lua-users home
lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

>>> Is there any particular reason why Lua imposes this limit [field
>>> width < 100] on string.format()?
>> It is a simple and secure way to limit the maximum size of formatted
>> items, to avoid buffer overflow.

Simple.  Secure, well, maybe - secure against what?  Personally, I'd
prefer to see lua do that only if it doesn't have callback streams (eg,
funopen, fopencookie, etc) available.  That's not my call in general,
though I must admit I'd be inclined to add such a thing as a private
patch if I were to use lua much (which I currently don't).

>> (Do you really need larger values?)
> A couple use cases just off the top of my head: [...]
> All in all, just 100 chars seems quite an artificially low value.  If
> a hard limit must be chosen, I'd raise it /at least/ by two, i.e.
> allowing "%9999s" for example.

Without callback streams or something like them, that requires a
relatively large buffer, either stack or static, which is undesirable
for a language implementation that tries to be small.  Even then,
though, it's hard to avoid overflow for formats like
"%99s-%99s<%99s>%99s.%99s".  Since lua is already parsing the format
directives, perhaps %s could be special-cased?  It strikes me as the
only directive for which a width over 99 is likely.

Or perhaps it could be turned into a build-time configurable limit?

I would suggest, if it's not already there, that the documentation for
string.format describe the limit and discuss its motivation.

/~\ The ASCII				  Mouse
\ / Ribbon Campaign
 X  Against HTML
/ \ Email!	     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B