https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106711
Bug ID: 106711
Summary: Incorrect format overflow warning with previously
checked strings
Product: gcc
Version: 12.2.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: c
Assignee: unassigned at gcc dot gnu.org
Reporter: ljrk at ljrk dot org
Target Milestone: ---
GCC complains about the following code snippet:
#include <string.h>
#include <limits.h>
#include <stdio.h>
char *mwe(char outbuf[PATH_MAX], char *in1, char *in2)
{
if (strlen(in1) + 2 + strlen(in2) <= PATH_MAX) {
(void)sprintf(outbuf, "%s/%s", in1, in2);
return (outbuf);
}
return (NULL);
}
with:
$ gcc -O2 -Wall -c -o mwe.o mwe.c
mwe.c: In function ‘mwe’:
mwe.c:9:43: warning: ‘%s’ directive writing up to 4094 bytes into a
region of size between 1 and 4095 [-Wformat-overflow=]
9 | (void)sprintf(outbuf, "%s/%s", in1, in2);
| ^~
mwe.c:9:23: note: ‘sprintf’ output between 2 and 8190 bytes into a
destination of size 4096
9 | (void)sprintf(outbuf, "%s/%s", in1, in2);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Ideally, GCC could record the condition in the if-statement and compare it to
the formula implictly given for the length with sprintf as
`strlen(in1)+1+strlen(in2)+1` to check whether this condition is already
checked for.
I couldn't find an existing bug tracking this but maybe I've just looked at the
wrong place?
