Please sign in to comment.
I'm not entirely happy with Xi Wang's solution to this mess.
The cast to (unsigned) feels like we're just exploiting a compiler limitation. The original idea here was to detect overflow and therefore avoid hard-coding assumptions about the platform arithmetic. But allowing compilers to assume that overflow can never happen means that portable C code can never really detect overflow without hackish workarounds. The only practical solution seems to be an arbitrary limit on the size of a string that we can format.
- Loading branch information...