https://gcc.gnu.org/bugzilla/show_bug.cgi?id=79816
Bug ID: 79816
Summary: -Wformat-security should warn about missing or excess
precision/width in %s specifiers
Product: gcc
Version: 6.3.1
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: c
Assignee: unassigned at gcc dot gnu.org
Reporter: felix.von.s at posteo dot de
Target Milestone: ---
Created attachment 40869
--> https://gcc.gnu.org/bugzilla/attachment.cgi?id=40869&action=edit
Sample source code
gcc with -Wformat-security should warn if a printf-/scanf-style function is
passed a character array with a %s specifier that has missing or excess
precision/field width. For scanf-style functions, gcc should also warn if a %s
specifier is given without field width.
If the character array happens not to be null-terminated, a missing precision
specifier in printf() will trigger an out-of-bounds read, leading to an
information leak or a crash. As for scanf(), I don't think I need to explain;
it's another version of the gets() pitfall.
This feature would be good at catching mistakes like the one corrected here:
<https://github.com/dosfstools/dosfstools/commit/09769e678cb4c0235e3c395b6418ee329f41ec02>.
The attached file provides a summary of proposed behaviour.
