subject:"\[Bug c\/71501\] missing warning on printf %s with a non\-nul terminated string"

[Bug c/71501] missing warning on printf %s with a non-nul terminated string

2019-02-10 Thread msebor at gcc dot gnu.org

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=71501

Martin Sebor  changed:

   What|Removed |Added

  Known to fail||4.8.5, 4.9.4, 5.4.0, 6.4.0,
   ||7.3.0, 8.2.0, 9.0

--- Comment #4 from Martin Sebor  ---
GCC 8 and 9 detect the unterminated strncpy call but not yet passing the result
to printf.  I'm hoping to do it in GCC 10.

$ gcc -O2 -S -Wall pr71501.c 
pr71501.c: In function ‘main’:
pr71501.c:7:9: warning: unused variable ‘n’ [-Wunused-variable]
   char *n = "12345";
 ^
pr71501.c:9:3: warning: ‘strncpy’ output truncated before terminating nul
copying 5 bytes from a string of the same length [-Wstringop-truncation]
   strncpy(c, "12345", 5);
   ^~


GCC 9 detects some very simple cases of passing unterminated arrays to printf:

$ cat z.c && gcc -O2 -S -Wall z.c 
const char a[] = { '1', '2', '3' };

void f (void)
{
  __builtin_printf ("%s", a);
}
z.c: In function ‘f’:
z.c:5:22: warning: ‘%s’ directive argument is not a nul-terminated string
[-Wformat-overflow=]
5 |   __builtin_printf ("%s", a);
  |  ^~   ~
z.c:1:12: note: referenced argument declared here
1 | const char a[] = { '1', '2', '3' };
  |^

[Bug c/71501] missing warning on printf %s with a non-nul terminated string

2018-01-25 Thread msebor at gcc dot gnu.org

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=71501

Martin Sebor  changed:

   What|Removed |Added

 CC||prathamesh3492 at gcc dot 
gnu.org

--- Comment #3 from Martin Sebor  ---
*** Bug 83959 has been marked as a duplicate of this bug. ***

[Bug c/71501] missing warning on printf %s with a non-nul terminated string

2016-09-21 Thread msebor at gcc dot gnu.org

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=71501
Bug 71501 depends on bug 49905, which changed state.

Bug 49905 Summary: Better sanity checking on sprintf src & dest to produce 
warning for dodgy code ?
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=49905

   What|Removed |Added

 Status|REOPENED|RESOLVED
 Resolution|--- |FIXED

[Bug c/71501] missing warning on printf %s with a non-nul terminated string

2016-09-21 Thread dcb314 at hotmail dot com

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=71501
Bug 71501 depends on bug 49905, which changed state.

Bug 49905 Summary: Better sanity checking on sprintf src & dest to produce 
warning for dodgy code ?
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=49905

   What|Removed |Added

 Status|RESOLVED|REOPENED
 Resolution|FIXED   |---

[Bug c/71501] missing warning on printf %s with a non-nul terminated string

2016-09-20 Thread msebor at gcc dot gnu.org

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=71501
Bug 71501 depends on bug 49905, which changed state.

Bug 49905 Summary: Better sanity checking on sprintf src & dest to produce 
warning for dodgy code ?
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=49905

   What|Removed |Added

 Status|ASSIGNED|RESOLVED
 Resolution|--- |FIXED

[Bug c/71501] missing warning on printf %s with a non-nul terminated string

2016-06-11 Thread msebor at gcc dot gnu.org

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=71501

Martin Sebor  changed:

   What|Removed |Added

   Keywords||diagnostic
 Status|UNCONFIRMED |NEW
   Last reconfirmed||2016-06-11
 CC||msebor at gcc dot gnu.org
 Depends on||49905, 71296
Summary|printf %s error on str[5],  |missing warning on printf
   |for example: strncpy(str,   |%s with a non-nul
   |"12345", 5) |terminated string
 Ever confirmed|0   |1
   Severity|normal  |enhancement

--- Comment #2 from Martin Sebor  ---
Right, the test case is invalid.  But it would be helpful if GCC issued a
warning for it.

With optimization, tree-ssa-strlen.c is able to detect that the array created
by strncpy isn't NUL-terminated.  Printf should be able to use that information
to diagnose its use in a %s directive.  The latter depends on bug 49905 being
resolved in a smart way, and on __builtin_printf being hooked into the strlen
optimization.  Similarly, other string manipulation functions should be able to
detect the same problem (this part is the subject of bug 71296).

Since this is related to something I'm investigating I'll take the liberty to
confirm this report as an enhancement request for such a warning.


Referenced Bugs:

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=49905
[Bug 49905] Better sanity checking on sprintf src & dest to produce warning for
dodgy code ?
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=71296
[Bug 71296] missing warning on strcat appending to a non-string

[Bug c/71501] missing warning on printf %s with a non-nul terminated string

[Bug c/71501] missing warning on printf %s with a non-nul terminated string

[Bug c/71501] missing warning on printf %s with a non-nul terminated string

[Bug c/71501] missing warning on printf %s with a non-nul terminated string

[Bug c/71501] missing warning on printf %s with a non-nul terminated string

[Bug c/71501] missing warning on printf %s with a non-nul terminated string

6 matches

Site Navigation

Mail list logo

Footer information