On 10/23/2013 03:05 AM, Noah Misch wrote:
> I would vote for choosing the standard we want vsnprintf() to follow (probably
> C99) and substituting a conforming implementation wherever "configure" detects
> that libc does not conform. We'll be shipping some replacement vsnprintf() in
> any case; we may as well use it to insulate the rest of our code from
> less-preferred variants.
Do you care about the snprintf behavior on very large buffers (larger
than INT_MAX)? Then there's further complication, and it's an area
where glibc behavior is likely to change in the future (because it is
claimed that C99 and POSIX conflict, and glibc implements neither behavior).
--
Florian Weimer / Red Hat Product Security Team
