char n[100]; char *p=0; sprintf(n,"%s",p); gives SIGSEGV in glibc 2.6.1 and 2.9 in opposite: snprintf in such case gives "(NULL)" as expected sprintf in glibc 2.3.6 and 2.2.3 gives "(NULL)" correctly
Correctly is wrong word, as this is clearly undefined behavior, %s argument is supposed to be a pointer to the initial element of an array of character type, which NULL is not. And it actually has nothing to do with glibc, because it is GCC that optimizes the sprintf call into strcpy.
*** Bug 9858 has been marked as a duplicate of this bug. ***