we were not always checking if a recursive call went off the end of the
buffer and since snprintf uses a size_t which is assumed to be unsigned
it thinks the buffer is huge and writes the next line (over running the
buffer), following the overrun our "if (r > dst_len)" knows we did
something wrong, but the damage is done ... this can continue in a loop
over array items which will really screw the memory after the buffer
we were not always checking if a recursive call went off the end of the buffer and since snprintf uses a size_t which is assumed to be unsigned it thinks the buffer is huge and writes the next line (over running the buffer), following the overrun our "if (r > dst_len)" knows we did something wrong, but the damage is done ... this can continue in a loop over array items which will really screw the memory after the buffer