This took me a bit to get to the bottom of, but I know believe
that we need to work both on the documentation and implementation
of -Wformat-length, in particular when it comes to floats.
#include <stdio.h>
typedef struct M {
float a, b, c;
} M;
char *foo(M *m) {
static char buf[64];
sprintf(buf, "%.2f %.2f %.2f", m->a, m->b, m->c);
return buf;
}
First of all, it turns out that floats are not covered in the
documentation at all. I've had a look at the code, and think
I'll be able to propose a doc change latest this coming weekend.
Now to what actually happens in the example above:
# gcc -c -o x.o -Wall x.c
x.c: In function ‘foo’:
x.c:9:24: warning: ‘%.2f’ directive writing between 4 and 317 bytes into a
region of size 0 [-Wformat-length=]
sprintf(buf, "%.2f %.2f %.2f", m->a, m->b, m->c);
^~~~
x.c:9:5: note: format output between 15 and 954 bytes into a destination of
size 64
sprintf(buf, "%.2f %.2f %.2f", m->a, m->b, m->c);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
A couple of issues I find really confusing:
- Where is the number of 317 bytes as the upper limit for a sole
%.2f coming from?
- Where is the number of 954 bytes coming from for the full call?
- What is a region of size 0? Why 0?
- And what is the difference between a region and a destination?
I'll see what I can do about documentation; any input on the above
related to that will be helpful.
And something tells me that there may be in issue with the diagnostics
code?
Gerald
