Date: Mon, 18 Mar 2019 11:30:49 +1100 From: matthew green <m...@eterna.com.au> Message-ID: <29602.1552869...@splode.eterna.com.au>
| Martin Husemann writes: | > IMO the most stupid warning ever added to gcc. I would just disable it for | > newer gcc. | | i don't agree. some times it is very difficult to avoid and | it sometimes misdiagnoses the problem but it found a couple | of dozen real bugs where user input would lead to segv, so it | has clear value in my mind. I agree with Martin - and I fail to see how getting a truncated string (this is snprintf, no sprintf) could lead to a segv, ever (or if it did, the problem is elsewhere). It could lead to using the incorrect data (in this case presumanly attempting to open/create an unintended file) which might be bad, sometimes (just cause app failure in this case most likely - /tmp/battery/* is not any kind of critical path). But worse in this kind of usage, almost every occurrence of %s in a sprintf (that is, not %.Ns) would need to generate the warning, as there's no way that the compiler can know, for certain, that a variable string passed in will be properly \0 terminated within its apparent max size. It can guess sometimes, but it can never really know, unless it is a constant string. kre