>>very dangerous - which is a shame since its logically appealing.
>>The solution I mentioned of using an snprintf wrapper that returns 0
>>in the truncation case - or better yet for the kernel - panic'd
>>would allow 
>>
>>cp += safe_snprintf(...)
>>
>>to be used freely without littering the entire kernel with if's and/or 
>>#ifdef's.

>if this is the solution to avoiding sprinkling if's and/or #ifdef's,
>wouldn't returning the "number of bytes consumed" instead of zero be
>more "useful"?

Yes, that actually what the version I've seen does.  I was thinking
of the case where you have a series of

cp += safe_snprintf();

and you run out of space, subsequent safe_snprintfs will simply return 0 
(nothing consumed).  As long as you eventually check if cp < ep, you
can detect whether you ran out of space or not.

--sjg