https://gcc.gnu.org/bugzilla/show_bug.cgi?id=80535
Bug ID: 80535 Summary: missing -Wformat-overfow on POSIX directives with the apostrophe flag Product: gcc Version: 7.0 Status: UNCONFIRMED Severity: normal Priority: P3 Component: tree-optimization Assignee: unassigned at gcc dot gnu.org Reporter: msebor at gcc dot gnu.org Target Milestone: --- POSIX specifies that the meaning of the apostrophe flag character in a printf conversion specification is as follows: The integer portion of the result of a decimal conversion (%i, %d, %u, %f, %F, %g, or %G) shall be formatted with thousands' grouping characters. That means that every valid conversion specification that uses the apostrophe must result in no fewer bytes on output than the corresponding specification without the apostrophe. In addition, since the thousands' grouping character must be a single (possibly multibyte) character, it also places an upper bound on the bytes on output. The upper bound can be assumed to be at most the number of digits (before the decimal point) minus one times MB_LEN_MAX. The test case below shows that GCC doesn't take advantage of these constraints, either to detect buffer overflow, or to set the range on the return value from the sprintf function. $ cat c.c && gcc -O2 -S -Wall -Wextra -Wpedantic -fdump-tree-optimized=/dev/stdout c.c char d[1]; void f (void) { int n = __builtin_sprintf (d, "%'d", 123456); if (n < 5) __builtin_abort (); } c.c: In function âfâ: c.c:5:33: warning: ISO C does not support the ''' printf flag [-Wformat=] int n = __builtin_sprintf (d, "%'d", 123456); ^~~~~ ;; Function f (f, funcdef_no=0, decl_uid=1796, cgraph_uid=0, symbol_order=1) f () { int n; <bb 2> [100.00%]: n_3 = __builtin_sprintf (&d, "%\'d", 123456); if (n_3 <= 4) goto <bb 3>; [0.04%] else goto <bb 4>; [99.96%] <bb 3> [0.04%]: __builtin_abort (); <bb 4> [99.96%]: return; }