VS 2017 _vsnprintf changed behaviour

I have a function with variable arguments used for logging purposes. After some custom manipulation with passed buffer it calls _vsnprintf_s to format the buffer. One of our clients recently passed format string with single percentage inside and application built with VS 2017 where CRT resides in ucrtbase.dll crashed, while the same function in same application only built with VS 2013 was able to handle it. Format string was:

"...10% text..."


Though I agree that format string is incorrect what worries me is that application built with VS 2013 was somehow handling it and output was:

"...10 ..."


so without offending % while application built with VS 2017 crashed. I tried switching between std14 and std17 - no difference. I'm using std17 currently. While debugging I noticed it was failing here:

_Success_(return >= 0)
_Check_return_opt_ _CRT_INSECURE_DEPRECATE(_vsnprintf_s_l)
_CRT_STDIO_INLINE int __CRTDECL _vsnprintf_l(
_Out_writes_opt_(_BufferCount) _Post_maybez_ char* const _Buffer,
_In_ size_t const _BufferCount,
_In_z_ _Printf_format_string_params_(2) char const* const _Format,
_In_opt_ _locale_t const _Locale,
va_list _ArgList
)
#if defined _NO_CRT_STDIO_INLINE
;
#else

int const _Result = __stdio_common_vsprintf(
_CRT_INTERNAL_LOCAL_PRINTF_OPTIONS
#endif


With message

Expression: _length == length_modifier::none


However in Release mode it was crashing. This tells me that CRT implementation probably changed with regards to handling incorrectly used percent in format string. The solution would be to scan entire format string prior to passing it - but I'd like to avoid it, cuase it would slow things down significantly. I tried to use StringCchVPrintfEx, but it turned out, it ended up calling the same method. I'm very opened to suggestions.

_s

By clicking "Post Your Answer", you acknowledge that you have read our updated terms of service, privacy policy and cookie policy, and that your continued use of the website is subject to these policies.