[Bug c/77762] Incorrect destination buffer length in -Wformat-length warning

Tue, 27 Sep 2016 15:14:36 -0700 

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=77762

Martin Sebor <msebor at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |ASSIGNED
           Assignee|unassigned at gcc dot gnu.org      |msebor at gcc dot 
gnu.org
      Known to fail|                            |7.0

--- Comment #2 from Martin Sebor <msebor at gcc dot gnu.org> ---
It's a typo in the argument in the argument numbers.  I'll post a patch
shortly.

The rationale for the warning is that specifying a size that's larger than the
size of the destination is most likely a bug that users will want to know about
before it's committed or the software shipped.  Code that assumes truncation
doesn't happen will likely behave incorrectly.

It's worth pointing out that the gimple-ssa-sprintf pass isn't the only one
that issues a warning for such code.  Another (similar, though misleadingly
worded) warning is issued by builtins.c:

$ cat zzz.c && /build/gcc-trunk-svn/gcc/xgcc -B /build/gcc-trunk-svn/gcc -S
-Wall -Wformat-length=1 zzz.c
char d [2];

void f (const char *s)
{
  __builtin___snprintf_chk (d, 4, 0, 2, s);
}
zzz.c: In function ‘f’:
zzz.c:5:3: warning: specified size 4 exceeds the size 2 of the destination
object [-Wformat-length=]
   __builtin___snprintf_chk (d, 4, 0, 2, s);
   ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
zzz.c:5:3: warning: call to __builtin___snprintf_chk will always overflow
destination buffer

Since the latter warning is obviated by the former I would like to remove the
latter at some point.

An argument could be made for issuing the warning only in cases when the return
value isn't properly checked (bug 77708 tracks this change request).  I think
the warning is useful even when the return value is checked (in part because
the test itself could be wrong), but I think it might make sense to consider
issuing it only with -Wformat-length=2 or (along with other warnings for
bounded functions like snprintf) under a separate option.

This is an easy change but before I make it I'd like to get more feedback on
the warning in general.

Reply via email to