[knorker]

I'm not confused. I know that some snprintf implementations returns/returned -1 on overflow. I assume that musl doesn't, because it's a fine library.

> If you were trying to be portable and defensive you'd need to check for either error return.

Including defensive against future changes.

I'm sure thousands of bugs are being written every day because people don't check return values that "can't happen", because they know the code they call. Then 10-20 years later, someone changes that code they depend on, without violating the contract.

I encounter these kinds of bugs all the time. There's a simple way to avoid them: Check the damn return values, even if just with an assert.

The extra annoying ones are ones with a comment saying "Can't happen", that then does happen. The person who wrote that could have spent about the same number of characters simply handling the "can't happen".

We can't get away from Hyrum's Law, but we sure can try to minimize its impact.