https://gcc.gnu.org/bugzilla/show_bug.cgi?id=78673
Bug ID: 78673 Summary: sprintf missing attribute nonnull on destination argument Product: gcc Version: 7.0 Status: UNCONFIRMED Severity: normal Priority: P3 Component: c Assignee: unassigned at gcc dot gnu.org Reporter: msebor at gcc dot gnu.org Target Milestone: --- Thew first argument of the sprintf function designates the destination into which the function writes the formatted output followed a terminating nul character. Thus the argument must be a non-null pointer. The declarations of GCC sprintf built-ins (sprintf, vsprintf, and their checking counterparts) are missing attribute nonnull on their first argument. The test case below shows that the built-ins do have the attribute on the format argument (hence the -Wnonnull warning). It also shows that the -Wformat-length option duplicates the warning in the null pointer constant cases. $ cat a.c && gcc -S -Wall -Wextra -Wpedantic a.c void f0 (char *d) { __builtin_sprintf (d, (char*)0); } void f1 (void) { __builtin_sprintf ((char*)0, "%i", 1); // missing warning } void f2 (char *d, __builtin_va_list va) { __builtin_vsprintf (d, (char*)0, va); } void f3 (__builtin_va_list va) { __builtin_vsprintf ((char*)0, "%i", va); // missing warning } void f4 (char *d, unsigned n) { __builtin___sprintf_chk (d, 0, n, (char*)0); } void f5 (unsigned n) { __builtin___sprintf_chk ((char*)0, 0, n, "%i", 1); // missing warning } void f6 (char *d, unsigned n, __builtin_va_list va) { __builtin___vsprintf_chk (d, 0, n, (char*)0, va); } void f7 (unsigned n, __builtin_va_list va) { __builtin___vsprintf_chk ((char*)0, 0, n, "%i", va); // missing warning } a.c: In function ‘f0’: a.c:3:3: warning: null argument where non-null required (argument 2) [-Wnonnull] __builtin_sprintf (d, (char*)0); ^~~~~~~~~~~~~~~~~ a.c: In function ‘f2’: a.c:13:3: warning: null argument where non-null required (argument 2) [-Wnonnul] __builtin_vsprintf (d, (char*)0, va); ^~~~~~~~~~~~~~~~~~ a.c:13:3: warning: too many arguments for format [-Wformat-extra-args] a.c: In function ‘f4’: a.c:23:3: warning: null argument where non-null required (argument 4) [-Wnonnul] __builtin___sprintf_chk (d, 0, n, (char*)0); ^~~~~~~~~~~~~~~~~~~~~~~ a.c: In function ‘f6’: a.c:33:3: warning: null argument where non-null required (argument 4) [-Wnonnul] __builtin___vsprintf_chk (d, 0, n, (char*)0, va); ^~~~~~~~~~~~~~~~~~~~~~~~ a.c:33:3: warning: too many arguments for format [-Wformat-extra-args] a.c: In function ‘f0’: a.c:1:6: warning: null format string [-Wformat-length=] void f0 (char *d) ^~ a.c: In function ‘f2’: a.c:11:6: warning: null format string [-Wformat-length=] void f2 (char *d, __builtin_va_list va) ^~ a.c: In function ‘f4’: a.c:21:6: warning: null format string [-Wformat-length=] void f4 (char *d, unsigned n) ^~ a.c: In function ‘f6’: a.c:31:6: warning: null format string [-Wformat-length=] void f6 (char *d, unsigned n, __builtin_va_list va) ^~