https://gcc.gnu.org/bugzilla/show_bug.cgi?id=78519
Bug ID: 78519
Summary: missing warning for sprintf %s with null pointer
Product: gcc
Version: 7.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: middle-end
Assignee: unassigned at gcc dot gnu.org
Reporter: msebor at gcc dot gnu.org
Target Milestone: ---
In the following program GCC diagnoses with -Wformat the invalid call to
sprintf in f but misses the same problem in g because the checker runs too
early to see the null. The problem could trivially be detected by the
gimple-ssa-sprintf pass.
$ cat a.c && /build/gcc-svn/gcc/xgcc -B /build/gcc-svn/gcc -O2 -S -Wall -Wextra
-Wpedantic a.c
char d[2];
void f (void)
{
__builtin_sprintf (d, "%s", (char*)0);
}
void g (void)
{
char *s = 0;
__builtin_sprintf (d, "%s", s);
}
a.c: In function âfâ:
a.c:5:3: warning: reading through null pointer (argument 3) [-Wformat=]
__builtin_sprintf (d, "%s", (char*)0);
^~~~~~~~~~~~~~~~~
