https://gcc.gnu.org/bugzilla/show_bug.cgi?id=124393
Bug ID: 124393
Summary: format string vulnerability warning not shown
Product: gcc
Version: 15.2.1
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: c
Assignee: unassigned at gcc dot gnu.org
Reporter: marcomeinardi01 at gmail dot com
Target Milestone: ---
While compiling a program with an obvious format string vulnerability, the
-Wformat-security warning is not shown. This warning was always shown in
previous versions of gcc (I tested on 15.2.0), even with no flags passed to
gcc, while in 15.2.1, even passing -Wextra -Wall doesn't make the warning to
appear, you instead need to specify -Wformat-security or -Wformat=2.
I feel like this warning should always be shown since ignoring it, can lead to
critical vulnerabilities.
