https://gcc.gnu.org/bugzilla/show_bug.cgi?id=80535
Bug ID: 80535
Summary: missing -Wformat-overfow on POSIX directives with the
apostrophe flag
Product: gcc
Version: 7.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: tree-optimization
Assignee: unassigned at gcc dot gnu.org
Reporter: msebor at gcc dot gnu.org
Target Milestone: ---
POSIX specifies that the meaning of the apostrophe flag character in a printf
conversion specification is as follows:
The integer portion of the result of a decimal conversion (%i, %d, %u, %f,
%F, %g, or %G) shall be formatted with thousands' grouping characters.
That means that every valid conversion specification that uses the apostrophe
must result in no fewer bytes on output than the corresponding specification
without the apostrophe. In addition, since the thousands' grouping character
must be a single (possibly multibyte) character, it also places an upper bound
on the bytes on output. The upper bound can be assumed to be at most the
number of digits (before the decimal point) minus one times MB_LEN_MAX.
The test case below shows that GCC doesn't take advantage of these constraints,
either to detect buffer overflow, or to set the range on the return value from
the sprintf function.
$ cat c.c && gcc -O2 -S -Wall -Wextra -Wpedantic
-fdump-tree-optimized=/dev/stdout c.c
char d[1];
void f (void)
{
int n = __builtin_sprintf (d, "%'d", 123456);
if (n < 5)
__builtin_abort ();
}
c.c: In function âfâ:
c.c:5:33: warning: ISO C does not support the ''' printf flag [-Wformat=]
int n = __builtin_sprintf (d, "%'d", 123456);
^~~~~
;; Function f (f, funcdef_no=0, decl_uid=1796, cgraph_uid=0, symbol_order=1)
f ()
{
int n;
<bb 2> [100.00%]:
n_3 = __builtin_sprintf (&d, "%\'d", 123456);
if (n_3 <= 4)
goto <bb 3>; [0.04%]
else
goto <bb 4>; [99.96%]
<bb 3> [0.04%]:
__builtin_abort ();
<bb 4> [99.96%]:
return;
}
