Am Freitag, den 05.09.2014, 14:53 -0400 schrieb Rich Felker:
> See also asctime: it's even worse, specified to be UB, via potential
> buffer overflow, if the values are outside of the expected range.
> 
> These functions really just should not be used for anything. Short of
> rolling your own, strftime is the only correct way to format time as a
> string.

the corresponding xxx_s functions from Annex K are a bit better, here.

> At some point it would be nice to make a big list of standard C
> functions that are utterly unusable due to UB on errors. Unusable due
> to lack of thread safety is another big area, too.

Annex K can basically be read as such a list (for C itself, not POSIX)
and gives replacements for them, I think.

Implementing these functions, using them with a constraint handler
that is set to ignore_handler_s, and checking for the return values of
the functions is a realistic alternative to all this UB stuff.

Jens

-- 
:: INRIA Nancy Grand Est ::: AlGorille ::: ICube/ICPS :::
:: ::::::::::::::: office Strasbourg : +33 368854536   ::
:: :::::::::::::::::::::: gsm France : +33 651400183   ::
:: ::::::::::::::: gsm international : +49 15737185122 ::
:: http://icube-icps.unistra.fr/index.php/Jens_Gustedt ::