This is the mail archive of the
mailing list for the GCC project.
Re: sprintf warning on overlapping output
On 09/26/2016 09:20 AM, Florian Weimer wrote:
Probably not a bad idea. memstomp doesn't catch it for sprintf &
friends -- it was deemed too painful to detect :-)
* Jeff Law:
On 09/25/2016 03:46 AM, Bernd Edlinger wrote:
in the past I have seen (and fixed) code like
sprintf(buf, "%s %d", buf, x);
that may possibly work by chance, but usually
produces undefined results.
Do you see a way to enhance the warning for cases
where the output buffer overlaps an input buffer?
ISTM you really need strong PTA analysis here to nail down the
pointers to a single object, then you can query their ranges and look
We could detect this at run time in glibc with reasonable cost, I
think. We should probably introduce new symbol versions if we do
that, to avoid breaking existing applications needlessly.
That just encourages developers to write non-portable code. I'd rather
see this kind of thing halt the program in its tracks before wandering
into the realm of undefined or implementation defined behavior.
Or we could make this well-defined because it is such a useful