My general inclination is to ask this to wait for gcc-8 as it is not a
regression, but instead a false positive in a new warning.
So as I mentioned in my message to Joseph, I'm going to go with Joseph &
Jakub's view that this should be considered a regression.
Okay. I'll wait for your approval of the patch then (with the fix
for the typo you pointed out).
My biggest concern with being more aggressive than that (besides
the pushback) is that I can't think of a good function to compute
the size (it can't very well be a constant).
Presumably the argument against simply giving up and not checking at all
is that by assuming length 1, we can still check all the other arguments
and perhaps still give a warning if the sprintf overflows when the
unbound string is essentially ignored?
That's right. Since assuming the length of an unknown string is zero
is always safe, ignoring the rest of the format when one is found never
even crossed my mind. There are other problems we can find if we keep
going that don't necessarily depend on our knowledge of the string
length. (E.g., excessive widths and precisions, null string pointers,
or even unterminated character arrays if/when that is implemented,
etc.)
Martin
