Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <tencent_267CE389F3DC36CCE34A825784819E25E109@qq.com>
Date: Sun, 7 May 2023 09:44:19 +0800
From: "847567161" <847567161@...com>
To: "musl" <musl@...ts.openwall.com>
Subject: 回复: Question: Why vfprintf call twice printf_core?

1、I see musl will visit the format&nbsp;Whether %n$ exists or not,&nbsp;If %n$ does not exist, maybe the first call is redundant.
2、I test this following format with benchmark, the result show 145+ns-&gt;110+ns if I remove the first call.
"snprintf(buf, sizeof(buf), "this is a more typical error message with detail: %s", "No such file or directory");"


This is all irrelevant because calling printf with an invalid format&nbsp;string has undefined behavior.
--------------
3、So I think we should find a way to get positional args&nbsp; when we see it rather than visit format firstly anyway.
------------------&nbsp;原始邮件&nbsp;------------------
发件人:                                                                                                                        "musl"                                                                                    <dalias@...c.org&gt;;
发送时间:&nbsp;2023年5月7日(星期天) 上午9:17
收件人:&nbsp;"Markus Wichmann"<nullplan@....net&gt;;
抄送:&nbsp;"musl"<musl@...ts.openwall.com&gt;;
主题:&nbsp;Re: [musl] Question: Why vfprintf call twice printf_core?



On Sat, May 06, 2023 at 08:25:25AM +0200, Markus Wichmann wrote:
&gt; Am Sat, May 06, 2023 at 01:24:15PM +0800 schrieb 847567161:
&gt; &gt; snprintf(buf, sizeof(buf), "this is a more typical error message with detail: %s", "No such file or directory");
&gt; 
&gt; OK, that call is correct. It should not error out.
&gt; 
&gt; &gt;&gt; First call to printf_core() checks to see if there are any major&amp;nbsp;problems with the format string
&gt; &gt; Maybe the second call can also checks the format error?
&gt; &gt;
&gt; 
&gt; POSIX says that to the extent possible, all functions are supposed to
&gt; either fail with no side effects or succeed with side effects. There are
&gt; some functions that can fail with side effects, but we make some effort
&gt; to minimize that. By testing the format string first, if it is broken,
&gt; we can fail without side effects. If only the second call tested that,
&gt; you would get a partial output before failure.
&gt; 
&gt; Actually, in this case it was probably the other way around: Because
&gt; POSIX requires that positional arguments work, which requires an extra
&gt; pass over the format string, we got a side-effect free test for validity
&gt; for free.

This is all irrelevant because calling printf with an invalid format
string has undefined behavior. There is no requirement at all on the
implementation in this case. We could (and probably should) trap on
it; the current behavior of bailing out when it's bad is just a
consequence of how I implemnted the localization-form %n$ positional
args.

&gt; &gt;&gt; if the string is using positional arguments (e.g. "%2$d"), also
&gt; &gt;&gt; establishes the types of these arguments and writes them into an
&gt; &gt;&gt; array.
&gt; &gt; I use above format string,I think it's a&amp;nbsp;typical error message,
&gt; &gt; I found the first printf_core do string traversal and cost some time
&gt; &gt; showed in perf.
&gt; &gt;
&gt; &gt; If we remove the first function call when we don't use ("%2$d"), is
&gt; &gt; there any problem?Or do you have some advice for impove the vfprintf
&gt; &gt; performance in common scenarios?
&gt; 
&gt; vfprintf() can't know whether the format string contains positional
&gt; arguments without passing over the format string. Which is what the
&gt; first call does.
&gt; 
&gt; In any case, yes, you can patch your copy of musl to remove the first
&gt; call to printf_core(). You will no longer be able to use positional
&gt; arguments, and you will get partial output on format string error, but
&gt; if you can live with that, it should work.

Yes, I don't see any reason why this wouldn't work, but I also don't
see any good reason it would help. If passing over the format string
is taking a long time, maybe we should figure out why that's
happening...?

Rich
Content of type "text/html" skipped

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.