https://gcc.gnu.org/bugzilla/show_bug.cgi?id=80397
Bug ID: 80397 Summary: missing -Wformat-overflow with arguments of enum types Product: gcc Version: 7.0 Status: UNCONFIRMED Severity: normal Priority: P3 Component: tree-optimization Assignee: unassigned at gcc dot gnu.org Reporter: msebor at gcc dot gnu.org Target Milestone: --- GCC issues a warning for the buffer overflow in the call to sprintf in function f in the test case below but it fails to do the same thing for the equivalent function g. This is because the format_integer function that extracts the range of the integral argument tests for the argument's type being INTEGER_TYPE rather than using the INTEGRAL_TYPE_P() macro as it should be. $ cat z.c && gcc -O2 -S -Wall -Wextra -Wpedantic z.c char d[1]; enum E { e10 = 10, e99 = 99 }; int f (int i) { if (i < e10 || e99 < i) i = e10; return __builtin_sprintf (d, "%i", i); // warning (ok) } int g (enum E i) { if (i < e10 || e99 < i) i = e10; return __builtin_sprintf (d, "%i", i); // missing warning (bug) } z.c: In function ‘f’: z.c:10:33: warning: ‘%i’ directive writing 2 bytes into a region of size 1 [-Wformat-overflow=] return __builtin_sprintf (d, "%i", i); // warning (ok) ^~ z.c:10:32: note: directive argument in the range [10, 99] return __builtin_sprintf (d, "%i", i); // warning (ok) ^~~~ z.c:10:10: note: ‘__builtin_sprintf’ output 3 bytes into a destination of size 1 return __builtin_sprintf (d, "%i", i); // warning (ok) ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~