https://gcc.gnu.org/bugzilla/show_bug.cgi?id=78520
Bug ID: 78520 Summary: missing warning for snprintf with size greater than INT_MAX Product: gcc Version: 7.0 Status: UNCONFIRMED Severity: normal Priority: P3 Component: middle-end Assignee: unassigned at gcc dot gnu.org Reporter: msebor at gcc dot gnu.org Target Milestone: --- The -Wformat-length option diagnoses calls to snprintf that specify a buffer size in excess of SIZE_MAX / 2. But since the function cannot meaningfully write more output than INT_MAX bytes, specifying a buffer larger than INT_MAX + 1 effectively disables any bounds checking done by it and is therefore likely a mistake on the part of the caller. The warning should treat any size greater than the smaller of INT_MAX + 1 and SIZE_MAX / 2 as too large. $ cat a.c && gcc -O2 -S -Wall -Wextra -Wpedantic a.c void f (char *d, const char *s) { __SIZE_TYPE__ n = __SIZE_MAX__ / 2 + 1; __builtin_snprintf (d, n, "%-s", s); } void g (char *d, const char *s) { __SIZE_TYPE__ n = __INT_MAX__ + 1LU; __builtin_snprintf (d, n, "%-s", s); } a.c: In function âfâ: a.c:5:3: warning: specified destination size 9223372036854775808 too large [-Wformat-length=] __builtin_snprintf (d, n, "%-s", s); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~