[Bug tree-optimization/80776] -Wformat-overflow false positive for %d on integer bounded by __builtin_unreachable

msebor at gcc dot gnu.org gcc-bugzilla@gcc.gnu.org
Wed Mar 4 17:43:00 GMT 2020 

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=80776

Martin Sebor <msebor at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
   Last reconfirmed|2017-05-16 00:00:00         |2020-3-4
           See Also|                            |https://gcc.gnu.org/bugzill
                   |                            |a/show_bug.cgi?id=94021
      Known to fail|6.3.0, 7.1.0                |10.0, 6.4.0, 7.5.0, 8.4.0,
                   |                            |9.2.0

--- Comment #7 from Martin Sebor <msebor at gcc dot gnu.org> ---
Reconfirming that test case in comment #2 still triggers the warning in GCC 10.
 The dump shows that the warning thinks the fifth directive (%02d) generates
between 2 and 10 bytes of output.  The symptoms feel similar to pr94021 but I
haven't looked into whether they underlying root causes are related.

    Result: 2, 10, 10, 10 (12, 20, 20, 20)

$ gcc -O2 -S -Wall -fdump-tree-strlen=/dev/stdout pr80776-c2.c 

;; Function f (f, funcdef_no=0, decl_uid=1936, cgraph_uid=1, symbol_order=1)

;; 1 loops found
;;
;; Loop 0
;;  header 0, latch 1
;;  depth 0, outer -1
;;  nodes: 0 1 2
;; 2 succs { 1 }
pr80776-c2.c:14: __builtin_sprintf: objsize = 15, fmtstr =
"%04d%02d%02d%02d%02d%02d"
  Directive 1 at offset 0: "%04d"
    Result: 4, 4, 4, 4 (4, 4, 4, 4)
  Directive 2 at offset 4: "%02d"
    Result: 2, 2, 2, 2 (6, 6, 6, 6)
  Directive 3 at offset 8: "%02d"
    Result: 2, 2, 2, 2 (8, 8, 8, 8)
  Directive 4 at offset 12: "%02d"
    Result: 2, 2, 2, 2 (10, 10, 10, 10)
  Directive 5 at offset 16: "%02d"
pr80776-c2.c: In function ‘f’:
pr80776-c2.c:14:44: warning: ‘%02d’ directive writing between 2 and 10 bytes
into a region of size 5 [-Wformat-overflow=]
   14 |   __builtin_sprintf (buf, "%04d%02d%02d%02d%02d%02d", a, b, c, d, e,
f);
      |                                            ^~~~
pr80776-c2.c:14:27: note: directive argument in the range [0, 2147483647]
   14 |   __builtin_sprintf (buf, "%04d%02d%02d%02d%02d%02d", a, b, c, d, e,
f);
      |                           ^~~~~~~~~~~~~~~~~~~~~~~~~~
    Result: 2, 10, 10, 10 (12, 20, 20, 20)
  Directive 6 at offset 20: "%02d"
pr80776-c2.c:14:27: note: directive argument in the range [0, 60]
    Result: 2, 2, 2, 2 (14, 22, 22, 22)
  Directive 7 at offset 24: "", length = 1
pr80776-c2.c:14:3: note: ‘__builtin_sprintf’ output between 15 and 23 bytes
into a destination of size 15
   14 |   __builtin_sprintf (buf, "%04d%02d%02d%02d%02d%02d", a, b, c, d, e,
f);
      |   ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

f (int a, int b, int c, int d, int e, int f)
{
  <bb 2> [local count: 1073741824]:
  __builtin_sprintf (&buf, "%04d%02d%02d%02d%02d%02d", a_14(D), b_15(D),
c_16(D), d_17(D), e_18(D), f_19(D));
  return;

}

More information about the Gcc-bugs mailing list