Beefy Boxes and Bandwidth Generously Provided by pair Networks
Problems? Is your data what you think it is?
 
PerlMonks  

Re^5: use of print f and sprint f

by blokhead (Monsignor)
on Nov 10, 2004 at 16:50 UTC ( #406717=note: print w/ replies, xml ) Need Help??


in reply to Re^4: use of print f and sprint f
in thread use of print f and sprint f

cannot be exploited
Depends on what you mean, I guess.. Check out the perldoc, and look at the %n format. You can set values.
%n special: *stores* the number of characters output so far into the next variable in the parameter list
Suppose I have the following code:
my $name = ...; ## from user input my $amount = ...; printf "$name : \$%.02f\n", $amount; # instead of # printf "%s : \$%.02f\n", $name, $amount;
Now, if a clever hacker goes in and inputs
$name = (" " x 5000) . "%n";
then after the code runs, $amount will be set to 5000. This is a pretty rare set of circumstances, but still something to watch out for.

Update: see also Re: $#="%c"; possible bug

blokhead


Comment on Re^5: use of print f and sprint f
Select or Download Code

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://406717]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others studying the Monastery: (9)
As of 2015-07-30 03:30 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    The top three priorities of my open tasks are (in descending order of likelihood to be worked on) ...









    Results (269 votes), past polls