https://gcc.gnu.org/bugzilla/show_bug.cgi?id=78519
Bug ID: 78519 Summary: missing warning for sprintf %s with null pointer Product: gcc Version: 7.0 Status: UNCONFIRMED Severity: normal Priority: P3 Component: middle-end Assignee: unassigned at gcc dot gnu.org Reporter: msebor at gcc dot gnu.org Target Milestone: --- In the following program GCC diagnoses with -Wformat the invalid call to sprintf in f but misses the same problem in g because the checker runs too early to see the null. The problem could trivially be detected by the gimple-ssa-sprintf pass. $ cat a.c && /build/gcc-svn/gcc/xgcc -B /build/gcc-svn/gcc -O2 -S -Wall -Wextra -Wpedantic a.c char d[2]; void f (void) { __builtin_sprintf (d, "%s", (char*)0); } void g (void) { char *s = 0; __builtin_sprintf (d, "%s", s); } a.c: In function âfâ: a.c:5:3: warning: reading through null pointer (argument 3) [-Wformat=] __builtin_sprintf (d, "%s", (char*)0); ^~~~~~~~~~~~~~~~~