on Thu, 27 Aug 2020 10:03:07 -0400 you (Rich Felker ) wrote: > I think the behavior of crashing on inputs that are UB and that can't > safely be printed should probably be preserved, too; I'm not clear if > you had that in mind already. I'm rather indifferent on what happens > for inputs that are UB but that can faithfully be presented in the > allotted space. same for me In the sample implementation I have "goto CLEANUP" and an implicit guarantee that the output is always null terminated. This is more in the spirit of `snprintf` not to do bad things as soon the output buffer has at least 26 bytes. But we could also do `abort()`, `do_crash()`, whatever fits into musl's general strategy for error handling. Jens -- :: INRIA Nancy Grand Est ::: Camus ::::::: ICube/ICPS ::: :: ::::::::::::::: office Strasbourg : +33 368854536 :: :: :::::::::::::::::::::: gsm France : +33 651400183 :: :: ::::::::::::::: gsm international : +49 15737185122 :: :: http://icube-icps.unistra.fr/index.php/Jens_Gustedt ::