https://gcc.gnu.org/bugzilla/show_bug.cgi?id=78452
Bug ID: 78452 Summary: -Wformat-length=2 wrong length in %s directive with an array argument Product: gcc Version: 7.0 Status: UNCONFIRMED Severity: minor Priority: P3 Component: middle-end Assignee: unassigned at gcc dot gnu.org Reporter: msebor at gcc dot gnu.org Target Milestone: --- When the -Wformat-length=2 option is used, in a call to sprintf with the %s directive and an argument that refers to two or more arrays of different sizes at least one of which is greater than the space in the destination, GCC issues a warning as expected but indicates the wrong number of bytes is being written. The test case below shows the problem. The second warning should say something like ‘%-s’ directive writing up to 4 bytes into a region of size 3 $ cat x.c && /build/gcc-trunk-svn/gcc/xgcc -B /build/gcc-trunk-svn/gcc -O2 -S -Wall -Wextra -Wpedantic -Wformat-length=2 x.c char d[3]; const char s3[] = "123"; const char s4[] = "1234"; void f (int i) { const char *s = i < 0 ? s3 : s4; __builtin_sprintf (d, "%-s", s); // warning (expected), bytes correct } char a3[3]; char a4[4]; void g (int i) { const char *s = i < 0 ? a3 : a4; __builtin_sprintf (d, "%-s", s); // warning (expected), bytes wrong } x.c: In function ‘f’: x.c:9:26: warning: ‘%-s’ directive writing between 3 and 4 bytes into a region of size 3 [-Wformat-length=] __builtin_sprintf (d, "%-s", s); // warning (expected), bytes correct ^~~ x.c:9:3: note: format output between 4 and 5 bytes into a destination of size 3 __builtin_sprintf (d, "%-s", s); // warning (expected), bytes correct ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ x.c: In function ‘g’: x.c:18:26: warning: ‘%-s’ directive writing 1 or more bytes into a region of size 3 [-Wformat-length=] __builtin_sprintf (d, "%-s", s); // warning (expected), bytes wrong ^~~ x.c:18:3: note: format output 2 bytes into a destination of size 3 __builtin_sprintf (d, "%-s", s); // warning (expected), bytes wrong ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~