top | item 39253479

(no title)

bodyfour | 2 years ago

Probably the person you're replying to is just confused because before it was standardized some snprintf() implementations returned -1 on overflow. If you were trying to be portable and defensive you'd need to check for either error return.

Not really a concern inside musl because those implementations are probably long gone and because it's calling its own snprintf() anyway.

discuss

knorker|2 years ago

I'm not confused. I know that some snprintf implementations returns/returned -1 on overflow. I assume that musl doesn't, because it's a fine library.

> If you were trying to be portable and defensive you'd need to check for either error return.

Including defensive against future changes.

I'm sure thousands of bugs are being written every day because people don't check return values that "can't happen", because they know the code they call. Then 10-20 years later, someone changes that code they depend on, without violating the contract.

I encounter these kinds of bugs all the time. There's a simple way to avoid them: Check the damn return values, even if just with an assert.

The extra annoying ones are ones with a comment saying "Can't happen", that then does happen. The person who wrote that could have spent about the same number of characters simply handling the "can't happen".

We can't get away from Hyrum's Law, but we sure can try to minimize its impact.