05-04-2018, 10:56 AM
There is no source buffer in the signature of snprintf.
You should carefully study Annex J.2 items 138-166 and 186 (as referenced in the rule) in ISO 9899 (C99 language specification) and you will realize that snprintf just does not belong in production level code.
At least i can't imagine any valid deviation permit.
Are you able to implement something like the trick below (_DEBUG not active for static analysis / release build)?
You should carefully study Annex J.2 items 138-166 and 186 (as referenced in the rule) in ISO 9899 (C99 language specification) and you will realize that snprintf just does not belong in production level code.
At least i can't imagine any valid deviation permit.
Are you able to implement something like the trick below (_DEBUG not active for static analysis / release build)?
Code:
#ifdef _DEBUG
#define LOG_CONSOLE(str, size, format, ...) snprintf(str, size, format, __VA_ARGS)
#else
#define LOG_CONSOLE(str, size, format, ...) (void)0
#endif
<t></t>