On Wed, 2 Nov 2016, Christos Zoulas wrote:
In article <20161102003956.35D12FBAE%cvs.NetBSD.org@localhost>, Paul Goyette <source-changes-d%NetBSD.org@localhost> wrote:-=-=-=-=-=- + /* Handle overflow */ + if ((size_t)count >= *len) { + *dest += *len - 1; + *len = 1;Why *len = 1 here? Shouldn't it be 0 since there is no more room left?
No. :)The maximum number of characters actually written by vsnprintf() will never exceed (len - 1). So, dest gets incremented by the max, and len gets decremented by the max.
There is always enough room left for vsnprintf() to create a new trailing NUL.
+------------------+--------------------------+------------------------+ | Paul Goyette | PGP Key fingerprint: | E-mail addresses: | | (Retired) | FA29 0E3B 35AF E8AE 6651 | paul at whooppee.com | | Kernel Developer | 0786 F758 55DE 53BA 7731 | pgoyette at netbsd.org | +------------------+--------------------------+------------------------+