https://gcc.gnu.org/bugzilla/show_bug.cgi?id=80420
Bug ID: 80420
Summary: missing -Wformat-overfow on snprintf with excessive
bound
Product: gcc
Version: 7.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: tree-optimization
Assignee: unassigned at gcc dot gnu.org
Reporter: msebor at gcc dot gnu.org
Target Milestone: ---
The -Wformat-overflow/truncation options fail to diagnose the buffer overflow
in calls to snprintf where the specified bound is greater than the size of the
destination object. Both the overflow (when detected) and the excessive bound
(when the size of the function's output cannot be determined) should be
diagnosed.
$ cat c.c && gcc -c -O2 -Wall -Wextra -Wpedantic -Werror c.c
char d[4];
void f (void)
{
__builtin_snprintf (d, 10, "%-s", "123456789");
}
void g (const char *s)
{
__builtin_snprintf (d, 10, "%-s", s);
}
$
