https://gcc.gnu.org/bugzilla/show_bug.cgi?id=77708
Bug ID: 77708
Summary: -Wformat-length %s warns for snprintf
Product: gcc
Version: 7.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: c
Assignee: unassigned at gcc dot gnu.org
Reporter: nsz at gcc dot gnu.org
Target Milestone: ---
snprintf does not do oob memory access, so if the return value is checked then,
there should be no buffer overflow warning.
$ cat a.c
int snprintf (char*, __SIZE_TYPE__, const char*, ...);
struct { char buf[12]; } s;
int f(void)
{
char foo[7];
return snprintf(foo, sizeof foo, "zz%s", s.buf) >= sizeof foo;
}
$ gcc -c -Wall a.c
a.c: In function 'f':
a.c:8:10: warning: '%s' directive output may be truncated writing between 0 and
11 bytes into a region of size 5 [-Wformat-length=]
return snprintf(foo, sizeof foo, "zz%s", s.buf) >= sizeof foo;
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
a.c:8:10: note: format output between 3 and 14 bytes into a destination of size
7
