https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87034
Bug ID: 87034
Summary: [9 Regression] missing -Wformat-overflow on a sprintf
%s with a wide string
Product: gcc
Version: 9.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: tree-optimization
Assignee: unassigned at gcc dot gnu.org
Reporter: msebor at gcc dot gnu.org
Target Milestone: ---
GCC 8 diagnoses the buffer overflow in the test case below, albeit with a
message that isn't entirely accurate. However, as a result of r263607 GCC 9 no
longer does.
$ cat f.c && gcc -O2 -S -Wall f.c
typedef __WCHAR_TYPE__ wchar_t;
extern int sprintf (char*, const char*, ...);
struct S
{
char a[2];
void (*pf)(void);
};
void test (struct S *p)
{
const char *q = (char*)L"\x41424344\x45464748";
sprintf (p->a, "%s", q);
}
f.c: In function ‘test’:
f.c:15:21: warning: ‘sprintf’ writing a terminating nul past the end of the
destination [-Wformat-overflow=]
sprintf (p->a, "%s", q);
^
f.c:15:3: note: ‘sprintf’ output 3 bytes into a destination of size 2
sprintf (p->a, "%s", q);
^~~~~~~~~~~~~~~~~~~~~~~
