Re: NSLog and [NSDictionary description], bug?
Re: NSLog and [NSDictionary description], bug?
- Subject: Re: NSLog and [NSDictionary description], bug?
- From: Alastair Houghton <email@hidden>
- Date: Tue, 6 Apr 2004 15:03:08 +0100
On 6 Apr 2004, at 13:50, Gwynne wrote:
>
Never, ever, ever, pass an arbitrary string whose contents you don't
>
know as the format to NSLog(), printf(), sprintf(), fprintf(), or
>
anything of that family. It's a security risk, it's bad form, and as
>
proven here, it's likely as not to crash. This applies as much to
>
Carbon or BSD code as to Cocoa.
It can also result in very hard to track-down bugs. My favourite was
when one of my colleagues in my previous job managed to write a program
that failed every 65,536 executions because he was passing a binary
string through a printf()-like function's "format" parameter.
Fortunately someone read through his code and told him to fix it,
although unfortunately the person in question ignored the instruction
and left it the way it was. Still, at least we knew what the problem
was when the customer complained :-)
Kind regards,
Alastair.
--
http://www.alastairs-place.net
[demime 0.98b removed an attachment of type application/pkcs7-signature which had a name of smime.p7s]
_______________________________________________
cocoa-dev mailing list | email@hidden
Help/Unsubscribe/Archives:
http://www.lists.apple.com/mailman/listinfo/cocoa-dev
Do not post admin requests to the list. They will be ignored.