This is the mail archive of the gcc-bugs@gcc.gnu.org mailing list for the GCC project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

[Bug c/79692] New: -Wformat-overflow false positive?

From: "sirl at gcc dot gnu.org" <gcc-bugzilla at gcc dot gnu dot org>
To: gcc-bugs at gcc dot gnu dot org
Date: Thu, 23 Feb 2017 16:32:55 +0000
Subject: [Bug c/79692] New: -Wformat-overflow false positive?
Auto-submitted: auto-generated

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=79692

            Bug ID: 79692
           Summary: -Wformat-overflow false positive?
           Product: gcc
           Version: 7.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: c
          Assignee: unassigned at gcc dot gnu.org
          Reporter: sirl at gcc dot gnu.org
  Target Milestone: ---

Created attachment 40820
  --> https://gcc.gnu.org/bugzilla/attachment.cgi?id=40820&action=edit
testcase

With trunk r245678 on x86_64 the attached testcase prints these warnings:

gcc-trunk -Wformat-overflow -O2 -c test-sprintf-2.c 
test-sprintf-2.c: In function 'test':
test-sprintf-2.c:90:32: warning: '%0*lX' directive writing between 1 and
2147483648 bytes into a region of size 76 [-Wformat-overflow=]
       sprintf (buffer, "1: %s%c%0*lX %s%c%0*lX", reg, sFrom, nFrom,
                                ^~~~~
test-sprintf-2.c:90:24: note: directive argument in the range [0,
4611686018427387904]
       sprintf (buffer, "1: %s%c%0*lX %s%c%0*lX", reg, sFrom, nFrom,
                        ^~~~~~~~~~~~~~~~~~~~~~~~
test-sprintf-2.c:90:24: note: directive argument in the range [0,
4611686018427387904]
test-sprintf-2.c:90:7: note: 'sprintf' output 9 or more bytes (assuming
4294967303) into a destination of size 80
       sprintf (buffer, "1: %s%c%0*lX %s%c%0*lX", reg, sFrom, nFrom,
       ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         (uint64_t) from, reg, sTo, nTo, (uint64_t) to);
         ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
test-sprintf-2.c:109:29: warning: '%0*lX' directive writing between 1 and
2147483648 bytes into a region of size 76 [-Wformat-overflow=]
    sprintf (buffer, "2: %s%c%0*lX %0*lX", reg, sFrom, nFrom,
                             ^~~~~
test-sprintf-2.c:109:21: note: directive argument in the range [0,
4611686018427387904]
    sprintf (buffer, "2: %s%c%0*lX %0*lX", reg, sFrom, nFrom,
                     ^~~~~~~~~~~~~~~~~~~~
test-sprintf-2.c:109:4: note: 'sprintf' output 8 or more bytes (assuming
2147483655) into a destination of size 80
    sprintf (buffer, "2: %s%c%0*lX %0*lX", reg, sFrom, nFrom,
    ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      (uint64_t) from, nLen, (uint64_t) len);
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

To me it seems it shouldn't warn. PR 79275 looks like a variant of this problem
and was already fixed.

Follow-Ups:
- [Bug c/79692] -Wformat-overflow false positive?
  - From: msebor at gcc dot gnu.org
- [Bug c/79692] [7 Regression] -Wformat-overflow false positive?
  - From: rguenth at gcc dot gnu.org
- [Bug c/79692] [7 Regression] -Wformat-overflow false positive with unknown width
  - From: msebor at gcc dot gnu.org
- [Bug c/79692] [7 Regression] -Wformat-overflow false positive with unknown width
  - From: sirl at gcc dot gnu.org

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]