Austin Group Defect Tracker

Aardvark Mark IV

Viewing Issue Simple Details Jump to Notes ] Issue History ] Print ]
ID Category Severity Type Date Submitted Last Update
0001219 [1003.1(2008)/Issue 7] System Interfaces Objection Error 2018-12-12 17:29 2018-12-12 21:06
Reporter sebor View Status public  
Assigned To ajosey
Priority normal Resolution Open  
Status Under Review  
Name Martin Sebor
User Reference
Section snprintf
Page Number 906
Line Number 30447
Interp Status ---
Final Accepted Text
Summary 0001219: snprintf reequirement to fail when n > INT_MAX conflicts with C
Description The snprintf description states that:

  The functionality described on this reference page is aligned with the ISO C standard. Any conflict between the requirements described here and the ISO C standard is unintentional. This volume of POSIX.1-2008 defers to the ISO C standard.


  The snprintf() function shall fail if:
  [CX][EOVERFLOW] The value of n is greater than {INT_MAX}.

The requirement conflicts with C. C requires snprintf to succeed regardless of the value of n provided it outputs fewer than INT_MAX bytes. The POSIX requirement prevents implementations from conforming to the C requirement.

For example, the following strictly conforming C snippet must not trigger the assertion:

  char d[1];
  int n = snprintf (d, (size_t)INT_MAX + 1, "");
  assert (n == 0);

while in POSIX the assertion is required to fail.
Desired Action Remove the requirement for snprintf to fail when n > INT_MAX. Same for other variants of the function, such as vsnprintf.
Tags No tags attached.
Attached Files

- Relationships
related to 0000761Resolved 1003.1(2013)/Issue7+TC1 Requirement of error for snprintf with n>INT_MAX may conflict with ISO C 

-  Notes
sebor (reporter)
2018-12-12 17:48

An alternate solution might be to change C to adopt the same requirement.
sebor (reporter)
2018-12-12 20:29

I was pointed at the rejected bug 761. Having read through the discussion there, while I think C could and perhaps even should change in this area, I don't entirely agree with the conclusion in comment 0001930 that:

  The C standard does not specify the behavior when n > INT_MAX, so the current specified behavior does not conflict with the C standard.

The C standard does clearly specify the behavior for sprintf calls that produce INT_MAX bytes or less on output, regardless of the value of n: the function returns the size of the output. What C leaves undefined is the behavior of the function when the size of its output is greater than INT_MAX bytes.

So to avoid conflicts with C, POSIX can only specify additional requirements when the size of the function output exceeds INT_MAX. Otherwise, requiring calls like snprintf(d, SIZE_MAX, "") to fail does conflict with C. This causes portability problems to code that conforms strictly to the C requirements, and also to compilers like GCC that optimize snprintf calls based on the C requirements (see GCC bug 87096).

- Issue History
Date Modified Username Field Change
2018-12-12 17:29 sebor New Issue
2018-12-12 17:29 sebor Status New => Under Review
2018-12-12 17:29 sebor Assigned To => ajosey
2018-12-12 17:29 sebor Name => Martin Sebor
2018-12-12 17:29 sebor Section => snprintf
2018-12-12 17:29 sebor Page Number => 906
2018-12-12 17:29 sebor Line Number => 30447
2018-12-12 17:48 sebor Note Added: 0004182
2018-12-12 20:29 sebor Note Added: 0004183
2018-12-12 21:06 eblake Relationship added related to 0000761

Mantis 1.1.6[^]
Copyright © 2000 - 2008 Mantis Group
Powered by Mantis Bugtracker