https://gcc.gnu.org/bugzilla/show_bug.cgi?id=80354
--- Comment #5 from Stephan Bergmann <sbergman at redhat dot com> ---
(In reply to Martin Sebor from comment #3)
> The warning does just what it's designed to do: point out the potential
> unhandled truncation.
But it is unusable in practice if there is no reliable way to silence false
positives.
> If the argument values are such that the truncation
> cannot occur then using snprintf is unnecessary and sprintf can be used
> instead. Otherwise, if there is a combination of argument values that can
> result in truncation a warning is issued. Note that the length of output
> produced by each directive can be constrained by specifying a precision for
> %s (e.g., "%.24s" if arena->m_name in the LibreOffice code cannot be longer
> than 24 characters), or by asserting that an integer argument is in some
> limited range of its type (or by using a narrower type to store it).
None of that applies in the case I mentioned, where an at-most 31-character
prefix of "%s_%lu" shall be produced, where the %s argument is known to be a
string of 0..31 characters and the %lu argument is an effectively unconstrained
value of type unsigned long.
> Like all warnings that depend on data flow analysis it is subject to false
> positives but there is no evidence to suggest that on balance it's unhelpful
> or difficult to use. Quite the contrary.
One cannot even silence the warning locally with a #pragma GCC diagnostic
push/ignored "-Wformat-truncation"/pop just around that call to snprintf: The
warning is reported on the first line of the function definition containing the
call (see below), and the pragma is only effective if the push/ignored
"-Wformat-truncation" part precedes that first line of the whole function
definition.
> /data/sbergman/lo-gcc/core/sal/rtl/alloc_arena.cxx: In function
> ‘rtl_arena_type* {anonymous}::rtl_arena_activate(rtl_arena_type*, const
> char*, sal_Size, sal_Size, rtl_arena_type*, void* (*)(rtl_arena_type*,
> sal_Size*), void (*)(rtl_arena_type*, void*, sal_Size))’:
> /data/sbergman/lo-gcc/core/sal/rtl/alloc_arena.cxx:672:1: error: ‘%lu’
> directive output may be truncated writing between 1 and 20 bytes into a
> region of size between 0 and 31 [-Werror=format-truncation=]
> rtl_arena_activate (
> ^~~~~~~~~~~~~~~~~~
> /data/sbergman/lo-gcc/core/sal/rtl/alloc_arena.cxx:717:17: note: ‘snprintf’
> output between 3 and 53 bytes into a destination of size 32
> (void) snprintf (namebuf, sizeof(namebuf), "%s_%"
> SAL_PRIuUINTPTR, arena->m_name, size);
>
> ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
