https://gcc.gnu.org/bugzilla/show_bug.cgi?id=79816
Martin Sebor <msebor at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Keywords| |diagnostic
Status|UNCONFIRMED |NEW
Last reconfirmed| |2017-03-07
CC| |msebor at gcc dot gnu.org
See Also| |https://gcc.gnu.org/bugzill
| |a/show_bug.cgi?id=79554
Ever confirmed|0 |1
Severity|normal |enhancement
--- Comment #1 from Martin Sebor <msebor at gcc dot gnu.org> ---
I agree that detecting the scanf-type problems would be useful and in line with
the goal of the -Wformat-overflow warnings recently added to GCC 7. This
feature request is being tracked in bug 72783.
Detecting non-string arguments to %s (i.e., character arrays that are known not
to be nul-terminated) is an enhancement I would like to make to the
-Wformat-overflow/-truncation warnings in GCC 8. (For non-string functions
like fprintf this might involve introducing a new option.) I don't think there
is a bug tracking this request so I'll use this one.
There is an open question (in my mind) of whether to integrate aspects of
-Wformat-security with the -Wformat-overflow/-truncation warnings and how. The
two sets of warnings are implemented very differently, each with different
capabilities and limitations, and so the integration could be quite intrusive.
See bug 79554 for an example of an inherent limitation of the -Wformat-security
implementation.
