Description:
We have a custom reimplementation of snprintf called my_snprintf, backported from 6.0 at some point in 2009.
my_snprintf has a number of deficiencies. In particular, it has buggy support for string widths (they are used in some parts of the code, but mostly ignored), broken 0 modifier on x, it lacks modern features such as %zu/%zd, and it has the wrong return value, potentially causing security issues in code expecting the correct one. It also doesn't support security hardening (-D__FORTIFY) nor format checking. Finally, it has two MySQL-proprietary extensions (%b and %`s) which nothing uses save for an example, and some character set support that's only really used for %`s and is always locked to UTF-8. It also has non-C99-conforming handling of string precision specifiers where a string is supposed to be cut in the middle of a code point, although you could call this a feature and not a bug.
The supposed advantages are consistent handling of %e and %p across platforms. These are not enough to outweigh the disadvantages, especially since %p should never show up in anything but debugging code and %e is hardly ever used.
Since C++11, we have std::snprintf with pretty much defined semantics. We should use it everywhere instead.
Documentation note: Plugins have had access to my_snprintf through an “snprintf service”. They should just use std::snprintf instead.
How to repeat:
N/A
Suggested fix:
N/A