https://gcc.gnu.org/bugzilla/show_bug.cgi?id=113752
--- Comment #2 from H.J. Lu <hjl.tools at gmail dot com> --- [hjl@gnu-skx-1 gcc]$ cat /tmp/foo.i char a[10256]; char b; char *c, *g; int d, e, f; int sprintf(char *, char *, ...); unsigned long strlen(char *); int h(char *j) { if (strlen(j) + strlen(c) + strlen(g) + 32 > 10256) return 0; sprintf(a, "%s:%s:%d:%d:%d:%c:%s\n", j, c, d, e, f, b, g); return 1; } void i() { h("wctype"); } [hjl@gnu-skx-1 gcc]$ ./xgcc -B./ -O3 -Wall -S /tmp/foo.i /tmp/foo.i: In function ?i?: /tmp/foo.i:10:33: warning: ?%s? directive writing up to 10218 bytes into a region of size between 0 and 10240 [-Wformat-overflow=] 10 | sprintf(a, "%s:%s:%d:%d:%d:%c:%s\n", j, c, d, e, f, b, g); | ^~ In function ?h?, inlined from ?i? at /tmp/foo.i:13:12: /tmp/foo.i:10:3: note: ?sprintf? output between 18 and 20484 bytes into a destination of size 10256 10 | sprintf(a, "%s:%s:%d:%d:%d:%c:%s\n", j, c, d, e, f, b, g); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ [hjl@gnu-skx-1 gcc]$