On May 22, 10:54am, marti...@google.com (Martin Buchholz) wrote:
-- Subject: Re: RFR 9: 8074818: Resolve disabled warnings for libjava
| I agree it's a good idea to increase safety by replacing calls to *printf
| with calls to *nprintf, BUT when we do so we should also add debugging
| assertions that the message fits into the buffer.
|
| - sprintf(errmsg, format, errnum, detail);
| + snprintf(errmsg, fmtsize, IOE_FORMAT, errnum, detail);
|
| How about
|
| int needed = snprintf(...)
| assert(needed <= fmtsize);
This only works if fmtsize is unsigned (which I hope it is) when snprintf
returns < 0. It will also produce a warning with -Wsign-compare.
For safety you could do:
assert((size_t)needed <= fmtsize)
christos
