Potential security issue in lib/sendf.c: Unchecked return from initialization function

[monocle-ai]

What is a Conditionally Uninitialized Variable? The return value of a function that is potentially used to initialize a local variable is not checked. Therefore, reading the local variable may result in undefined behavior.

1 instance of this defect were found in the following locations:

Instance 1
File : lib/sendf.c
Function: curl_mvsnprintf

curl/lib/sendf.c

Line 270 in 17b1405

mvsnprintf(error, CURL_ERROR_SIZE, fmt, ap);

Code extract:

    size_t len;
    char error[CURL_ERROR_SIZE + 2];
    va_start(ap, fmt);
    mvsnprintf(error, CURL_ERROR_SIZE, fmt, ap); <------ HERE
    len = strlen(error);

How can I fix it?
Correct reference usage found in lib/sendf.c at line 241.

curl/lib/sendf.c

Line 241 in 17b1405

len = mvsnprintf(print_buffer, sizeof(print_buffer), fmt, ap);

Code extract:

    size_t len;
    char print_buffer[2048 + 1];
    va_start(ap, fmt);
    len = mvsnprintf(print_buffer, sizeof(print_buffer), fmt, ap); <------ HERE
    /*
     * Indicate truncation of the input by replacing the last 3 characters