stb_sprintf asan buffer overflow detect

[vominh2012]

I got some overflow detect with very simple test case:

stb_sprintf - v1.10

#define STB_SPRINTF_IMPLEMENTATION 
#include "stb_sprintf.h"

int main()
{
    char buffer[512] = {};
    stbsp_sprintf(buffer, "%s %d %d", "123", 1, 2);
}

Compiled with vs2022: cl /Od /Zi /fsanitize=address test.cpp

ASAN Trace Logs
==26880==ERROR: AddressSanitizer: global-buffer-overflow on address 0x7ff72a28fd88 at pc 0x7ff72a221949 bp 0x00b7e7f2eb80 sp 0x00b7e7f2eb80
READ of size 4 at 0x7ff72a28fd88 thread T0
#0 0x7ff72a221948 in stbsp_vsprintfcb D:\sources\my\tests\stb_printf\stb_sprintf.h:409
#1 0x7ff72a22156e in stbsp_sprintf D:\sources\my\tests\stb_printf\stb_sprintf.h:1381
#2 0x7ff72a22c0a7 in main D:\sources\my\tests\stb_printf\test.cpp:7
#3 0x7ff72a22e793 in invoke_main D:\a_work\1\s\src\vctools\crt\vcstartup\src\startup\exe_common.inl:78
#4 0x7ff72a22e793 in __scrt_common_main_seh D:\a_work\1\s\src\vctools\crt\vcstartup\src\startup\exe_common.inl:288
#5 0x7ffbe331e8d6 (C:\WINDOWS\System32\KERNEL32.DLL+0x18002e8d6)
#6 0x7ffbe419fbcb (C:\WINDOWS\SYSTEM32\ntdll.dll+0x1800dfbcb)

0x7ff72a28fd89 is located 0 bytes after global variable '<C++ string literal>' defined in 'test.cpp:7:26' (0x7ff72a28fd80) of size 9
'<C++ string literal>' is ascii string '%s %d %d'
SUMMARY: AddressSanitizer: global-buffer-overflow D:\sources\my\tests\stb_printf\stb_sprintf.h:409 in stbsp_vsprintfcb
Shadow bytes around the buggy address:
0x7ff72a28fb00: f9 f9 f9 f9 00 00 00 00 00 00 00 00 00 00 00 00
0x7ff72a28fb80: 00 f9 f9 f9 f9 f9 f9 f9 00 00 00 00 00 00 00 00
0x7ff72a28fc00: 00 00 00 00 00 f9 f9 f9 f9 f9 f9 f9 00 00 00 00
0x7ff72a28fc80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x7ff72a28fd00: f9 f9 f9 f9 04 f9 f9 f9 04 f9 f9 f9 04 f9 f9 f9
=>0x7ff72a28fd80: 00[01]f9 f9 00 00 00 00 00 00 00 00 00 00 00 00
0x7ff72a28fe00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x7ff72a28fe80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x7ff72a28ff00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x7ff72a28ff80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x7ff72a290000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==26880==ABORTING

[vominh2012]

Sorry just find out it duplicate with #1719