https://gcc.gnu.org/bugzilla/show_bug.cgi?id=83733
Bug ID: 83733
Summary: -Wformat-overflow false positive for %d on bounded
integer when inlining
Product: gcc
Version: 7.2.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: tree-optimization
Assignee: unassigned at gcc dot gnu.org
Reporter: tim.vanholder at anubex dot com
Target Milestone: ---
Given code similar to
struct foo {
char buf[9];
};
void fun(struct foo* pfoo, int report) {
if (report < 0 || report >= 32)
return;
...
sprintf (pfoo->buf, "CMPRT%02d", report);
}
There is no diagnostic when compiling without inlining active (which is
correct, given that report is constrained to [0,31], which does not overflow
%02d).
However, with optimizations enabled, I get errors like the following reported
for some (but not all) of fun()'s callers:
src.c: In function ‘caller_of_fun()’:
src.c:123:45: error: ‘%02d’ directive writing between 2 and 6 bytes into a
region of size 4 [-Werror=format-overflow=]
sprintf (pfoo->buf, "CMPRT%02d", report);
^~~~
src.c:123:45: note: directive argument in the range [-32768, 32767]
sprintf (pfoo->buf, "CMPRT%02d", report);
^~~~~~~~~~~
src.c:123:45: note: ‘sprintf’ output between 8 and 12 bytes into a destination
of size 9
sprintf (pfoo->buf, "CMPRT%02d", report);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
