> + unsigned int max_digit_string_len > + = (suffix > + ? max_out (suffix) > + : MAX (INT_STRLEN_BOUND (unsigned int), digits));
That should be size_t, not unsigned int, since max_out returns a size_t, and it could return a value greater than UINT_MAX. For example, the user might run "csplit -b %4294967296d" and on a 64-bit host max_out will return UINTMAX + 1. While we're on the subject of undefined printf behavior, perhaps we should be rejecting any attempt to use a printf format like %4294967296d that uses a width or precision greater than INT_MAX? POSIX seems to say that such a format should work, but I'll bet nobody does it right (glibc doesn't). For safety we might want to be truncating large widths or precisions to INT_MAX, or rejecting them.
