Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

vsprintf_s() should return 0 for "vsprintf_s: len exceeds dmax" #45

Closed
Juno-Explorer opened this issue Feb 1, 2018 · 2 comments
Closed

vsprintf_s() should return 0 for "vsprintf_s: len exceeds dmax" #45

Juno-Explorer opened this issue Feb 1, 2018 · 2 comments
Assignees
@rurban

Comments

@Juno-Explorer
Copy link
Contributor

According to standard:
If no runtime-constraint violation occurred, the vsprintf_s function returns the number of characters written in the array, not counting the terminating null character. If an encoding error occurred, vsprintf_s returns a negative value. If any other runtime-constraint violation occurred, vsprintf_s returns zero.

Scenario "vsprintf_s: len exceeds dmax" is run-time constraint violation & not encoding error so the return value should be 0.

Link to the code instance: https://github.com/rurban/safeclib/blob/master/src/str/vsprintf_s.c#L147
@rurban rurban self-assigned this Feb 1, 2018
@rurban
Copy link
Owner

rurban commented Feb 1, 2018
edited
Loading

Yes, but in this case I (and all others) think the standard made an error. I'll have to check the history of that.
All existing implementations do return -1, all similar functions do return -1.

The revision and rationale for this change is: http://www.open-std.org/jtc1/sc22/wg14/www/docs/n1141.pdf
keeping count += sprintf(buf + count, format_string, args); valid, when no encoding errors can occur.
google site:www.open-std.org vsprintf_s

I'll add a doc note that the spec is most likely wrong on this one, and keep the -1.
Even the author of this change itself, Microsoft, later changed its decision, and reverted back to -1.

rurban added a commit that referenced this issue Feb 1, 2018
@rurban
change sprintf_s retval to -1 on errors
e70e3c9 
See GH #45.
In this case I (and all others) think the standard made an error.
All existing implementations do return -1 on errors, all similar functions do return -1.
The revision and rationale for this change is: http://www.open-std.org/jtc1/sc22/wg14/www/docs/n1141.pdf
keeping count += sprintf(buf + count, format_string, args); valid, when no encoding errors can occur.
google site:www.open-std.org vsprintf_s.

Even Microsoft itself, who changed this behaviour in the standard with n1141, changed it later
back to return -1 consistently.
Document the deviation, and test it against msvcrt.
rurban added a commit that referenced this issue Feb 1, 2018
@rurban
Changelog for sprintf_s retval -1 on errors
951edec 
Closes GH #45
rurban added a commit that referenced this issue Feb 1, 2018
@rurban
change sprintf_s retval to -1 on errors
76bfbf3 
See GH #45.
In this case I (and all others) think the standard made an error.
All existing implementations do return -1 on errors, all similar functions do return -1.
The revision and rationale for this change is: http://www.open-std.org/jtc1/sc22/wg14/www/docs/n1141.pdf
keeping count += sprintf(buf + count, format_string, args); valid, when no encoding errors can occur.
google site:www.open-std.org vsprintf_s.

Even Microsoft itself, who changed this behaviour in the standard with n1141, changed it later
back to return -1 consistently.
Document the deviation, and test it against msvcrt.
rurban added a commit that referenced this issue Feb 1, 2018
@rurban
Changelog for sprintf_s retval -1 on errors
05adf60 
Closes GH #45
rurban added a commit that referenced this issue Feb 1, 2018
@rurban
Changelog for sprintf_s retval -1 on errors
345101c 
Closes GH #45
@rurban
Copy link
Owner

rurban commented Feb 1, 2018

Done with 345101c and 76bfbf3

When all other deviate from C11 and C11 is wrong so do we.

@rurban rurban closed this as completed Feb 1, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@rurban rurban

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@rurban @Juno-Explorer