https://gcc.gnu.org/bugzilla/show_bug.cgi?id=78520
Bug ID: 78520
Summary: missing warning for snprintf with size greater than
INT_MAX
Product: gcc
Version: 7.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: middle-end
Assignee: unassigned at gcc dot gnu.org
Reporter: msebor at gcc dot gnu.org
Target Milestone: ---
The -Wformat-length option diagnoses calls to snprintf that specify a buffer
size in excess of SIZE_MAX / 2. But since the function cannot meaningfully
write more output than INT_MAX bytes, specifying a buffer larger than INT_MAX +
1 effectively disables any bounds checking done by it and is therefore likely a
mistake on the part of the caller. The warning should treat any size greater
than the smaller of INT_MAX + 1 and SIZE_MAX / 2 as too large.
$ cat a.c && gcc -O2 -S -Wall -Wextra -Wpedantic a.c
void f (char *d, const char *s)
{
__SIZE_TYPE__ n = __SIZE_MAX__ / 2 + 1;
__builtin_snprintf (d, n, "%-s", s);
}
void g (char *d, const char *s)
{
__SIZE_TYPE__ n = __INT_MAX__ + 1LU;
__builtin_snprintf (d, n, "%-s", s);
}
a.c: In function âfâ:
a.c:5:3: warning: specified destination size 9223372036854775808 too large
[-Wformat-length=]
__builtin_snprintf (d, n, "%-s", s);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
