Security issue: C runtime functions snprintf and vsnprintf return code is very much non-standard.

This is useful because it allows C code to write functions securely and detect would-be buffer overruns that might result in security exposures. 

The return value for snprintf and vsnprintf are not consistent with C99 standard and most all other C runtime library implementations including IBM Z C standard library.

Many security exposures are due to 'buffer overruns'.   sprintf is a function that can be a major source of buffer overruns because only a pointer and no length is passed to the function, allowing it to write beyond the buffer's size.

snprintf attempts to overcome this problem by including the length.   In addition the C99 standard allows the caller to determine if a buffer overrun "would have" occurred and indicates that not all the data was written due to a short buffer.  It does this by returning the number of bytes that would have been written (not including null) rather than the number of bytes actually written (not including null)

C on IBM Z/os supports the proper return value semantics for snprintf. 
IBM ILE C states that the compiler supports a subset of the C99 standard and has an *ANSI option as well but nothing I've done can seem to get snprintf to return the number of bytes that would have been written.

The C run-time library does document the actual behavior, but it is very reasonable for a user calling a C standard library function to google the function name and nearly all results report that snprintf returns the number of bytes that 'would have' been written.

Please provide a C macro that can be defined that allows the modern standard implementation to be used rather than the long antiquated behavior we have now, so that we can write robust, secure code.   I'm assuming you don't want to change existing behavior so as not to break code, but you actually document that you may do that in one of your manuals as you make changes to meet standards.