https://gcc.gnu.org/bugzilla/show_bug.cgi?id=80354
--- Comment #3 from Martin Sebor <msebor at gcc dot gnu.org> --- The warning does just what it's designed to do: point out the potential unhandled truncation. If the argument values are such that the truncation cannot occur then using snprintf is unnecessary and sprintf can be used instead. Otherwise, if there is a combination of argument values that can result in truncation a warning is issued. Note that the length of output produced by each directive can be constrained by specifying a precision for %s (e.g., "%.24s" if arena->m_name in the LibreOffice code cannot be longer than 24 characters), or by asserting that an integer argument is in some limited range of its type (or by using a narrower type to store it). Like all warnings that depend on data flow analysis it is subject to false positives but there is no evidence to suggest that on balance it's unhelpful or difficult to use. Quite the contrary.