On Wed, Jul 10, 2024 at 7:33 AM Alex Naumov <alexander_nau...@opensuse.org> wrote:
> I still don't understand why we need this? > > REPORT_SNPRINTF(max, sizeof(buf)) > Adding a length limit to prevent a buffer overflow protects against malicious intentions. However, It truncates the destination string to something less than may have been intended by the author. If the user happens to be testing some new thing/feature/attribute and the destination string is silently truncated, it could take significant effort to discover what happened where and why. If the code automatically reports when (and where) it happened, the destination buffer can be easily adjusted to accommodate the intended string. Because I made no effort to completely understand each intended use of sprintf when I changed to snprintf, I treated every call the same, and used the conditional macro to report or remain silent. I'll take no offence if you remove it.
