One of my logging methods uses a variable argument list and is accessed via a macro
#define MLog(level,s,...) [[MLog sharedController] withLevel:level sourceFile:__FILE__ lineNumber:__LINE__ format:(s),## __VA_ARGS__] The method implementation retrieves the va_list and instantiates an NSString // read variable argument list va_list ap; va_start(ap,format); NSString *logEntry = [[NSString alloc] initWithFormat:format arguments:ap]; va_end(ap); The input into this is highly variable. So a log/error message raised at a higher level may contain additional unanticipated format specifiers such as "%@". This causes runtime woe as we run off the end of the va_list. With the va_list we don't know the number of items. With the format spec we don't know which of the format specifiers are unanticipated. So is it just a question of sanitising the input format? Regards Jonathan Mitchell Developer Mugginsoft LLP http://www.mugginsoft.com _______________________________________________ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
