This is the mail archive of the gcc-bugs@gcc.gnu.org mailing list for the GCC project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

[Bug c/81401] New: False positive sprintf warning at O2 (-Wformat-overflow)

From: "catwell-gcc at catwell dot info" <gcc-bugzilla at gcc dot gnu dot org>
To: gcc-bugs at gcc dot gnu dot org
Date: Tue, 11 Jul 2017 21:47:00 +0000
Subject: [Bug c/81401] New: False positive sprintf warning at O2 (-Wformat-overflow)
Auto-submitted: auto-generated

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=81401

            Bug ID: 81401
           Summary: False positive sprintf warning at O2
                    (-Wformat-overflow)
           Product: gcc
           Version: 7.1.1
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: c
          Assignee: unassigned at gcc dot gnu.org
          Reporter: catwell-gcc at catwell dot info
  Target Milestone: ---

Using GCC 7.1.1, with:


#include <stdio.h>
int main () {
    int i; char obuf[3];
    int start = 0x00;
    for (i = start; i <= 0xff; ++i) {
        sprintf(obuf, "%02x", i);
    }
    return 0;
}


I get:


demo.c: In function ‘main’:
demo.c:6:23: warning: ‘sprintf’ may write a terminating nul past the end of the
destination [-Wformat-overflow=]
         sprintf(obuf, "%02x", i);
                       ^~~~~~
demo.c:6:9: note: ‘sprintf’ output between 3 and 4 bytes into a destination of
size 3
         sprintf(obuf, "%02x", i);
         ^~~~~~~~~~~~~~~~~~~~~~~~


At O1 I don't get the warning.

If I set `start` to `0xfb` or `0xfc`, I get the same warning. If I set it to
`0xfe` or `0xff` I don't get a warning. If I set it to `0xfd` I get the warning
*twice*:


demo.c: In function ‘main’:
demo.c:6:23: warning: ‘sprintf’ may write a terminating nul past the end of the
destination [-Wformat-overflow=]
         sprintf(obuf, "%02x", i);
                       ^~~~~~
demo.c:6:9: note: ‘sprintf’ output between 3 and 4 bytes into a destination of
size 3
         sprintf(obuf, "%02x", i);
         ^~~~~~~~~~~~~~~~~~~~~~~~
demo.c:6:23: warning: ‘sprintf’ may write a terminating nul past the end of the
destination [-Wformat-overflow=]
         sprintf(obuf, "%02x", i);
                       ^~~~~~
demo.c:6:9: note: ‘sprintf’ output between 3 and 4 bytes into a destination of
size 3
         sprintf(obuf, "%02x", i);
         ^~~~~~~~~~~~~~~~~~~~~~~~

I was advised to open a new bug for this at [1] even though it looks similar to
[2].

[1] https://gcc.gnu.org/bugzilla/show_bug.cgi?id=79257#c8
[2] https://gcc.gnu.org/bugzilla/show_bug.cgi?id=78969#c4

Follow-Ups:
- [Bug tree-optimization/81401] False positive sprintf warning at O2 (-Wformat-overflow)
  - From: pinskia at gcc dot gnu.org
- [Bug tree-optimization/81401] False positive sprintf warning at O2 (-Wformat-overflow)
  - From: marxin at gcc dot gnu.org

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]