https://gcc.gnu.org/bugzilla/show_bug.cgi?id=80807
Bug ID: 80807 Summary: Improve FORTIFY_SOURCE protection for sprintf Product: gcc Version: 5.4.0 Status: UNCONFIRMED Severity: normal Priority: P3 Component: c Assignee: unassigned at gcc dot gnu.org Reporter: bugzi...@poradnik-webmastera.com Target Milestone: --- Following code compiles cleanly with -D_FORTIFY_SOURCE=2, and then crashes at runtime because buffer overflow was detected. However gcc could detect that this code will overflow buffer at compilation time, by analyzing format string and calculating minimum output string length which is 3 in this example. #include <stdio.h> const char* test(char a, char b) { static char buf[2]; sprintf(buf, "%c%c", a, b); return buf; } Code compiled using following command: gcc -c -O3 -Wall -Wextra test.c -o test.o -D_FORTIFY_SOURCE=2