That little-known feature turns out to be crucial if you're not careful. printf returns how many bytes were printed. snprintf returns how many bytes would have been printed had the buffer been large enough. Useful for sizing your buffer, but making it a dangerous printf replacement if you don't know the difference.

Cisco and many of Ciscro's customers found out the hard way (during CitrixBleed, https://www.assetnote.io/resources/research/citrix-bleed-lea...), leaking random blocks of memory in the proprietary, C-based web server of their security appliance that gets compromised every now and then.

▲

sumtechguy 2 days ago | parent [-]

Always read the docs of your system. All of the xxprintf functions are not the same. They are sneaky and look the same on the surface. Even silly things like what the % items do can vary between platforms, or have different meanings, or be missing all together.

▲

MintPaw 2 days ago | parent [-]

This has annoyed me a lot, crazy you can't rely on the print functions being the same on different platforms. This is why I always add stb_sprintf and make an allocSprintf() that allocates the right sized buffer first.

	▲	abnercoimbre 19 hours ago \| parent [-]
		New nightmare scenario unlocked.