https://gcc.gnu.org/bugzilla/show_bug.cgi?id=79538
Bug ID: 79538
Summary: missing -Wformat-overflow with %s and global array
arguments
Product: gcc
Version: 7.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: middle-end
Assignee: unassigned at gcc dot gnu.org
Reporter: msebor at gcc dot gnu.org
Target Milestone: ---
The -Wformat-overflow option detects the possible buffer overflow in function f
below but missed the same possible overflow in function g. The function it
relies on to detect the sizes of the array, get_range_strlen() in
gimple-fold.c, handles member arrays but not the non-member array case.
$ cat u.c && gcc -O2 -S -Wall -Wformat-overflow u.c
char d[3];
struct S {
char a3[3];
char a4[4];
};
void f (int i, const struct S *p)
{
const char *s = i < 0 ? p->a3 : p->a4;
__builtin_sprintf (d, "%-s", s);
}
char a3[3];
char a4[4];
void g (int i)
{
const char *s = i < 0 ? a3 : a4;
__builtin_sprintf (d, "%-s", s);
}
u.c: In function ‘f’:
u.c:11:25: warning: ‘__builtin_sprintf’ may write a terminating nul past the
end of the destination [-Wformat-overflow=]
__builtin_sprintf (d, "%-s", s);
^~~~~
u.c:11:3: note: ‘__builtin_sprintf’ output between 1 and 4 bytes into a
destination of size 3
__builtin_sprintf (d, "%-s", s);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
