From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gcc-bugzilla@gcc.gnu.org>
Received: by sourceware.org (Postfix, from userid 48)
 id 816F23858C83; Tue,  1 Mar 2022 18:36:54 +0000 (GMT)
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 816F23858C83
From: "msebor at gcc dot gnu.org" <gcc-bugzilla@gcc.gnu.org>
To: gcc-bugs@gcc.gnu.org
Subject: [Bug tree-optimization/104746] [12 Regression] False positive for
 -Wformat-overflow=2 since r12-7033-g3c9f762ad02f398c
Date: Tue, 01 Mar 2022 18:36:54 +0000
X-Bugzilla-Reason: CC
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: gcc
X-Bugzilla-Component: tree-optimization
X-Bugzilla-Version: 12.0
X-Bugzilla-Keywords: diagnostic, lto
X-Bugzilla-Severity: normal
X-Bugzilla-Who: msebor at gcc dot gnu.org
X-Bugzilla-Status: WAITING
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: P3
X-Bugzilla-Assigned-To: unassigned at gcc dot gnu.org
X-Bugzilla-Target-Milestone: 12.0
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: bug_status
Message-ID: <bug-104746-4-aFdvEYZXO5@http.gcc.gnu.org/bugzilla/>
In-Reply-To: <bug-104746-4@http.gcc.gnu.org/bugzilla/>
References: <bug-104746-4@http.gcc.gnu.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: gcc-bugs@gcc.gnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Gcc-bugs mailing list <gcc-bugs.gcc.gnu.org>
List-Unsubscribe: <https://gcc.gnu.org/mailman/options/gcc-bugs>,
 <mailto:gcc-bugs-request@gcc.gnu.org?subject=unsubscribe>
List-Archive: <https://gcc.gnu.org/pipermail/gcc-bugs/>
List-Post: <mailto:gcc-bugs@gcc.gnu.org>
List-Help: <mailto:gcc-bugs-request@gcc.gnu.org?subject=help>
List-Subscribe: <https://gcc.gnu.org/mailman/listinfo/gcc-bugs>,
 <mailto:gcc-bugs-request@gcc.gnu.org?subject=subscribe>
X-List-Received-Date: Tue, 01 Mar 2022 18:36:54 -0000

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=3D104746

Martin Sebor <msebor at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |WAITING

--- Comment #1 from Martin Sebor <msebor at gcc dot gnu.org> ---
The warning certainly looks cryptic but seems to actually point out a real =
bug
in the code: len is set to 1 less than the number of bytes the sprintf call
writes to the buffer (the two strings plus the slash character plus the
teminating nul byte).

That said, the warning persists even with a buffer of sufficient size, but =
then
disappears if the empty definition of systemd_escape2() is removed.  Since =
the
function fails to return a result the test case is invalid, I'm guessing
because it was reduced too far.  Can you provide a valid test case?

FYI, level 2 of -Wformat-overflow is designed to "warn also about calls that
might overflow the destination buffer given an argument of sufficient lengt=
h or
magnitude" so it will have a higher rate of false positives in cases where =
some
arguments cannot be determined to be sufficiently constrained to avoid an
overflow.  In addition, there is no support for symbolic constraints involv=
ing
multiple arguments (like strlen(a) + strlen (b) < bufsize - 1) so the warni=
ng
is susceptible to false positives for calls involving such arguments, as in
sprintf(buf, "%s/%s", a, b).=