Uoti Urpala <[email protected]> writes: > On Wed, 2012-08-01 at 21:22 +0100, Måns Rullgård wrote: >> >>> +int snprintf(char *buffer, size_t bufsize, const char *fmt, ...) > >> >>> + if ((int)bufsize <= 0) return -1; > >> If bufsize > INT_MAX, that cast has unspecified behaviour. > > No, it's implementation-defined (you're probably confusing it with > arithmetic, but casts are not he same).
I am not confused, you are. 3.4.4 unspecified behavior use of an unspecified value, or other behavior where this International Standard provides two or more possibilities and imposes no further requirements on which is chosen in any instance [...] 6.3.1.3 Signed and unsigned integers When a value with integer type is converted to another integer type [...] Otherwise, the new type is signed and the value cannot be represented in it; either the result is implementation-defined or an implementation-defined signal is raised. Two or more alternatives are offered with no further requirement, hence it is unspecified behaviour. > BTW I wonder what perfectly standard-conforming snprintf is supposed to > do with huge sizes. The size limit has type size_t, but the return value > has type int, and is documented as "the number of characters that would > have been written had n been sufficiently large, not counting the > terminating null character, or a negative value if an encoding error > occurred". What if there was no encoding error, but the number of > characters was more than INT_MAX? EOVERFLOW -- Måns Rullgård [email protected] _______________________________________________ libav-devel mailing list [email protected] https://lists.libav.org/mailman/listinfo/libav-devel
