On Tue, Jul 12, 2016 at 11:51:50AM +0200, Florian Weimer wrote:
On 07/01/2016 08:15 PM, Martin Sebor wrote:
The attached patch enhances compile-time checking for buffer overflow
and output truncation in non-trivial calls to the sprintf family of
functions under a new option -Wformat-length=[12]. This initial
patch handles printf directives with string, integer, and simple
floating arguments but eventually I'd like to extend it all other
functions and directives for which it makes sense.
I tried your patch with the following code, which is close to a real-world
example:
#include <stdio.h>
void print (const char *);
void
format_1 (unsigned address)
{
unsigned char a = address >> 24;
unsigned char b = address >> 16;
unsigned char c = address >> 8;
unsigned char d = address;
char buf[15];
sprintf ("%u.%u.%u.%u", buf, a, b, c, d);
Are you sure this is real-world code? sprintf's first argument is the
buffer and second the format string, so if this doesn't warn at compile
time, it will surely crash at runtime when trying to store into .rodata.