On Tue, Jul 12, 2016 at 11:51:50AM +0200, Florian Weimer wrote:
> On 07/01/2016 08:15 PM, Martin Sebor wrote:
> >The attached patch enhances compile-time checking for buffer overflow
> >and output truncation in non-trivial calls to the sprintf family of
> >functions under a new option -Wformat-length=[12]. This initial
> >patch handles printf directives with string, integer, and simple
> >floating arguments but eventually I'd like to extend it all other
> >functions and directives for which it makes sense.
>
> I tried your patch with the following code, which is close to a real-world
> example:
>
> #include <stdio.h>
>
> void print (const char *);
>
> void
> format_1 (unsigned address)
> {
> unsigned char a = address >> 24;
> unsigned char b = address >> 16;
> unsigned char c = address >> 8;
> unsigned char d = address;
> char buf[15];
> sprintf ("%u.%u.%u.%u", buf, a, b, c, d);
Are you sure this is real-world code? sprintf's first argument is the
buffer and second the format string, so if this doesn't warn at compile
time, it will surely crash at runtime when trying to store into .rodata.
Jakub
