* Bruno Haible:

> [CCing Florian Weimer.
> Florian, the thread started at
> https://lists.gnu.org/archive/html/bug-gnulib/2018-12/msg00149.html ]
> Assaf Gordon wrote:
>> The comment even says:
>>        /* Unknown format; output the format, including the '%',
>>           since this is most likely the right thing to do if a
>>           multibyte string has been misparsed.  */
>> This has been the case since 1996 when strftime.c was imported from libc
>> (gnulib commit afabd949).
>> I suspect that changing this behavior would be a disruptive
>> backwards-incompatible change (but other opinions are welcomed).
> The "security" and "robustness" aspects of software have gained importance
> over the last 22 years, also in domain of glibc.
> Florian, Assaf discovered that glibc processing of time format strings
> (strftime) operates according to the garbage-in - garbage-out principle,
> that is, an invalid format string does not get reported to the caller
> but instead produces output that is "most likely the right thing".

Historically, some Lua scripts have relied on strftime not crashing, but
I think this awas fixed on the Lua side a couple of years ago.

The standards do not provide a way to report errors for malformed format
strings.  I think the current behavior is acceptable, all things


Reply via email to