[HN Gopher] Dangerous Logging in Swift
___________________________________________________________________
Dangerous Logging in Swift
Author : ingve
Score : 33 points
Date : 2021-10-30 19:40 UTC (3 hours ago)
(HTM) web link (indiestack.com)
(TXT) w3m dump (indiestack.com)
| ChrisMarshallNY wrote:
| Good detective work.
|
| I always use print(), which has its own issues.
| zffr wrote:
| Just curious, why not use
| https://developer.apple.com/documentation/os/logging ?
| jonplackett wrote:
| I've just used print since going to swift from objective c.
| What's the advantage of still using NSLog?
| danappelxx wrote:
| NSLog does insert a timestamp into the log message, which can
| be useful.
| liuliu wrote:
| This is Foundation API, not Swift stdlib. One thing Swift
| probably can do, is to have the first parameter typed as
| StaticString. I am not sure if the header for NSLog has enough
| annotations to do so.
|
| OTOH: https://github.com/apple/swift-log
| david2ndaccount wrote:
| Always use a string literal as the first argument to NSLog or
| other printf type functions, but I don't think the author
| correctly identified the cause of the crash. I believe floating
| point arguments are passed in registers, so you'll just get
| whatever happens to be there. Besides, just reading value
| arguments like that should read junk from your stack, not a seg
| fault. Maybe he redacted the actual argument? An accidental %s or
| %n could lead to this behavior as it interprets junk as a pointer
| that is then accessed.
| superjan wrote:
| On the face of it, it looks like a potential source for security
| issues when untrusted input is logged.
| kraigspear wrote:
| He didn't speak to why he's using NSLog. There are better
| alternatives that player nicer with Swift.
| https://developer.apple.com/documentation/os/logging
___________________________________________________________________
(page generated 2021-10-30 23:00 UTC)