[HN Gopher] Dangerous Logging in Swift ___________________________________________________________________ Dangerous Logging in Swift Author : ingve Score : 33 points Date : 2021-10-30 19:40 UTC (3 hours ago) (HTM) web link (indiestack.com) (TXT) w3m dump (indiestack.com) | ChrisMarshallNY wrote: | Good detective work. | | I always use print(), which has its own issues. | zffr wrote: | Just curious, why not use | https://developer.apple.com/documentation/os/logging ? | jonplackett wrote: | I've just used print since going to swift from objective c. | What's the advantage of still using NSLog? | danappelxx wrote: | NSLog does insert a timestamp into the log message, which can | be useful. | liuliu wrote: | This is Foundation API, not Swift stdlib. One thing Swift | probably can do, is to have the first parameter typed as | StaticString. I am not sure if the header for NSLog has enough | annotations to do so. | | OTOH: https://github.com/apple/swift-log | david2ndaccount wrote: | Always use a string literal as the first argument to NSLog or | other printf type functions, but I don't think the author | correctly identified the cause of the crash. I believe floating | point arguments are passed in registers, so you'll just get | whatever happens to be there. Besides, just reading value | arguments like that should read junk from your stack, not a seg | fault. Maybe he redacted the actual argument? An accidental %s or | %n could lead to this behavior as it interprets junk as a pointer | that is then accessed. | superjan wrote: | On the face of it, it looks like a potential source for security | issues when untrusted input is logged. | kraigspear wrote: | He didn't speak to why he's using NSLog. There are better | alternatives that player nicer with Swift. | https://developer.apple.com/documentation/os/logging ___________________________________________________________________ (page generated 2021-10-30 23:00 UTC)