lua-users home
lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index] 

2015-07-22 0:32 GMT+02:00 Rena <hyperhacker@gmail.com>:
> On Tue, Jul 21, 2015 at 8:28 AM, Roberto Ierusalimschy
> <roberto@inf.puc-rio.br> wrote:
>>> > The OP's problem can be solved with something much less ambitious.
>>> > Replace the first line above by:
>>> >
>>> >       case 'd':
>>> >           lua_Integer n = (lua_Integer)luaL_checknumber(L, arg);
>>> >           addlenmod(form, LUA_INTEGER_FRMLEN);
>>> >           nb = sprintf(buff, form, (n);
>>> >           break;
>>> >       case 'i':
>>> >
>>> > My question was: which of the other five cases should also be
>>> > treated like case 'd?
>>> >
>>>
>>> IIUC, this would break it for some numbers between 2^53 and 2^63
>>
>> Most of them, actually. It also has undefined behavior for numbers
>> larger than 2^63. (On most machines this "undefined behavior" manifests
>> as plainly wrong results.)
>>
>> -- Roberto
>>
>
> That can still be addressed:
> case 'd':
>     lua_Integer n;
>     if(lua_isinteger(L, arg)) n = lua_tointeger(L, arg);
>     else n = (lua_Integer)luaL_checknumber(L, arg);
>     addlenmod(form, LUA_INTEGER_FRMLEN);
>     nb = sprintf(buff, form, (n);
>     break;
> case 'i':

Excellent! We have now demonstrated that a very easy change
allows anybody to build a custom string.format that will silently
throw away the fractional part of a non-integer. Such a person
can be assumed to be a responsible adult who will use this
dangerous tool with caution.

BTW does anybody know if C makes any distinction between
%d and %i? "man 3 printf" in Linux does not show any.