https://gcc.gnu.org/bugzilla/show_bug.cgi?id=79448
--- Comment #4 from Martin Sebor <msebor at gcc dot gnu.org> --- Ouch. When its size argument is zero, a snprintf call is a request to compute the size of output without actually writing any into the destination (which may be a null pointer). At level 2 the checker uses the lower bound of the range of the size argument (for greater strictness) but fails to distinguish it from a constant zero. Since the argument may or may not be zero this is not safe. I've raised bug 79496 to track the problem (which is unrelated to this bug).
