On 06/12/2017 04:25 PM, Jonathan Leffler wrote:
I was under the impression Paul had just said that using snprintf() was OK now as it was part of C99 — though he mistyped C99 as C89
Oops, I thought that snprintf was in C89. I guess if we're still assuming only C89 or better then that's a bug that should be fixed. Please see attached proposed patch (parts 3 and 4, the latter to fix a typo in 3). For localtime.c, it's probably better to avoid sprintf/snprintf/etc. In the good old days people would avoid sprintf because it pulled in a bunch of floating-point code (to support %f etc.) even when not needed. Nowadays the major knock on sprintf/etc. is that it doesn't work if the result contains more than INT_MAX bytes. That being said, strcat should be avoided there, if only to pacify picky compilers and human readers that worry about a buffer overrun that cannot really happen. I installed the attached patches 1 and 2 to try to make progress in that area.