https://gcc.gnu.org/bugzilla/show_bug.cgi?id=78452
Bug ID: 78452
Summary: -Wformat-length=2 wrong length in %s directive with an
array argument
Product: gcc
Version: 7.0
Status: UNCONFIRMED
Severity: minor
Priority: P3
Component: middle-end
Assignee: unassigned at gcc dot gnu.org
Reporter: msebor at gcc dot gnu.org
Target Milestone: ---
When the -Wformat-length=2 option is used, in a call to sprintf with the %s
directive and an argument that refers to two or more arrays of different sizes
at least one of which is greater than the space in the destination, GCC issues
a warning as expected but indicates the wrong number of bytes is being written.
The test case below shows the problem. The second warning should say
something like
‘%-s’ directive writing up to 4 bytes into a region of size 3
$ cat x.c && /build/gcc-trunk-svn/gcc/xgcc -B /build/gcc-trunk-svn/gcc -O2 -S
-Wall -Wextra -Wpedantic -Wformat-length=2 x.c
char d[3];
const char s3[] = "123";
const char s4[] = "1234";
void f (int i)
{
const char *s = i < 0 ? s3 : s4;
__builtin_sprintf (d, "%-s", s); // warning (expected), bytes correct
}
char a3[3];
char a4[4];
void g (int i)
{
const char *s = i < 0 ? a3 : a4;
__builtin_sprintf (d, "%-s", s); // warning (expected), bytes wrong
}
x.c: In function ‘f’:
x.c:9:26: warning: ‘%-s’ directive writing between 3 and 4 bytes into a region
of size 3 [-Wformat-length=]
__builtin_sprintf (d, "%-s", s); // warning (expected), bytes correct
^~~
x.c:9:3: note: format output between 4 and 5 bytes into a destination of size 3
__builtin_sprintf (d, "%-s", s); // warning (expected), bytes correct
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
x.c: In function ‘g’:
x.c:18:26: warning: ‘%-s’ directive writing 1 or more bytes into a region of
size 3 [-Wformat-length=]
__builtin_sprintf (d, "%-s", s); // warning (expected), bytes wrong
^~~
x.c:18:3: note: format output 2 bytes into a destination of size 3
__builtin_sprintf (d, "%-s", s); // warning (expected), bytes wrong
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
