> printf %n is known to be dangerous for ages, and the secure variant printf_s which forbids it is nowhere implemented because politics
printf("...%n...",...) is fine[0], it's printf(not_a_literal,...) that's a problem, and forbidding %n just papers over it.
> Almost nobody uses the -Wformat attributes in its declarations
This is completely at odds with my experience (at least for any project serious enough to actually use -Wstuff options), although I don't claim that's necessarily representative.
> the wide variants of __attribute__(format(wprintf)) and wscanf are waiting to be implemented since 2008
So? Wide characters are evil and need to die; good riddance; use a real character encoding. This has nothing to do with printf, which operates on chars.
0: or least as fine as anything else that takes a pointer to a local variable to store results into; I guess you could argue that it ought to return everything as a struct/tuple, but C doesn't support variable-width structs.
printf("...%n...",...) is fine[0], it's printf(not_a_literal,...) that's a problem, and forbidding %n just papers over it.
> Almost nobody uses the -Wformat attributes in its declarations
This is completely at odds with my experience (at least for any project serious enough to actually use -Wstuff options), although I don't claim that's necessarily representative.
> the wide variants of __attribute__(format(wprintf)) and wscanf are waiting to be implemented since 2008
So? Wide characters are evil and need to die; good riddance; use a real character encoding. This has nothing to do with printf, which operates on chars.
0: or least as fine as anything else that takes a pointer to a local variable to store results into; I guess you could argue that it ought to return everything as a struct/tuple, but C doesn't support variable-width structs.