https://gcc.gnu.org/bugzilla/show_bug.cgi?id=79062
Martin Sebor <msebor at gcc dot gnu.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Priority|P3 |P2 --- Comment #9 from Martin Sebor <msebor at gcc dot gnu.org> --- The same problem affects _FORTIFY_SOURCE. Since this effectively disables compile-time buffer overflow detection for the sprintf family of functions I'm bumping Importance up to P2. (The runtime prevention still works.) $ (set -x && cat pr79062.c && gcc -D_FORTIFY_SOURCE=2 -O2 -Wall -flto -c pr79062.c && gcc -D_FORTIFY_SOURCE=2 -O2 -Wall -flto pr79062.o && ./a.out) + cat pr79062.c #include <stdio.h> #include <stdlib.h> int main (void) { char *d = (char*)alloca (2); int n = sprintf (d, "%i", 123); // missing warning with -flto puts (d); if (n > 1) abort (); } + gcc -D_FORTIFY_SOURCE=2 -O2 -Wall -flto -c pr79062.c + gcc -D_FORTIFY_SOURCE=2 -O2 -Wall -flto pr79062.o + ./a.out *** buffer overflow detected ***: ./a.out terminated