https://gcc.gnu.org/bugzilla/show_bug.cgi?id=82694
--- Comment #7 from amker at gcc dot gnu.org ---
I didn't go through all the differences, but below is an example of using
wrapping behavior for pointers:
int vsnprintf(char *buf, size_t size, const char *fmt, va_list args)
{
unsigned long long num;
char *str, *end;
struct printf_spec spec = {0};
//...
str = buf;
end = buf + size;
if (end < buf) {
end = ((void *)-1);
size = end - buf;
}
//...
}
int vsprintf(char *buf, const char *fmt, va_list args)
{
return vsnprintf(buf, ((int)(~0U>>1)), fmt, args);
}
So vsnprintf get 0x7fffffff as the second argument, the comparison between end
and buf gets folded with undefined overflow behavior assumption.
