On Wed, 15 Mar 2023 at 22:22, Andreas Schwab via Libc-alpha <
libc-alpha@sourceware.org> wrote:

> On Mär 14 2023, Paul Eggert wrote:
>
> > For example, it's valid for snprintf to be implemented this way:
> >
> >   int
> >   snprintf (char *buf, size_t size, char const *fmt, ...)
> >   {
> >      char *buf_limit = buf + size;
> >      ...
> >   }
> >
> > even though this would have undefined behavior if BUF points to a
> > character array smaller than SIZE.
>
> Since it is part of the implementation it is irrelevant from the POV of
> the standard.  The implementation does not have to abide to the C
> standard, as long as it properly implements the interface constraints.
>
> What matters is the wording of the standard.  The POSIX standard is more
> explicit here: "with the addition of the n argument which states the
> size of the buffer referred to by s."  Probably the C standard should be
> clarified.
>

Ah that's interesting that POSIX is clearer here, thanks for pointing that
out. I can feel more confident declaring the affected code broken now :-)

Is anyone here close enough to the C standards process to push getting this
clarified there?

Cheers,
mwh