https://gcc.gnu.org/bugzilla/show_bug.cgi?id=100325
Bug ID: 100325 Summary: missing warning with -O0 on sprintf overflow with pointer plus offset Product: gcc Version: 11.1.0 Status: UNCONFIRMED Severity: normal Priority: P3 Component: middle-end Assignee: unassigned at gcc dot gnu.org Reporter: msebor at gcc dot gnu.org Target Milestone: --- At -O0, GCC correctly diagnoses the buffer overflow in f() but fails to detect the same bug in g(). This covers the problem mentioned in pr100307 comment 2 caused by the sprintf warning being run too early when optimization is disabled. Running it at approximately the same point as the early -Wuninitialized pass (or -Wnonnull-compare) lets it diagnose both bugs. $ cat a.c && gcc -S -Wall a.c extern char a[2]; void f () { __builtin_sprintf (a + 1, "%i", 123); // -Wformat-overflow (good) } void g () { char *p = a + 1; __builtin_sprintf (p, "%i", 123); // missing -Wformat-overflow } a.c: In function ‘f’: a.c:5:30: warning: ‘%i’ directive writing 3 bytes into a region of size 1 [-Wformat-overflow=] 5 | __builtin_sprintf (a + 1, "%i", 123); // -Wformat-overflow (good) | ^~ a.c:5:3: note: ‘__builtin_sprintf’ output 4 bytes into a destination of size 1 5 | __builtin_sprintf (a + 1, "%i", 123); // -Wformat-overflow (good) | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~