https://gcc.gnu.org/bugzilla/show_bug.cgi?id=77696
--- Comment #7 from David Malcolm <dmalcolm at gcc dot gnu.org> --- (In reply to David Malcolm from comment #6) A tweak to this would be to show the point where the overflow occurs (if the substring location code is up to it...): demo.c: In function ‘test_2’: demo.c:6:23: warning: ‘%s’ directive writing 36 bytes into a region of size 11 [-Wformat-overflow=] 6 | sprintf (buf, "msg: %s\n", msg); | ~~~ ^~ | | | | | required space: 36 bytes | remaining capacity: 11 bytes demo.c:12:11: 12 | test_1 ("this is long enough to cause trouble"); | ^~~~~~~~~~~~~~~~~~~~~~~~~ | | | overflow occurs here demo.c:6:3: note: ‘sprintf’ output 43 bytes into a destination of size 16 6 | sprintf (buf, "msg: %s\n", msg); | ~~~ ^~~~~~~~~ | | | | | required space: 43 bytes | size: 16 bytes