On 11/29/2016 09:32 AM, Martin Sebor wrote:
On 11/29/2016 08:38 AM, Gerald Pfeifer wrote:
This took me a bit to get to the bottom of, but I know believe
that we need to work both on the documentation and implementation
of -Wformat-length, in particular when it comes to floats.
#include <stdio.h>
typedef struct M {
float a, b, c;
} M;
char *foo(M *m) {
static char buf[64];
sprintf(buf, "%.2f %.2f %.2f", m->a, m->b, m->c);
return buf;
}
First of all, it turns out that floats are not covered in the
documentation at all. I've had a look at the code, and think
I'll be able to propose a doc change latest this coming weekend.
Thanks for looking at this and bringing it up for discussion!
Suggestions for improvements are very welcome and appreciated.
Now to what actually happens in the example above:
# gcc -c -o x.o -Wall x.c
x.c: In function ‘foo’:
x.c:9:24: warning: ‘%.2f’ directive writing between 4 and 317 bytes
into a region of size 0 [-Wformat-length=]
sprintf(buf, "%.2f %.2f %.2f", m->a, m->b, m->c);
^~~~
x.c:9:5: note: format output between 15 and 954 bytes into a
destination of size 64
sprintf(buf, "%.2f %.2f %.2f", m->a, m->b, m->c);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
After spending some more time on this I think I see the problem
you are pointing out: this is a false positive at level 1 of the
warning. I opened bug 78605 for it with a slightly modified test
case. Please chime in on it if I missed something.
Thanks
Martin
