[PATCH 0/3] cmd: setexpr: add fmt format string operation

Tue Jun 29 17:13:33 CEST 2021

Dear Sean,

In message <19b6eeea-2aad-972b-aeeb-8959aab17d7a at gmail.com> you wrote:
>
> The issue with this is twofold. First, there is no portable way to
> construct a va_list from C code. So the likely way to do this would be
> to set an arbitrary limit, and then just pass the arguments in. E.g.
> something like

We already have an argument list: it's what's being passed to the
"setexpr" command, minus the initial arguments.

> 	snprintf(buf, sizeof(buf), argv[3], argc >= 4 ? argv[4] : NULL, /* etc */);

Why this test on argc?  If it's less than 4, argv[4] should be NULL
anyway.

> but of course there is no way to check that the format string matches
> the correct number of arguments. This is a pretty big footgun.

You have this problem always when you have user provided format
strings and arguments.  We don't have to re-invent the wheel here.
I repeat myself: maybe we should have a look at bash's
implementation of the printf builtin command?  there I get for
example this:

	$ printf "%d %d %d\n" 3
	3 0 0
	$ printf "%d %d %d\n" foo bar
	-bash: printf: foo: invalid number
	-bash: printf: bar: invalid number
	0 0 0

> The other problem is that things like `%d` expect a number and not a
> string. So you would have to reimplement snprintf anyway so that it
> expects all of its arguments to be strings, and calls strtoul as
> appropriate.  And considering that the *printf functions take 5k
> already, this reimplementation may add a significant amount of code.
> For this reason, I'd much prefer to just have `hex` and `dec` functions
> which do the appropriate conversions.

Eventually the format checking can be kept out of the generic
*printf() code; it could then be optional/configurable with the
"fmt" option in the setexpr command.

Best regards,

Wolfgang Denk

-- 
DENX Software Engineering GmbH,      Managing Director: Wolfgang Denk
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
Phone: (+49)-8142-66989-10 Fax: (+49)-8142-66989-80 Email: wd at denx.de
Every program has at least one bug and can be shortened by  at  least
one  instruction  --  from  which,  by induction, one can deduce that
every program can be reduced to one instruction which doesn't work.