https://gcc.gnu.org/bugzilla/show_bug.cgi?id=83733
--- Comment #2 from Tim Van Holder <tim.vanholder at anubex dot com> --- Created attachment 43062 --> https://gcc.gnu.org/bugzilla/attachment.cgi?id=43062&action=edit Testcase Testcase attached. Compiling with "gcc -c -Wall -Wextra -Werror -O3 gcc83733.c" yields: gcc83733.c: In function ‘caller1’: gcc83733.c:33:44: error: ‘%02d’ directive writing between 2 and 6 bytes into a region of size 4 [-Werror=format-overflow=] sprintf (r->definition.ddname, "CMPRT%02d", foo); ^~~~ gcc83733.c:33:38: note: directive argument in the range [-32768, 32767] sprintf (r->definition.ddname, "CMPRT%02d", foo); ^~~~~~~~~~~ gcc83733.c:33:7: note: ‘sprintf’ output between 8 and 12 bytes into a destination of size 9 sprintf (r->definition.ddname, "CMPRT%02d", foo); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ gcc83733.c: In function ‘caller2’: gcc83733.c:33:44: error: ‘%02d’ directive writing between 2 and 6 bytes into a region of size 4 [-Werror=format-overflow=] sprintf (r->definition.ddname, "CMPRT%02d", foo); ^~~~ gcc83733.c:33:38: note: directive argument in the range [-32768, 32767] sprintf (r->definition.ddname, "CMPRT%02d", foo); ^~~~~~~~~~~ gcc83733.c:33:7: note: ‘sprintf’ output between 8 and 12 bytes into a destination of size 9 sprintf (r->definition.ddname, "CMPRT%02d", foo); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ There seem to be several subtleties involved. For example, dropping the 'definition' struct (making 'ddname' a field directly in 'foo_t') changes the diagnostic, claiming there's 11 bytes in the target (slack space in the struct?).
