> Todd's research revealed that jtc@ got the information from the
> C standard in 1995, so i just checked what C89 (sic!) says:
>
> 4.9.6.1 The fprintf function
> [...]
> The format shall be a multibyte character sequence, beginning and
> ending in its initial shift state. The format is composed of
> zero or more directives: ordinary multibyte characters (not % ),
> which are copied unchanged to the output stream; and conversion
> specifications, each of which results in fetching zero or more
> subsequent arguments.
I still don't understand Ingo
This means something to me:
which are copied unchanged to the output stream
Perhaps it should more clearly say "unchecked".
> In 7.19.6.1.14, C99 then goes on to say:
>
> The fprintf function returns the number of characters transmitted,
> or a negative value if an output or encoding error occurred.
If the format characters are "copied unchanged to the output stream"
without checks, then there are no errors to worry about from them
and that point is irrelevant.
> If an output error was encountered, these functions shall return a
> negative value and set errno to indicate the error.
>
> So C99 explicitly requires failure *for encoding errors* and
> explicitly requires multibyte encoding for the format string.
> So it appears that *everybody* (except us) is in blatant violation
> of C99.
I still see no words saying it must check the bytes in the
format string.
> To hell with multibyte characters! How on earth do so many dragons
> fit into such a small rabbit hole!
Breaking old software is unacceptable.
