[Date Prev][Date Next][Thread Prev][Thread Next]
[Date Index]
[Thread Index]
- Subject: Re: Why does string.format() limit width to two digits?
- From: Mouse <mouse@...>
- Date: Thu, 19 Jan 2023 11:30:44 -0500 (EST)
>>> Is there any particular reason why Lua imposes this limit [field
>>> width < 100] on string.format()?
>> It is a simple and secure way to limit the maximum size of formatted
>> items, to avoid buffer overflow.
Simple. Secure, well, maybe - secure against what? Personally, I'd
prefer to see lua do that only if it doesn't have callback streams (eg,
funopen, fopencookie, etc) available. That's not my call in general,
though I must admit I'd be inclined to add such a thing as a private
patch if I were to use lua much (which I currently don't).
>> (Do you really need larger values?)
> A couple use cases just off the top of my head: [...]
> All in all, just 100 chars seems quite an artificially low value. If
> a hard limit must be chosen, I'd raise it /at least/ by two, i.e.
> allowing "%9999s" for example.
Without callback streams or something like them, that requires a
relatively large buffer, either stack or static, which is undesirable
for a language implementation that tries to be small. Even then,
though, it's hard to avoid overflow for formats like
"%99s-%99s<%99s>%99s.%99s". Since lua is already parsing the format
directives, perhaps %s could be special-cased? It strikes me as the
only directive for which a width over 99 is likely.
Or perhaps it could be turned into a build-time configurable limit?
I would suggest, if it's not already there, that the documentation for
string.format describe the limit and discuss its motivation.
/~\ The ASCII Mouse
\ / Ribbon Campaign
X Against HTML mouse@rodents-montreal.org
/ \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B
