https://gcc.gnu.org/bugzilla/show_bug.cgi?id=80354
--- Comment #8 from Martin Sebor <msebor at gcc dot gnu.org> ---
The problem in the pathname example is one of the bugs the warning is meant to
prevent. Allowing a pathname to be silently truncated can lead to bugs -- see
CWE 22 for some background and CVE-2002-0499 for an example of a vulnerability
that can result from it.
A simple way to avoid the warning while also avoiding bugs resulting from
unhandled truncation is to detect it and abort if it happens, e.g., like so:
struct Path { char a[256]; };
void f (struct Path *d, const struct Path *s, int i)
{
int n = snprintf (d->a, sizeof d->a, "%s%d", s->a, i);
if ((size_t)n > sizeof d->a)
abort ();
// use d->a
}
Many warnings have a non-zero false positive rate, certainly all those that
depend on data or flow analysis, but the vast majority of them, certainly all
those in -Wall and -Wextra, try to strike a reasonable balance between false
and true positives, based on building entire Linux distributions. If you're
confident that the rate of GCC warnings for your code is 100% then the
appropriate mechanism to let the compiler know that "you know what you're
doing" and don't need its help in detecting bugs is to turn warnings off,
either individually of wholesale via -w.
