Use of snprintf and vsnprintf in Curl

[thoger]

The curl code base use snprintf or vsnprintf functions on multiple places. However - just like for all printf family functions - it uses its own implementation of those functions - curl_msnprintf and curl_mvsnprintf - which is achieved via macro definitions in curl_printf.h:

https://github.com/curl/curl/blob/curl-7_62_0/lib/curl_printf.h

However, there is a notable difference in what curl_m*snprintf functions return compared to what's defined for *snprintf in POSIX or C99 for the case when destination buffer is too small and the output is truncated:

• curl functions return the number of characters written, which is also documented in https://curl.haxx.se/libcurl/c/curl_mprintf.html
• POSIX requires the number of characters that should have been written if the destination buffer was sufficiently large

Looking at few cases where snprintf return value is not ignored, the curl code expects and relies on the curl implementation return values. There are often no checks to ensure that the return value does not exceed destination buffer size, and the value is directly used to increment the pointer that is used for subsequent writes, or decrement free space counter. That could lead to out-of-bounds buffer access and integer underflow if POSIX snprintf was used instead. An example of such code pattern can be found in e.g. curl_version():

https://github.com/curl/curl/blob/curl-7_62_0/lib/version.c#L129-L131

This can be a problem if *snprintf implementation used by curl is to be changed in the future, or if anyone tries to make curl use printf functions from their system C library instead of curl implementations.

This can also cause confusion to folks from outside of the Curl project who review or contribute to the code of the project.

The explicit use of curl_m*snprintf functions should be considered for places where non-standard return values are expected.

[bagder]

Since the function returns another return value I think I would prefer to change the function name in all places so that we can check it and fail if the wrong function name is used when code gets changed in the future and possibly start to use the return code. I'll file a PR.

[thoger]

One more observation regarding curl_msnprintf() - if the output buffer is large enough, the return value is the number of characters written, excluding the terminating nul byte, however, when output is truncated, the terminating nul byte is counted in the return value.

Repeating the test from:

http://demin.ws/blog/english/2013/01/28/use-snprintf-on-different-platforms/

for curl, the output is:

capacity=0, n=0, buf=[abcdefghijk] (length 11)
capacity=1, n=1, buf=[] (length 0)
capacity=2, n=2, buf=[1] (length 1)
capacity=3, n=3, buf=[12] (length 2)
capacity=4, n=3, buf=[123] (length 3)
capacity=5, n=3, buf=[123] (length 3)