This doesn't seem correct to me. According to MSDN, sprintf_s checks for valid formatting chars (in addition to the buffer and format arguments) and invokes an invalid parameter handler if something bad turns up. It then returns -1 with errno set to EINVAL if execution is allowed to continue. Additionally, if the buffer is too small to hold the resulting string, it is made an empty string and invokes the invalid parameter handler. It also guarantees the output buffer is null terminated.
http://msdn.microsoft.com/en-us/library/ce3zzk1k(VS.80).aspx
