https://gcc.gnu.org/bugzilla/show_bug.cgi?id=80535

            Bug ID: 80535
           Summary: missing -Wformat-overfow on POSIX directives with the
                    apostrophe flag
           Product: gcc
           Version: 7.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: tree-optimization
          Assignee: unassigned at gcc dot gnu.org
          Reporter: msebor at gcc dot gnu.org
  Target Milestone: ---

POSIX specifies that the meaning of the apostrophe flag character in a printf
conversion specification is as follows:

  The integer portion of the result of a decimal conversion (%i, %d, %u, %f,
%F, %g, or %G) shall be formatted with thousands' grouping characters.

That means that every valid conversion specification that uses the apostrophe
must result in no fewer bytes on output than the corresponding specification
without the apostrophe.  In addition, since the thousands' grouping character
must be a single (possibly multibyte) character, it also places an upper bound
on the bytes on output.  The upper bound can be assumed to be at most the
number of digits (before the decimal point) minus one times MB_LEN_MAX.

The test case below shows that GCC doesn't take advantage of these constraints,
either to detect buffer overflow, or to set the range on the return value from
the sprintf function.

$ cat c.c && gcc -O2 -S -Wall -Wextra -Wpedantic
-fdump-tree-optimized=/dev/stdout c.c
char d[1];

void f (void)
{
  int n = __builtin_sprintf (d, "%'d", 123456);
  if (n < 5)
    __builtin_abort ();
}
c.c: In function ‘f’:
c.c:5:33: warning: ISO C does not support the ''' printf flag [-Wformat=]
   int n = __builtin_sprintf (d, "%'d", 123456);
                                 ^~~~~

;; Function f (f, funcdef_no=0, decl_uid=1796, cgraph_uid=0, symbol_order=1)

f ()
{
  int n;

  <bb 2> [100.00%]:
  n_3 = __builtin_sprintf (&d, "%\'d", 123456);
  if (n_3 <= 4)
    goto <bb 3>; [0.04%]
  else
    goto <bb 4>; [99.96%]

  <bb 3> [0.04%]:
  __builtin_abort ();

  <bb 4> [99.96%]:
  return;

}

Reply via email to