Document that %n has been neutered -- it now does syslog+abort.

ok ingo

diff --git a/lib/libc/stdio/printf.3 b/lib/libc/stdio/printf.3
index f83b903..71554f0 100644 (file)
--- a/lib/libc/stdio/printf.3
+++ b/lib/libc/stdio/printf.3
@@ -1,4 +1,4 @@
-.\"    $OpenBSD: printf.3,v 1.90 2021/04/01 14:27:47 deraadt Exp $
+.\"    $OpenBSD: printf.3,v 1.91 2021/08/30 17:07:47 deraadt Exp $
 .\"
 .\" Copyright (c) 1990, 1991, 1993
 .\"    The Regents of the University of California.  All rights reserved.
@@ -33,7 +33,7 @@
 .\"
 .\"     @(#)printf.3   8.1 (Berkeley) 6/4/93
 .\"
-.Dd $Mdocdate: April 1 2021 $
+.Dd $Mdocdate: August 30 2021 $
 .Dt PRINTF 3
 .Os
 .Sh NAME
@@ -576,26 +576,16 @@ supporting the same modifiers.
 .Cm n
 .Sm on
 .Pp
-The number of bytes written so far is stored at the variable indicated
-by the pointer argument.
 The
 .Cm %n
-conversion specifier produces no output.
+conversion specifier has serious security implications, so it was changed to
+no longer store the number of bytes written so far into the variable indicated
+by the pointer argument.
+Instead a
+.Xr syslog 3
+message will be generated, after which the program is aborted with
+.Dv SIGABRT .
 .Pp
-Make sure the
-.Ar size
-modifier matches the type of the pointer passed:
-.Bl -column %hhn
-.It Cm %hhn Ta Vt signed char *
-.It Cm %hn  Ta Vt signed short *
-.It Cm %n   Ta Vt signed int *
-.It Cm %ln  Ta Vt signed long * Pq percent ell en
-.It Cm %lln Ta Vt signed long long * Pq percent ell ell en
-.It Cm %jn  Ta Vt intmax_t *
-.It Cm %tn  Ta Vt ptrdiff_t *
-.It Cm %zn  Ta Vt ssize_t *
-.It Cm %qn  Ta Vt quad_t * Pq deprecated
-.El
 .It Cm %o
 .Sm off
 .Cm %