https://gcc.gnu.org/bugzilla/show_bug.cgi?id=113752
Jakub Jelinek <jakub at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |jakub at gcc dot gnu.org
--- Comment #4 from Jakub Jelinek <jakub at gcc dot gnu.org> ---
Strange, it certainly does reproduce for me:
char a[10256], b, *c, *g;
int d, e, f;
int
foo (char *j)
{
if (__builtin_strlen (j) + __builtin_strlen (c) + __builtin_strlen (g) + 32 >
10256)
return 0;
__builtin_sprintf (a, "%s:%s:%d:%d:%d:%c:%s\n", j, c, d, e, f, b, g);
return 1;
}
void
bar (void)
{
foo ("wctype");
}
/volume/tor/opt/notnfs/gcc-bisect/obj/gcc/cc1.r14-8919 -quiet -O3 -Wall
pr113752.c
pr113752.c: In function ‘bar’:
pr113752.c:9:44: warning: ‘%s’ directive writing up to 10218 bytes into a
region of size between 0 and 10240 [-Wformat-overflow=]
9 | __builtin_sprintf (a, "%s:%s:%d:%d:%d:%c:%s\n", j, c, d, e, f, b, g);
| ^~
In function ‘foo’,
inlined from ‘bar’ at pr113752.c:16:3:
pr113752.c:9:3: note: ‘__builtin_sprintf’ output between 18 and 20484 bytes
into a destination of size 10256
9 | __builtin_sprintf (a, "%s:%s:%d:%d:%d:%c:%s\n", j, c, d, e, f, b, g);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
/volume/tor/opt/notnfs/gcc-bisect/obj/gcc/cc1.r14-260 -quiet -O3 -Wall
pr113752.c
/volume/tor/opt/notnfs/gcc-bisect/obj/gcc/cc1.r14-261 -quiet -O3 -Wall
pr113752.c
pr113752.c: In function ‘bar’:
pr113752.c:9:44: warning: ‘%s’ directive writing up to 10218 bytes into a
region of size between 0 and 10240 [-Wformat-overflow=]
9 | __builtin_sprintf (a, "%s:%s:%d:%d:%d:%c:%s\n", j, c, d, e, f, b, g);
| ^~
In function ‘foo’,
inlined from ‘bar’ at pr113752.c:16:3:
pr113752.c:9:3: note: ‘__builtin_sprintf’ output between 18 and 20484 bytes
into a destination of size 10256
9 | __builtin_sprintf (a, "%s:%s:%d:%d:%d:%c:%s\n", j, c, d, e, f, b, g);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
