printf(3) says for snprintf: The snprintf() and vsnprintf() functions will write at most size-1 of the characters printed into the output string (the size'th character then gets the terminating `\0'); the part in parenteses is incorrect: size'th character is outside buffer of [size] characters. It should instead say "(size-1)'th character" (which is last in the buffer).
On Tue, 23 Jul 2013, Dmitry Marakasov wrote: > > >> Description: > printf(3) says for snprintf: > > The snprintf() and vsnprintf() functions will write at most size-1 of the > characters printed into the output string (the size'th character then > gets the terminating `\0'); > > the part in parenteses is incorrect: size'th character is outside > buffer of [size] characters. It should instead say "(size-1)'th > character" (which is last in the buffer). I think one could argue either way. The character with index (size-1) gets the NUL byte, but if one says that the first character is the one with index 0, then it is in fact the size'th character which receives the NUL. -Ben Kaduk
Created attachment 146411 [details] new patch New patch which resolves the ambiguity
I agree with Ben that it could be argued either way. However, the description should be unambiguous, so that ambiguity exists is an argument for a change.
I came across this bug after doing an overhaul of the printf.3 manual page which is currently in review phase. I think the updates address this concern, while it is different. There are updates that consider the "infinite" problem. If this pull request does not meet this:https://github.com/freebsd/freebsd-src/pull/1200 Maybe we can address it, during this review cycle.