When overflowing the buffer, the size will be increased, but no data is written, meaning the runtime will keep walking arguments into an uninitialized portion of the buffer. To fix this, we should change the compiler to either:
Decrement the size after realizing we won't fit -- would potentially be racy against a smaller printf op that could fit but didn't because the size was already overflowed.
Use a compare-exchange loop on the size to avoid writing a too-large size.
The spec says: If the format is exhausted while arguments remain, the excess arguments are evaluated (as always) but are otherwise ignored. That means we need to store a size of the amount of args data that was written, so we can skip to the next printf entry. Options include:
Write a printf ID instead of a pointer to the format string, and use metadata to reflect a mapping of ID => (format, arg size(s)).
After the format string pointer, write the args size. Increases the amount of space used per printf, but that probably doesn't matter.
Two bugs:
If the format is exhausted while arguments remain, the excess arguments are evaluated (as always) but are otherwise ignored.That means we need to store a size of the amount of args data that was written, so we can skip to the next printf entry. Options include: