https://gcc.gnu.org/bugzilla/show_bug.cgi?id=83139
Martin Sebor <msebor at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Keywords| |diagnostic
Status|UNCONFIRMED |RESOLVED
CC| |msebor at gcc dot gnu.org
Resolution|--- |INVALID
--- Comment #3 from Martin Sebor <msebor at gcc dot gnu.org> ---
A reduced test case showing the IL the checker sees is below. Your analysis is
correct. The checker determines that the call to snprintf takes place when the
destination pointer is null and so issues a warning. The call can also be made
when the destination pointer isn't null, so arguably the checker could walk up
the CFG to try to distinguish these two cases and issue a "destination pointer
may be null" kind of a warning to make it clear that the call may but need not
be safe. But I think the warning is useful regardless of how it's phrased so
I'll go ahead and resolve this report as invalid.
$ cat c.c && gcc -O2 -S -Wall -fdump-tree-printf-return-value=/dev/stdout c.c
/ssd/build/gcc-svn/gcc/xgcc -B /ssd/build/gcc-svn/gcc -O2 -S -Wall
-fdump-tree-printf-return-value=/dev/stdout c.c
;; Function get_config_path (get_config_path, funcdef_no=1, decl_uid=1897,
cgraph_uid=1, symbol_order=1)
c.c:13: __builtin_snprintf: objsize = 4294967295, fmtstr = "abc"
Directive 1 at offset 0: "abc", length = 3
Result: 3, 3, 3, 3 (3, 3, 3, 3)
Directive 2 at offset 3: "", length = 1
Substituting 3 for return value.
c.c: In function ‘get_config_path’:
c.c:20:2: warning: null destination pointer [-Wformat-truncation=]
__builtin_snprintf (pbuf, bufsize, "def");
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
c.c:20: __builtin_snprintf: objsize = 4294967295, fmtstr = "def"
Directive 1 at offset 0: "def", length = 3
Result: 3, 3, 3, 3 (3, 3, 3, 3)
Directive 2 at offset 3: "", length = 1
Substituting 3 for return value.
get_config_path (char * default_path, char * pbuf, unsigned int bufsize)
{
long unsigned int _1;
char * _2;
char _10;
char _11;
char _12;
<bb 2> [local count: 1073741825]:
if (default_path_4(D) != 0B)
goto <bb 3>; [70.00%]
else
goto <bb 4>; [30.00%]
<bb 3> [local count: 751619277]:
_10 = *default_path_4(D);
if (_10 != 0)
goto <bb 7>; [34.00%]
else
goto <bb 4>; [66.00%]
<bb 4> [local count: 818191271]:
_1 = (long unsigned int) bufsize_6(D);
__builtin_snprintf (pbuf_7(D), _1, "abc");
if (pbuf_7(D) != 0B)
goto <bb 5>; [70.00%]
else
goto <bb 9>; [30.00%]
<bb 5> [local count: 572733889]:
_11 = *pbuf_7(D);
if (_11 != 0)
goto <bb 6>; [34.00%]
else
goto <bb 8>; [66.00%]
<bb 6> [local count: 560844966]:
<bb 7> [local count: 1073741823]:
# _2 = PHI <0B(9), default_path_4(D)(3), pbuf_7(D)(6), 0B(8)>
return _2;
<bb 8> [local count: 436423223]:
__builtin_snprintf (pbuf_7(D), _1, "def");
_12 = *pbuf_7(D);
if (_12 != 0)
goto <bb 6>; [83.89%]
else
goto <bb 7>; [16.11%]
<bb 9> [local count: 187038523]:
__builtin_snprintf (0B, _1, "def");
goto <bb 7>; [100.00%]
}
