[apple/libc.git] / gen / FreeBSD / fmtcheck.3

.\" Copyright (c) 2000 The NetBSD Foundation, Inc.
.\" All rights reserved.
.\"
.\" This file was contributed to The NetBSD Foundation by Allen Briggs.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in the
.\"    documentation and/or other materials provided with the distribution.
.\" 3. All advertising materials mentioning features or use of this software
.\"    must display the following acknowledgement:
.\"        This product includes software developed by the NetBSD
.\"        Foundation, Inc. and its contributors.
.\" 4. Neither the name of The NetBSD Foundation nor the names of its
.\"    contributors may be used to endorse or promote products derived
.\"    from this software without specific prior written permission.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
.\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
.\" TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
.\" BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
.\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
.\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
.\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
.\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
.\" POSSIBILITY OF SUCH DAMAGE.
.\"
.\" $FreeBSD: src/lib/libc/gen/fmtcheck.3,v 1.10 2008/08/02 06:02:42 das Exp $
.Dd October 16, 2002
.Os
.Dt FMTCHECK 3
.Sh NAME
.Nm fmtcheck
.Nd sanitizes user-supplied
.Xr printf 3 Ns -style
format string
.Sh LIBRARY
.Lb libc
.Sh SYNOPSIS
.In stdio.h
.Ft const char *
.Fn fmtcheck "const char *fmt_suspect" "const char *fmt_default"
.Sh DESCRIPTION
The
.Fn fmtcheck
scans
.Fa fmt_suspect
and
.Fa fmt_default
to determine if
.Fa fmt_suspect
will consume the same argument types as
.Fa fmt_default
and to ensure that
.Fa fmt_suspect
is a valid format string.
.Pp
The
.Xr printf 3
family of functions cannot verify the types of arguments that they are
passed at run-time.
In some cases, like
.Xr catgets 3 ,
it is useful or necessary to use a user-supplied format string with no
guarantee that the format string matches the specified arguments.
.Pp
The
.Fn fmtcheck
was designed to be used in these cases, as in:
.Bd -literal -offset indent
printf(fmtcheck(user_format, standard_format), arg1, arg2);
.Ed
.Pp
In the check, field widths, fillers, precisions, etc.\& are ignored (unless
the field width or precision is an asterisk
.Ql *
instead of a digit string).
Also, any text other than the format specifiers
is completely ignored.
.Sh RETURN VALUES
If
.Fa fmt_suspect
is a valid format and consumes the same argument types as
.Fa fmt_default ,
then the
.Fn fmtcheck
will return
.Fa fmt_suspect .
Otherwise, it will return
.Fa fmt_default .
.Sh SECURITY CONSIDERATIONS
Note that the formats may be quite different as long as they accept the
same arguments.
For example,
.Qq Li "%p %o %30s %#llx %-10.*e %n"
is compatible with
.Qq Li "This number %lu %d%% and string %s has %qd numbers and %.*g floats (%n)" .
However,
.Qq Li %o
is not equivalent to
.Qq Li %lx
because
the first requires an integer and the second requires a long.
.Sh SEE ALSO
.Xr printf 3
.Sh BUGS
The
.Fn fmtcheck
function does not recognize positional parameters.
Commit	Line	Data
5b2abdfb A	1	.\" Copyright (c) 2000 The NetBSD Foundation, Inc.
	2	.\" All rights reserved.
	3	.\"
	4	.\" This file was contributed to The NetBSD Foundation by Allen Briggs.
	5	.\"
	6	.\" Redistribution and use in source and binary forms, with or without
	7	.\" modification, are permitted provided that the following conditions
	8	.\" are met:
	9	.\" 1. Redistributions of source code must retain the above copyright
	10	.\" notice, this list of conditions and the following disclaimer.
	11	.\" 2. Redistributions in binary form must reproduce the above copyright
	12	.\" notice, this list of conditions and the following disclaimer in the
	13	.\" documentation and/or other materials provided with the distribution.
	14	.\" 3. All advertising materials mentioning features or use of this software
	15	.\" must display the following acknowledgement:
	16	.\" This product includes software developed by the NetBSD
	17	.\" Foundation, Inc. and its contributors.
	18	.\" 4. Neither the name of The NetBSD Foundation nor the names of its
	19	.\" contributors may be used to endorse or promote products derived
	20	.\" from this software without specific prior written permission.
	21	.\"
	22	.\" THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
	23	.\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
	24	.\" TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
	25	.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
	26	.\" BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
	27	.\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
	28	.\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
	29	.\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
	30	.\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
	31	.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
	32	.\" POSSIBILITY OF SUCH DAMAGE.
	33	.\"
1f2f436a	34	.\" $FreeBSD: src/lib/libc/gen/fmtcheck.3,v 1.10 2008/08/02 06:02:42 das Exp $
9385eb3d	35	.Dd October 16, 2002
5b2abdfb A	36	.Os
	37	.Dt FMTCHECK 3
	38	.Sh NAME
	39	.Nm fmtcheck
	40	.Nd sanitizes user-supplied
	41	.Xr printf 3 Ns -style
	42	format string
	43	.Sh LIBRARY
	44	.Lb libc
	45	.Sh SYNOPSIS
	46	.In stdio.h
	47	.Ft const char *
	48	.Fn fmtcheck "const char fmt_suspect" "const char fmt_default"
	49	.Sh DESCRIPTION
	50	The
	51	.Fn fmtcheck
	52	scans
	53	.Fa fmt_suspect
	54	and
	55	.Fa fmt_default
	56	to determine if
	57	.Fa fmt_suspect
	58	will consume the same argument types as
	59	.Fa fmt_default
	60	and to ensure that
	61	.Fa fmt_suspect
	62	is a valid format string.
	63	.Pp
	64	The
	65	.Xr printf 3
9385eb3d	66	family of functions cannot verify the types of arguments that they are
3d9156a7 A	67	passed at run-time.
3d9156a7 A	68	In some cases, like
5b2abdfb A	69	.Xr catgets 3 ,
5b2abdfb A	70	it is useful or necessary to use a user-supplied format string with no
9385eb3d	71	guarantee that the format string matches the specified arguments.
5b2abdfb A	72	.Pp
	73	The
	74	.Fn fmtcheck
	75	was designed to be used in these cases, as in:
	76	.Bd -literal -offset indent
	77	printf(fmtcheck(user_format, standard_format), arg1, arg2);
	78	.Ed
	79	.Pp
3d9156a7	80	In the check, field widths, fillers, precisions, etc.\& are ignored (unless
5b2abdfb A	81	the field width or precision is an asterisk
5b2abdfb A	82	.Ql *
3d9156a7 A	83	instead of a digit string).
3d9156a7 A	84	Also, any text other than the format specifiers
5b2abdfb	85	is completely ignored.
5b2abdfb A	86	.Sh RETURN VALUES
	87	If
	88	.Fa fmt_suspect
	89	is a valid format and consumes the same argument types as
	90	.Fa fmt_default ,
	91	then the
	92	.Fn fmtcheck
	93	will return
	94	.Fa fmt_suspect .
	95	Otherwise, it will return
	96	.Fa fmt_default .
9385eb3d A	97	.Sh SECURITY CONSIDERATIONS
9385eb3d A	98	Note that the formats may be quite different as long as they accept the
3d9156a7 A	99	same arguments.
3d9156a7 A	100	For example,
9385eb3d A	101	.Qq Li "%p %o %30s %#llx %-10.*e %n"
	102	is compatible with
	103	.Qq Li "This number %lu %d%% and string %s has %qd numbers and %.*g floats (%n)" .
	104	However,
	105	.Qq Li %o
	106	is not equivalent to
	107	.Qq Li %lx
	108	because
	109	the first requires an integer and the second requires a long.
5b2abdfb A	110	.Sh SEE ALSO
5b2abdfb A	111	.Xr printf 3
9385eb3d A	112	.Sh BUGS
	113	The
	114	.Fn fmtcheck
1f2f436a	115	function does not recognize positional parameters.