https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106711
Bug ID: 106711 Summary: Incorrect format overflow warning with previously checked strings Product: gcc Version: 12.2.0 Status: UNCONFIRMED Severity: normal Priority: P3 Component: c Assignee: unassigned at gcc dot gnu.org Reporter: ljrk at ljrk dot org Target Milestone: --- GCC complains about the following code snippet: #include <string.h> #include <limits.h> #include <stdio.h> char *mwe(char outbuf[PATH_MAX], char *in1, char *in2) { if (strlen(in1) + 2 + strlen(in2) <= PATH_MAX) { (void)sprintf(outbuf, "%s/%s", in1, in2); return (outbuf); } return (NULL); } with: $ gcc -O2 -Wall -c -o mwe.o mwe.c mwe.c: In function ‘mwe’: mwe.c:9:43: warning: ‘%s’ directive writing up to 4094 bytes into a region of size between 1 and 4095 [-Wformat-overflow=] 9 | (void)sprintf(outbuf, "%s/%s", in1, in2); | ^~ mwe.c:9:23: note: ‘sprintf’ output between 2 and 8190 bytes into a destination of size 4096 9 | (void)sprintf(outbuf, "%s/%s", in1, in2); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Ideally, GCC could record the condition in the if-statement and compare it to the formula implictly given for the length with sprintf as `strlen(in1)+1+strlen(in2)+1` to check whether this condition is already checked for. I couldn't find an existing bug tracking this but maybe I've just looked at the wrong place?