On Wed, 2 Nov 2016, Christos Zoulas wrote:

In article <20161102003956.35d12f...@cvs.netbsd.org>,
Paul Goyette <source-changes-d@NetBSD.org> wrote:
-=-=-=-=-=-

+       /* Handle overflow */
+       if ((size_t)count >= *len) {
+               *dest += *len - 1;
+               *len = 1;

Why *len = 1 here? Shouldn't it be 0 since there is no more room left?

No.  :)

The maximum number of characters actually written by vsnprintf() will never exceed (len - 1). So, dest gets incremented by the max, and len gets decremented by the max.

There is always enough room left for vsnprintf() to create a new trailing NUL.


+------------------+--------------------------+------------------------+
| Paul Goyette     | PGP Key fingerprint:     | E-mail addresses:      |
| (Retired)        | FA29 0E3B 35AF E8AE 6651 | paul at whooppee.com   |
| Kernel Developer | 0786 F758 55DE 53BA 7731 | pgoyette at netbsd.org |
+------------------+--------------------------+------------------------+

Reply via email to