https://gcc.gnu.org/bugzilla/show_bug.cgi?id=115513
Bug ID: 115513
Summary: attribute nonstring could help with printf mistakes
Product: gcc
Version: 14.1.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: c
Assignee: unassigned at gcc dot gnu.org
Reporter: peter at eisentraut dot org
Target Milestone: ---
Created attachment 58446
--> https://gcc.gnu.org/bugzilla/attachment.cgi?id=58446&action=edit
test file
Consider this test program (also attached):
```
#include <stdio.h>
#include <string.h>
struct Data
{
char name[32] __attribute__((nonstring));
};
int f (struct Data *pd, const char *s)
{
strncpy(pd->name, s, sizeof pd->name);
printf("%s", pd->name); // unsafe, no warning!?!
return strlen(pd->name); // unsafe, gets a warning
}
```
Compile with, e.g.: gcc-14 -c -Wall -Wextra -O2 test.c
As per the documentation, this will warn about the strlen() call.
But it doesn't warn about the printf() call. This would be quite useful and
seems to be a gap in the warning coverage of this attribute.
