Submitter:Fred Tydeman
Submission Date: 2018-12-12
Document: WG14 N2320
Reference Documents: N2301

Summary

There is no way for a user's application to control what is output for a NaN or an infinity (the standard allows two styles for each).

There is no way for a user's application to limit the number of characters in the NaN(n-char-sequence); the standard imposes no upper limit.

Technical Corrigendum:

Change §7.21.6.1#4, precision bullet from:

An optional precision that gives the minimum number of digits to appear for the d, i, o, u, x, and X conversions, the number of digits to appear after the decimal-point character for a, A, e, E, f, and F conversions, the maximum number of significant digits for the g and G conversions, or the maximum number of bytes to be written for s conversions. The precision takes the form of a period (.) followed either by an asterisk * (described later) or by an optional nonnegative decimal integer; if only the period is specified, the precision is taken as zero. If a precision appears with any other conversion specifier, the behavior is undefined.

to:

An optional precision that gives the minimum number of digits to appear for the d, i, o, u, x, and X conversions, the number of digits (for finite values) to appear after the decimal-point character for a, A, e, E, f, and F conversions, the maximum number of significant digits (for finite values) for the g and G conversions, the maximum number of characters for NaN or infinity values for a, A, e, E, f, F, g, and G conversions, or the maximum number of bytes to be written for s conversions. The precision takes the form of a period (.) followed either by an asterisk * (described later) or by an optional nonnegative decimal integer; if only the period is specified, the precision is taken as zero. If a precision appears with any other conversion specifier, the behavior is undefined.

Change in §7.21.6.1#8, f,F bullet from:

A double argument representing an infinity is converted in one of the styles [-]inf or [-]infinity - which style is implementation-defined. A double argument representing a NaN is converted in one of the styles [-]nan or [-]nan(n-char-sequence) - which style, and the meaning of any n-char-sequence, is implementation-defined. The F conversion specifier produces INF, INFINITY, or NAN instead of inf, infinity, or nan, respectively.283)

to:

A double argument representing an infinity is converted in one of the styles to [-]inf if the precision less than nine, otherwise to or[-]infinity - if the precision is omitted, the which style is implementation-defined. A double argument representing a NaN is converted in one of the styles to [-]nan if the precision less than nine, otherwise to or[-]nan(n-char-sequence) - if the precision is omitted, the style is implementation-defined; which style, and the meaning of any n-char-sequence is implementation-defined. The F conversion specifier produces INF, INFINITY, or NAN instead of inf, infinity, or nan, respectively.283) A precision less than four is taken as four for NaNs and infinity values.

Change §7.29.2.1#4, precision bullet from:

An optional precision that gives the minimum number of digits to appear for the d, i, o, u, x, and X conversions, the number of digits to appear after the decimal-point wide character for a, A, e, E, f, and F conversions, the maximum number of significant digits for the g and G conversions, or the maximum number of wide characters to be written for s conversions. The precision takes the form of a period (.) followed either by an asterisk * (described later) or by an optional nonnegative decimal integer; if only the period is specified, the precision is taken as zero. If a precision appears with any other conversion specifier, the behavior is undefined.

to:

An optional precision that gives the minimum number of digits to appear for the d, i, o, u, x, and X conversions, the number of digits (for finite values) to appear after the decimal-point wide character for a, A, e, E, f, and F conversions, the maximum number of significant digits (for finite values) for the g and G conversions, the maximum number of wide characters for NaN or infinity values for a, A, e, E, f, F, g, and G conversions, or the maximum number of wide characters to be written for s conversions. The precision takes the form of a period (.) followed either by an asterisk * (described later) or by an optional nonnegative decimal integer; if only the period is specified, the precision is taken as zero. If a precision appears with any other conversion specifier, the behavior is undefined.

Change in §7.29.2.1#8, f,F bullet from:

A double argument representing an infinity is converted in one of the styles [-]inf or [-]infinity - which style is implementation-defined. A double argument representing a NaN is converted in one of the styles [-]nan or [-]nan(n-wchar-sequence) - which style, and the meaning of any n-wchar-sequence, is implementation-defined. The F conversion specifier produces INF, INFINITY, or NAN instead of inf, infinity, or nan, respectively.338)

to:

A double argument representing an infinity is converted in one of the styles to [-]inf if the precision less than nine, otherwise to or [-]infinity - if the precision is omitted, the which style is implementation-defined. A double argument representing a NaN is converted in one of the styles to [-]nan if the precision less than nine, otherwise to or [-]nan(n-wchar-sequence) - if the precision is omitted, the style is implementation-defined; which style, and the meaning of any n-wchar-sequence is implementation-defined. The F conversion specifier produces INF, INFINITY, or NAN instead of inf, infinity, or nan, respectively.338) A precision less than four is taken as four for NaNs and infinity values.

Change §J.3.12

- The style used to print an infinity or NaN, and the meaning of any n-char or n-wchar sequence printed for a NaN (7.21.6.1, 7.29.2.1).

to:

- The style used to print an infinity or NaN (if the precision is omitted), and the meaning of any n-char or n-wchar sequence printed for a NaN (7.21.6.1, 7.29.2.1).

An alternative (which gives the user no control on the output, but fixes the security hole) to all of the above is:

Add to §7.21 <stdio.h>, paragraph 3 [macros],

_MAX_PRINTF_NAN

which expands to an integer constant expression (suitable for use in #if preprocessing directives) that is the maximum number of characters output for any [-]NAN(n-char-sequence) [footnote].

[footnote]If the implementation only uses the [-]NAN style, then _MAX_PRINTF_NAN would have the value 4.

If we choose this alternative, do we want a maximum (such as 255) for _MAX_PRINTF_NAN?