https://gcc.gnu.org/bugzilla/show_bug.cgi?id=77696
--- Comment #7 from David Malcolm <dmalcolm at gcc dot gnu.org> ---
(In reply to David Malcolm from comment #6)
A tweak to this would be to show the point where the overflow occurs
(if the substring location code is up to it...):
demo.c: In function ‘test_2’:
demo.c:6:23: warning: ‘%s’ directive writing 36 bytes into a region of size 11
[-Wformat-overflow=]
6 | sprintf (buf, "msg: %s\n", msg);
| ~~~ ^~
| | |
| | required space: 36 bytes
| remaining capacity: 11 bytes
demo.c:12:11:
12 | test_1 ("this is long enough to cause trouble");
| ^~~~~~~~~~~~~~~~~~~~~~~~~
| |
| overflow occurs here
demo.c:6:3: note: ‘sprintf’ output 43 bytes into a destination of size 16
6 | sprintf (buf, "msg: %s\n", msg);
| ~~~ ^~~~~~~~~
| | |
| | required space: 43 bytes
| size: 16 bytes
