[Bug c/102337] New: possibly wrong warning about truncation

[Bug c/102337] New: possibly wrong warning about truncation

[rootkit85 at yahoo dot it]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=102337

            Bug ID: 102337
           Summary: possibly wrong warning about truncation
           Product: gcc
           Version: 11.2.1
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: c
          Assignee: unassigned at gcc dot gnu.org
          Reporter: rootkit85 at yahoo dot it
  Target Milestone: ---

The following code:

#include <stdio.h>

// build with: -O2 -Werror=format-truncation

void poke_kprobe_events(int add)
{
        char cmd[192], probename[128], probefunc[128];

        snprintf(probename, sizeof(probename), "a");

        snprintf(probefunc, sizeof(probefunc), "b");

        snprintf(cmd, sizeof(cmd), "%s %s", probename, probefunc);
}

Generates the following warning:

$ gcc -O2 -c test.c -Werror=format-truncation
test.c: In function ‘poke_kprobe_events’:
test.c:11:40: error: ‘%s’ directive output may be truncated writing up to 127
bytes into a region of size between 64 and 191 [-Werror=format-truncation=]
   11 |         snprintf(cmd, sizeof(cmd), "%s %s", probename, probefunc);
      |                                        ^~              ~~~~~~~~~
test.c:11:9: note: ‘snprintf’ output between 2 and 256 bytes into a destination
of size 192
   11 |         snprintf(cmd, sizeof(cmd), "%s %s", probename, probefunc);
      |         ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
cc1: some warnings being treated as errors

I'm using the Fedora 34 packages:

$ gcc -v
Using built-in specs.
COLLECT_GCC=gcc
COLLECT_LTO_WRAPPER=/usr/libexec/gcc/x86_64-redhat-linux/11/lto-wrapper
OFFLOAD_TARGET_NAMES=nvptx-none
OFFLOAD_TARGET_DEFAULT=1
Target: x86_64-redhat-linux
Configured with: ../configure --enable-bootstrap
--enable-languages=c,c++,fortran,objc,obj-c++,ada,go,d,lto --prefix=/usr
--mandir=/usr/share/man --infodir=/usr/share/info
--with-bugurl=http://bugzilla.redhat.com/bugzilla --enable-shared
--enable-threads=posix --enable-checking=release --enable-multilib
--with-system-zlib --enable-__cxa_atexit --disable-libunwind-exceptions
--enable-gnu-unique-object --enable-linker-build-id
--with-gcc-major-version-only --with-linker-hash-style=gnu --enable-plugin
--enable-initfini-array
--with-isl=/builddir/build/BUILD/gcc-11.2.1-20210728/obj-x86_64-redhat-linux/isl-install
--enable-offload-targets=nvptx-none --without-cuda-driver
--enable-gnu-indirect-function --enable-cet --with-tune=generic
--with-arch_32=i686 --build=x86_64-redhat-linux
Thread model: posix
Supported LTO compression algorithms: zlib zstd
gcc version 11.2.1 20210728 (Red Hat 11.2.1-1) (GCC)

[Bug middle-end/102337] possibly wrong warning about truncation

[marxin at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=102337

Martin Liška <marxin at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|UNCONFIRMED                 |NEW
     Ever confirmed|0                           |1
                 CC|                            |marxin at gcc dot gnu.org
   Last reconfirmed|                            |2021-09-15

[Bug middle-end/102337] bogus -Wformat-truncation due to incomplete sprintf/strlen integration

[msebor at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=102337

Martin Sebor <msebor at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Blocks|                            |85741
            Summary|possibly wrong warning      |bogus -Wformat-truncation
                   |about truncation            |due to incomplete
                   |                            |sprintf/strlen integration

--- Comment #1 from Martin Sebor <msebor at gcc dot gnu.org> ---
In the absence of data flow information -Wformat-truncation (and
-Wformat-overflow) uses the sizes of the arrays pointed to by arguments to the
%s directive as the upper bound of the lengths of the strings being formatted. 
In the test case in comment #0 the results of the first two snprintf calls
computed by GCC are discarded (not used for subsequent data flow analysis) and
so the warning assumes that the length of each of the two strings in the last
call to snprintf() is 127 and triggers.  To do better the warning needs to be
enhanced to feed the results of snprintf calls to the strlen pass so that they
are available when computing the lengths of strings in subsequent calls.  This
enhancement is the subject of pr92813 so this bug is effectively a duplicate of
that one.

(Replacing the first two snprintf calls with strcpy avoids the warning because
string lengths computed by GCC for arguments of strcpy calls are available to
the snprintf warning.)


Referenced Bugs:

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85741
[Bug 85741] [meta-bug] bogus/missing -Wformat-overflow