https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103835
Bug ID: 103835 Summary: Bogus sprintf warnings Product: gcc Version: 11.2.0 Status: UNCONFIRMED Severity: normal Priority: P3 Component: c Assignee: unassigned at gcc dot gnu.org Reporter: lavr at ncbi dot nlm.nih.gov Target Milestone: --- Please address these warnings because they create more noise than they help! $ cat test.c #include <stdio.h> #include <stdlib.h> #include <string.h> const char* fun(char* buf, const char* pfx, int a, int b) { sprintf(buf, "%sa = %d\n" "%sb = %d\n", pfx, a, pfx, b); return buf; } int main(int argc, char* argv[]) { char buf[500]; const char* str; strcpy(buf, "\t"); str = fun(buf + strlen(buf) + 1, buf, atoi(argv[1]), atoi(argv[2])); printf("%s\n", str); return 0; } $ gcc --version gcc (GCC) 11.2.0 Copyright (C) 2021 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. $ gcc -Wall -O6 test.c test.c: In function ‘main’: test.c:8:21: warning: ‘a = ’ directive writing 4 bytes into a region of size between 0 and 499 [-Wformat-overflow=] 8 | sprintf(buf, "%sa = %d\n" | ^~~~ test.c:8:5: note: ‘sprintf’ output between 13 and 1031 bytes into a destination of size 499 8 | sprintf(buf, "%sa = %d\n" | ^~~~~~~~~~~~~~~~~~~~~~~~~ 9 | "%sb = %d\n", | ~~~~~~~~~~~~~ 10 | pfx, a, pfx, b); | ~~~~~~~~~~~~~~~ test.c:8:5: warning: ‘sprintf’ arguments 3, 5 may overlap destination object ‘buf’ [-Wrestrict] test.c:17:10: note: destination object referenced by ‘restrict’-qualified argument 1 was declared here 17 | char buf[500]; | ^~~ It's clear that the destination buffer will NOT overlap with anything related to "pfx" in the fun() function. Is also clear that output will NOT contain that many characters that the warning claims (up to 1031). If GCC can't estimate the length for sure, it's better NOT to emit any warnings, rather than printing this annoying noise. Please be mindful of your users -- and their time to re-analyze the code that suddenly is now flagged with these senseless warnings, only to realize that it's all red herring. Thank you