Have a routine that takes a buffer, a strftime format, and a struct tm *
as arguments, and:
* checks whether the struct tm * is null and, if so, returns a string
indicating that the date and time couldn't be converted;
* otherwise, passes it to strftime(), along with the buffer and the
format argument and, if strftime() returns 0, meaning the string didn't
fit into the buffer and thus that the buffer's contents are undefined,
returns a string indicating that the date and time didn't fit into the
buffer;
* otherwise, returns a pointer to the buffer.
Call that routine instead of directly calling strftime() in printers;
that prevents printing a buffer with undefined data if the buffer isn't
big enough for the string.
Also, when generating file names using an strftime format, check the
return value of strftime() to make sure the buffer didn't overflow.
It's specified by the C90 standard (and, as I remember, by the C89
standard, although I no longer have my paper copy); no need to worry
about ancient environments that lack it, and we have some cases where we
call it in code not protected by #ifdef HAVE_STRFTIME/#endif and haven't
seen any reports of problems.
