https://gcc.gnu.org/bugzilla/show_bug.cgi?id=79816
Martin Sebor <msebor at gcc dot gnu.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Keywords| |diagnostic Status|UNCONFIRMED |NEW Last reconfirmed| |2017-03-07 CC| |msebor at gcc dot gnu.org See Also| |https://gcc.gnu.org/bugzill | |a/show_bug.cgi?id=79554 Ever confirmed|0 |1 Severity|normal |enhancement --- Comment #1 from Martin Sebor <msebor at gcc dot gnu.org> --- I agree that detecting the scanf-type problems would be useful and in line with the goal of the -Wformat-overflow warnings recently added to GCC 7. This feature request is being tracked in bug 72783. Detecting non-string arguments to %s (i.e., character arrays that are known not to be nul-terminated) is an enhancement I would like to make to the -Wformat-overflow/-truncation warnings in GCC 8. (For non-string functions like fprintf this might involve introducing a new option.) I don't think there is a bug tracking this request so I'll use this one. There is an open question (in my mind) of whether to integrate aspects of -Wformat-security with the -Wformat-overflow/-truncation warnings and how. The two sets of warnings are implemented very differently, each with different capabilities and limitations, and so the integration could be quite intrusive. See bug 79554 for an example of an inherent limitation of the -Wformat-security implementation.