преобразование форматированного вывода (formatted output conversion)
Ошибки (баги) (Bugs)
Because sprintf() and vsprintf() assume an arbitrarily long
string, callers must be careful not to overflow the actual space;
this is often impossible to assure. Note that the length of the
strings produced is locale-dependent and difficult to predict.
Use snprintf() and vsnprintf() instead (or asprintf(3) and
vasprintf(3)).
Code such as printf(foo); often indicates a bug, since foo may
contain a % character. If foo comes from untrusted user input,
it may contain %n, causing the printf() call to write to memory
and creating a security hole.
