Null termination for char array of size 1 while using sprintf

Question

I am performing sprintf on a char array of size 1 and the code works fine. i.e strlen returns 1 even though it may not be null terminated. To my understanding sprintf will do null termination, however in this case it does not have enough space. Can someone explain the reason it works?

#include <stdio.h>
#include <string.h>
#define STATUS "1"
int main(void){
    char *data = malloc(1);
    sprintf(data, "%s", STATUS);
    printf(">%s<\n", data);
    printf(">%d<\n", strlen(data));
}

Output

>1<
>1<

Answer 1

The program has undefined behavior.

It works because in general malloc allocates memory chunks multiple by the paragraph size equal to 16 or some other implementation defined value.

Answer 2

You want snprintf()

if (snprintf(data, SIZE, "%s", STATUS) >= SIZE) /* not enough space */;

---

#include <stdio.h>

int main(void) {
    char buf[10];
    for (int k = 0; k < 6; k++) {
        int res = snprintf(buf, k, "%s", "foo");
        printf("%d: snprintf() returned %d; buf has [%s] (%d chars)\n",
              k, res, buf, (int)strlen(buf));
    }
    return 0;
}

And that program outputs

0: snprintf() returned 3; buf has [] (0 chars)
1: snprintf() returned 3; buf has [] (0 chars)
2: snprintf() returned 3; buf has [f] (1 chars)
3: snprintf() returned 3; buf has [fo] (2 chars)
4: snprintf() returned 3; buf has [foo] (3 chars)
5: snprintf() returned 3; buf has [foo] (3 chars)

See ideone