https://gcc.gnu.org/bugzilla/show_bug.cgi?id=80354
Mike Sharov <msharov at users dot sourceforge.net> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |msharov at users dot
sourceforge.n
| |et
--- Comment #7 from Mike Sharov <msharov at users dot sourceforge.net> ---
I really do have to add my complaint about this one. Can't we have another
override option here? Have the compiler parse "truncates" in a comment, for
example, like it does for fallthrough. Doing format precision is not a good
workaround because it hardcodes the size of the buffer into the format string,
creating a maintenance problem in case the buffer size is increased later. Not
to mention unnecessarily creating multiple format strings where previously a
single one could have been shared. Why make us all create unnecessarily larger
executables?
Worse, truncation is always going to be a false positive here. Nobody wants to
choose buffer size based on worst case output. Sometimes it is merely useless,
such as when writing diagnostic messages. 8k of text won't fit in a message box
anyway and will be truncated. Other times it is distinctly wrong. For example,
if building a path from multiple components in PATH_MAX sized buffers, the
result must not be larger than PATH_MAX anyway, and must be truncated. Another
example is when you are trying to get a prefix from a large string. snprintf is
a great way of doing that, but your warning may now lead people to rewrite the
code with strncpy and its insecure behavior, possibly forgetting that it always
requires explicitly terminating the buffer.
Sure, it is just another warning to fix. I've had to fix some new warning with
every gcc release. Not a single one of them was an actual problem with the
code. It's always just "the way we've got to do things from now on", having to
write each code construct in a particular way to avoid a warning. A 100% false
positive rate is annoying, isn't it? Yet, I keep all warnings on, for some
strange reason. Can't we all be friends and always have a polite way of saying
"I know what I am doing here"?
