Brent Verner <brent@rcfile.org> writes:
> formatting '-1040' with '%u'
> snprintf = 18446744073709550576
> sprintf = 4294966256
> oidout() is where the offending call originates, FWIW.
> snprintf(result, 12, "%u", o);
Hm. This is clearly a bug in snprintf. Did I understand you correctly
that configure is choosing backend/port/snprintf.c rather than one from
the C library? If so, it should be straightforward to fix.
> 1) could the openssh code be a candidate to replace our version? It
> looks quite a bit more 'featureful', and I'd imagine it is about
> as safe as snprintf gets.
(a) what's the license? (b) is it a lot bigger than the one we have?
> 2) do we _need_ oidout() to "%u", or could we "%lu" and fully take
> advantage of the longer long on 64bit platforms?
OID is 4 bytes and %u is the correct format for it. 8-byte OIDs are a
can of worms that we will *not* open just now.
regards, tom lane
