This is the mail archive of the gcc@gcc.gnu.org mailing list for the GCC project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: sprintf warning on overlapping output

From: Florian Weimer <fw at deneb dot enyo dot de>
To: Jeff Law <law at redhat dot com>
Cc: Bernd Edlinger <bernd at edlinger-online dot de>, Martin Sebor <msebor at redhat dot com>, "gcc\@gcc.gnu.org" <gcc at gcc dot gnu dot org>
Date: Mon, 26 Sep 2016 17:48:43 +0200
Subject: Re: sprintf warning on overlapping output
Authentication-results: sourceware.org; auth=none
References: <57E79CD9.2080903@edlinger-online.de> <3f8c14ef-59df-05b5-e30f-8eb7909406db@redhat.com> <87zimuwuvl.fsf@mid.deneb.enyo.de> <84aecd16-a874-f800-9228-734c68e9c8d6@redhat.com>

* Jeff Law:

>>>> sprintf(buf, "%s %d", buf, x);

>> Or we could make this well-defined because it is such a useful
>> extension.

> That just encourages developers to write non-portable code.  I'd
> rather see this kind of thing halt the program in its tracks before
> wandering into the realm of undefined or implementation defined
> behavior.

But then the programmer will likely write something like this:

  sprintf(buf + strlen (buf), "%d", x);

Or perhaps even:

  snprintf(buf + strlen (buf), sizeof (buf), "%d", x);

(This passes an incorrect size.)

As far as I can tell, this idiom currently prevents
__builtin_object_size from providing useful data and makes us lose
fortify protection, while Bernd's original code has it.

References:
- sprintf warning on overlapping output
  - From: Bernd Edlinger
- Re: sprintf warning on overlapping output
  - From: Jeff Law
- Re: sprintf warning on overlapping output
  - From: Florian Weimer
- Re: sprintf warning on overlapping output
  - From: Jeff Law

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]