Re: printf doubt

Joe Wright <joewwright@xxxxxxxxxxx> writes:
Ben Pfaff wrote:
Barry Schwarz <schwarzb@xxxxxxxxx> writes:

On Tue, 11 Jul 2006 10:09:17 -0700, Ben Pfaff <blp@xxxxxxxxxxxxxxx>
wrote:

Barry Schwarz <schwarzb@xxxxxxxxx> writes:

Does not the presence of a superfluous argument lead to undefined
behavior?
No. From C99 7.19.6.1 "The fprintf function":

If the format is exhausted while arguments remain, the
excess arguments are evaluated (as always) but are otherwise
ignored.
I wonder how systems which push return addresses and arguments on the
same stack, like the old 6502, manage this.
What systems use separate stacks for return addresses and
arguments? I am not aware of any in the modern world, so it
would be educational to hear about them. Such a system might be
more resistant to "stack smashing" buffer overflow attacks, for
one thing.

Obviously, fprintf will not pop the superfluous arguments off
the stack since it doesn't even know about them.
A common convention is for the callee to pop off the return
address and leave the arguments on the stack. The caller then
pops the arguments.

Missing the point maybe. There are some number of arguments to printf,
one of them being the format string. Let's assume a format string and
four other expressions. That's five arguments. If the format string
describes what to do with only two expressions, so be it. Only two
will be treated. But five arguments were pushed and five will be
popped.

Which means that a calling convention where the callee needs to know
how many arguments were passed won't work for printf() or other
variadic functions (unless there's an extra implicit argument that
provides that information).

A C compiler *could* use such a convention for non-variadic functions,
but I think most compilers use the same convention for both (since
there was no such distinction in early C).

--
Keith Thompson (The_Other_Keith) kst-u@xxxxxxx <http://www.ghoti.net/~kst>
San Diego Supercomputer Center <*> <http://users.sdsc.edu/~kst>
We must do something. This is something. Therefore, we must do this.
.

Relevant Pages

  • Re: printf doubt
    ... same stack, like the old 6502, manage this. ... There are some number of arguments to printf, one of them being the format string. ... If the format string describes what to do with only two expressions, ...
    (comp.lang.c)
  • Re: RfD: IEEE-FP
    ... memory, the alignment of stack items in memory shall be the ... of the floating-point stack shall be at least that of the widest ... n-2: double-fp format implemented ... Almost all implementations do conversion between fp formats by ...
    (comp.lang.forth)
  • Dropbear SSH Server <= 0.34
    ... Application Dropbear SSH Server <= 0.34 ... A remotely exploitable format string vulnerability exists in the default ... methodname may be anything except "none" which is explicitly not allowed. ...
    (Bugtraq)
  • [Full-Disclosure] [0xbadc0ded #02] Dropbear SSH Server <= 0.34
    ... Application Dropbear SSH Server <= 0.34 ... A remotely exploitable format string vulnerability exists in the default ... methodname may be anything except "none" which is explicitly not allowed. ...
    (Full-Disclosure)
  • Re: Printing C Program from KWrite on SuSE 10.1
    ... Enscript may be used but still no comprehensive list of the %y %U and ... %Format: name format ... Define a new string constant name according to the format string format. ... $L number of lines in the current input file. ...
    (alt.os.linux.suse)