3 b/man3/sscanf.3 index 2211cab7d..4c0bdc318 100644 --- a/man3/sscanf.3 +++ b/man3/sscanf.3 @@ -359,7 +359,6 @@ No conversion is done (but initial white space characters are discarded), and assignment does not occur. .TP .B d -.IR Deprecated . Matches an optionally signed decimal integer; the next pointer must be a pointer to .IR int . @@ -374,7 +373,6 @@ the next pointer must be a pointer to .\" is silently ignored, causing old programs to fail mysteriously.) .TP .B i -.IR Deprecated . Matches an optionally signed integer; the next pointer must be a pointer to .IR int . The integer is read in base 16 if it begins with @@ -387,18 +385,15 @@ and in base 10 otherwise. Only characters that correspond to the base are used. .TP .B o -.IR Deprecated . Matches an unsigned octal integer; the next pointer must be a pointer to .IR "unsigned int" . .TP .B u -.IR Deprecated . Matches an unsigned decimal integer; the next pointer must be a pointer to .IR "unsigned int" . .TP .B x -.IR Deprecated . Matches an unsigned hexadecimal integer (that may optionally begin with a prefix of .I 0x @@ -409,33 +404,27 @@ be a pointer to .IR "unsigned int" . .TP .B X -.IR Deprecated . Equivalent to .BR x . .TP .B f -.IR Deprecated . Matches an optionally signed floating-point number; the next pointer must be a pointer to .IR float . .TP .B e -.IR Deprecated . Equivalent to .BR f . .TP .B g -.IR Deprecated . Equivalent to .BR f . .TP .B E -.IR Deprecated . Equivalent to .BR f . .TP .B a -.IR Deprecated . (C99) Equivalent to .BR f . .TP @@ -661,8 +650,8 @@ Instead, programs should use functions such as .BR strtol (3) to parse numeric input. -This manual page deprecates use of the numeric conversion specifiers -until they are fixed by ISO C. +Alternatively, +mitigate it by specifying a maximum field width. .SS Nonstandard modifiers These functions are fully C99 conformant, but provide the additional modifiers |