So is it to be "fixed" in the documentation with a warning that truncating-size specifiers for %q may nullify the safety benefits for which it is used?
Sam On Fri, 17 Apr 2020, 21:12 Chet Ramey, <chet.ra...@case.edu> wrote: > On 4/17/20 10:22 AM, Sam Liddicott wrote: > > > Bash Version: 4.4 > > Patch Level: 20 > > Release Status: release > > > > Also occurs on 5.0.7(1)-release > > > > Description: > > printf %q with a truncating size will emit partially escaped > > sequence thus losing the safety and composability that %q > > is intended to provide. > > > > Repeat-By: > > $ printf 'echo %.2q%q\n' "a'b" ';ls' > > echo a\\;ls > > The semi-colon is no longer escaped, the expectation of > > the %q formatter is lost > > I would say this is a programmer error. The way precisions work with > string arguments is that the argument is fetched or generated (this > includes generating the quoted string for %q or the expanded string for > %b) and then printf writes number of bytes (!) from that generated string > specified by the precision. > > Chet > > -- > ``The lyf so short, the craft so long to lerne.'' - Chaucer > ``Ars longa, vita brevis'' - Hippocrates > Chet Ramey, UTech, CWRU c...@case.edu http://tiswww.cwru.edu/~chet/ >
