N1752 - tmpnam_s clears s[0] when maxsize > RSIZE

Document: N1752
Submitter: Martin Sebor
Submission Date: 2013-09-02
Source: WG 14
Reference Document: N1683
Version: 1.0
Date: September 2013
Subject: tmpnam_s clears s[0] when maxsize > RSIZE_MAX

Summary:

The majority of bounds checking functions are specified to set the first element of the destination buffer, s[0], to the NUL character when a constraint violation occurs and the s pointer is non-null and the size of the buffer is greater than zero and less than or equal to SIZE_MAX.

However, the tmpnam_s function sets s[0] to NUL even when maxsize is greater than RSIZE_MAX, making its behavior on constraint violation inconsistent with the rest.

Suggested Technical Corrigendum:

Change paragraph 8 in the Returns section of tmpnam_s to read:

If no suitable string can be generated, or if there is a runtime-constraint violation and s is not null and maxsize is greater than zero and not greater than RSIZE_MAX, the tmpnam_s function sets s[0] to the null character and returns a nonzero value.