Date: Thu, 10 Jan 2019 20:21:52 -0500 From: chris...@zoulas.com (Christos Zoulas) Message-ID: <20190111012152.cc59917f...@rebar.astron.com>
| I understand, this is why I grepped the source for %m and saw that there | was no use other than " %m\0". The point was most that libwrap is a public library, and in its tcpd.h it declares tcpd_warn() as a public function, and notes it as __syslog_like which means that it handles %m. Anyone, anywhere (who links against libwrap) can call that function. That's why I susggested that perhaps what we should do is document the issue, so that if there is anyone who decides that they need to include a message that has something like "%d%%mbufs" that they can expect something quite different than they hoped. Similarly, if they were even just to use (for some obscure reason) two %m conversions in one message. I am not sure where that doc ought be put however, as tcpd_warn doesn't seem to be documented anywhere (than in tcpd.h). [This also applies to tcpd_jump() of course, but that one is kind of hard to imagine anyone wanting to use.] | Yes, that is something I wished for many times. But then there are | trade-offs (such as compile time checking) and other safety guarantees. Of course ... perhaps we could make it so that the act of specifying a new format conversion creates a new printf clone function (which gcc would then know nothing about ...) which also solves the "lifetime of the conversion routine" issue (the function which would be provided to handle the added format would need to exist just as long as the returned function pointer is kept alive). Then only calls which need to use the added format would use the created function, all others would just use the existing ones, with all the gcc validity checking, and only the others would use the new one and miss out ... which is certainly no worse than calls which process the format string, modifying it to insert the data wanted by the new conversion, then passing the newly constructed format to printf. kre