https://gcc.gnu.org/bugzilla/show_bug.cgi?id=117369
--- Comment #3 from GCC Commits <cvs-commit at gcc dot gnu.org> --- The master branch has been updated by David Malcolm <[email protected]>: https://gcc.gnu.org/g:29ad594504dcc1fa736d7305e5a853c08e4e4180 commit r16-7470-g29ad594504dcc1fa736d7305e5a853c08e4e4180 Author: David Malcolm <[email protected]> Date: Wed Feb 11 20:49:44 2026 -0500 analyzer: fix false +ve buffer overflow on sprintf [PR117369] gcc/analyzer/ChangeLog: PR analyzer/117369 * kf.cc (kf_sprintf::impl_call_pre): Use the capacity of the region when "faking" a write to the destination buffer, to avoid buffer overflow false +ves. gcc/testsuite/ChangeLog: PR analyzer/117369 * c-c++-common/analyzer/sprintf-pr117369.c: New test. * gcc.dg/analyzer/doom-d_main-IdentifyVersion.c: Update expected results to reflect complexity limits being hit earlier. Signed-off-by: David Malcolm <[email protected]>
