cybersecurity · intermediate · ~15 min

Fix the sprintf overflow

`snprintf` semantics and how to detect truncation.

Challenge

Replace an unsafe sprintf with snprintf. Implement int format_user(char *out, size_t out_sz, const char *name, int score) that writes "<name>: <score>" to out. Return 0 on success or -1 if the result would be truncated. Always NUL-terminate.

Starter code

#include <stdio.h>
#include <stddef.h>

int format_user(char *out, size_t out_sz, const char *name, int score) {
    /* TODO */
    return -1;
}

Solve this exercise in the browser editor — compile and run against the test harness, no setup required.