**Submitter:** Douglas Walls

**Submission Date:** 2013-05-12

**Source:**WG14

**Reference Document:** N1672, N1712

**Version:** 2.0

**Date:**

**Subject:** runtime-constraint issue with sprintf family of
routines in Annex K (ver 2)

**Summary**

In the "Runtime-constraints" section, K.3.5.3.5p2 first sentence it says:

"Neither s nor format shall be a null pointer. n shall neither equal

zero nor be greater than RSIZE_MAX."

So,

if (n == 0 || n > RSIZE_MAX)

/* runtime constraints violation */

This is clear. However the next paragraph K.3.5.3.5p3, says this about "s":

"If there is a runtime-constraint violation, then if s is not a null

pointer and n is greater than zero and less than RSIZE_MAX, then the

snprintf_s function sets s[0] to the null character."

So, it takes action when (n < RSIZE_MAX)

if (s != NULL && n > 0 && n < RSIZE_MAX)

s[0] = '\0';

Question here is, what if n equals RSIZE_MAX? Should we still reset

s[0]?

If I were to say this looks like a typo, would WG14 agree with me?

That is the text of K.3.5.3.5p3 should be:

If there is a runtime-constraint violation, then if s is not a null

pointer and n is greater than zero and not greater than RSIZE_MAX, then the

snprintf_s function sets s[0] to the null character.

This issue applies to all the sprintf family of routines in Annex K

Version 2.0 5/12/2013 of this paper revises the content of N1672 (DR428) to

include additional functions with the same RSIZE_MAX

issues as pointed out during review at the April 2013 WG14 meeting.

**Suggested Technical Corrigendum**

snprintf_s

Replace K.3.5.3.5p3 with:

If there is a runtime-constraint violation, then if s is not
a null

pointer and n is greater than zero and not greater than
RSIZE_MAX, then the

snprintf_s function sets s[0] to the null character.

sprintf_s

Replace K.3.5.3.6p3 with:

If there is a runtime-constraint violation, then if s is not
a null

pointer and n is greater than zero and not greater than
RSIZE_MAX, then the

sprintf_s function sets s[0] to the null character.

vsnprintf_s

Replace K.3.5.3.12p3 with:

If there is a runtime-constraint violation, then if s is not
a null

pointer and n is greater than zero and not greater than
RSIZE_MAX, then the

vsnprintf_s function sets s[0] to the null character.

vsprintf_s

Replace K.3.5.3.13p3 with:

If there is a runtime-constraint violation, then if s is not
a null

pointer and n is greater than zero and not greater than
RSIZE_MAX, then the

vsprintf_s function sets s[0] to the null character.

mbwtowcs_s

Replace K.3.6.5.1p3 last sentence with:

If dst is not a null pointer and dstmax is greater than
zero and not greater than

RSIZE_MAX, then mbstowcs_s sets dst[0] to the null wide
character.

wcstombs_s

Replace K.3.6.5.2p3 last sentence with:

If dst is not a null pointer and dstmax is greater than
zero and not greater than

RSIZE_MAX, then wcstombs_s sets dst[0] to the null
character.

snwprintf_s

Replace K.3.9.1.3p3 with:

If there is a runtime-constraint violation, then if s is
not a null pointer and n is

greater than zero and not greater than RSIZE_MAX, then the
snwprintf_s

function sets s[0] to the null wide character.

swprintf_s

Replace K.3.9.1.4p3 with:

If there is a runtime-constraint violation, then if s is
not a null pointer and n is

greater than zero and not greater than RSIZE_MAX, then the
swprintf_s

function sets s[0] to the null wide character.

vsnwprintf_s

Replace K.3.9.1.8p3 with:

If there is a runtime-constraint violation, then if s is
not a null pointer and n is

greater than zero and not greater than RSIZE_MAX, then the
vsnwprintf_s

function sets s[0] to the null wide character.

vswprintf_s

Replace K.3.9.1.9p3 with:

If there is a runtime-constraint violation, then if s is
not a null pointer and n is

greater than zero and not greater than RSIZE_MAX, then the
vswprintf_s

unction sets s[0] to the null wide character.

mbsrtowcs_s

Replace K.3.9.3.2.1p4 last sentence with:

If dst is not a null pointer and dstmax is greater than
zero and not greater than

RSIZE_MAX, then mbsrtowcs_s sets dst[0] to the null wide
character.

wcsrtombs_s

Replace K.3.9.3.2.2p13 last sentence with:

If dst is not a null pointer and dstmax is greater than
zero and not greater than

RSIZE_MAX, then wcsrtombs_s sets dst[0] to the null
character.