https://gcc.gnu.org/bugzilla/show_bug.cgi?id=71501
Martin Sebor <msebor at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Keywords| |diagnostic
Status|UNCONFIRMED |NEW
Last reconfirmed| |2016-06-11
CC| |msebor at gcc dot gnu.org
Depends on| |49905, 71296
Summary|printf %s error on str[5], |missing warning on printf
|for example: strncpy(str, |%s with a non-nul
|"12345", 5) |terminated string
Ever confirmed|0 |1
Severity|normal |enhancement
--- Comment #2 from Martin Sebor <msebor at gcc dot gnu.org> ---
Right, the test case is invalid. But it would be helpful if GCC issued a
warning for it.
With optimization, tree-ssa-strlen.c is able to detect that the array created
by strncpy isn't NUL-terminated. Printf should be able to use that information
to diagnose its use in a %s directive. The latter depends on bug 49905 being
resolved in a smart way, and on __builtin_printf being hooked into the strlen
optimization. Similarly, other string manipulation functions should be able to
detect the same problem (this part is the subject of bug 71296).
Since this is related to something I'm investigating I'll take the liberty to
confirm this report as an enhancement request for such a warning.
Referenced Bugs:
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=49905
[Bug 49905] Better sanity checking on sprintf src & dest to produce warning for
dodgy code ?
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=71296
[Bug 71296] missing warning on strcat appending to a non-string
