Bruno Haible writes:
>> The culprit is pretty clearly this code in lib/vasnprintf.c:
>>
>> case 's':
>> [...]
>> tmp_length = strlen (a.arg[dp->arg_index].a.a_string);
>>break;
>
> How did you find this? I thought that valgrind only runs
Hi Ben.
> But running valgrind on test-vasnprintf when USE_SNPRINTF is not
> selected, when the appended patch to test-vasnprintf.c is
> applied, makes it clear that vasnprintf() will read beyond the
> specified precision:
>
> ==3968== Conditional jump or move depends on uninitialised value(s
