[Bug c/111219] New: -Wformat-truncation false negative with %p modifier

public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed

* [Bug c/111219] New: -Wformat-truncation false negative with %p modifier
@ 2023-08-28 21:44 ndesaulniers at google dot com
  2023-08-28 21:48 ` [Bug c/111219] " pinskia at gcc dot gnu.org
                   ` (2 more replies)
  0 siblings, 3 replies; 4+ messages in thread
From: ndesaulniers at google dot com @ 2023-08-28 21:44 UTC (permalink / raw)
  To: gcc-bugs

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=111219

            Bug ID: 111219
           Summary: -Wformat-truncation false negative with %p modifier
           Product: gcc
           Version: 14.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: c
          Assignee: unassigned at gcc dot gnu.org
          Reporter: ndesaulniers at google dot com
  Target Milestone: ---

I noticed that -Wformat-truncation was disabled in the linux kernel.

commit bd664f6b3e37 ("disable new gcc-7.1.1 warnings for now")

I was curious since I was unfamiliar with that flag.  I filed a bug against
clang to look into implementing something similar.

https://github.com/llvm/llvm-project/issues/64871

They extended their existing -Wfortify-source flag instead (*sigh*), but we
noticed now in the Linux kernel that `-Wfortify-source` is flagging a few cases
where kernel devs have added custom format flags for pretty printing oft-used
data structures, which is tripping up this warning, since these format
specifiers are not part of the language standard.

A recent kernel patch looks to re-enable -Wformat-truncation for W=1 kernel
builds.  Nathan noticed that GCC is not warning for the %p related flags,
whereas clang is (with -Wfortify-source).

I don't think GCC's current behavior is intentional?

For example, consider the following code:
```
void foo (void *x) {
    char dst [1];
    __builtin_snprintf(dst, sizeof(dst), "%p", x);
}
```
Clang-18 (trunk, not yet released, after
https://github.com/llvm/llvm-project/commit/0c9c9dd9a24f9d715d950fef0ac7aae01437af96)
with -Wfortify-source will warn:

```
tmp.c:3:5: warning: 'snprintf' will always be truncated; specified size is 1,
but format string expands to at least 4 [-Wfortify-source]
    3 |     __builtin_snprintf(dst, sizeof(dst), "%p", x);
      |     ^
```

GCC with -Wformat-truncation does not warn, but I think it should.

^ permalink raw reply	[flat|nested] 4+ messages in thread

* [Bug c/111219] -Wformat-truncation false negative with %p modifier
  2023-08-28 21:44 [Bug c/111219] New: -Wformat-truncation false negative with %p modifier ndesaulniers at google dot com
@ 2023-08-28 21:48 ` pinskia at gcc dot gnu.org
  2023-08-28 21:58 ` ndesaulniers at google dot com
  2023-08-29  8:16 ` [Bug c/111219] -Wformat-truncation intentional false negative with %p modifier is undocumented rguenth at gcc dot gnu.org
  2 siblings, 0 replies; 4+ messages in thread
From: pinskia at gcc dot gnu.org @ 2023-08-28 21:48 UTC (permalink / raw)
  To: gcc-bugs

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=111219

Andrew Pinski <pinskia at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
           See Also|                            |https://gcc.gnu.org/bugzill
                   |                            |a/show_bug.cgi?id=78512

--- Comment #1 from Andrew Pinski <pinskia at gcc dot gnu.org> ---
From the GCC itself:
    case 'p':
      /* The %p output is implementation-defined.  It's possible
         to determine this format but due to extensions (especially
         those of the Linux kernel -- see bug 78512) the first %p
         in the format string disables any further processing.  */
      return false;

^ permalink raw reply	[flat|nested] 4+ messages in thread

* [Bug c/111219] -Wformat-truncation false negative with %p modifier
  2023-08-28 21:44 [Bug c/111219] New: -Wformat-truncation false negative with %p modifier ndesaulniers at google dot com
  2023-08-28 21:48 ` [Bug c/111219] " pinskia at gcc dot gnu.org
@ 2023-08-28 21:58 ` ndesaulniers at google dot com
  2023-08-29  8:16 ` [Bug c/111219] -Wformat-truncation intentional false negative with %p modifier is undocumented rguenth at gcc dot gnu.org
  2 siblings, 0 replies; 4+ messages in thread
From: ndesaulniers at google dot com @ 2023-08-28 21:58 UTC (permalink / raw)
  To: gcc-bugs

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=111219

--- Comment #2 from Nick Desaulniers <ndesaulniers at google dot com> ---
Ah ok that makes sense.

Would it be possible to get that behavior documented on this page?

https://gcc.gnu.org/onlinedocs/gcc/Warning-Options.html#index-Wformat-truncation

We can probably modify clang to match this behavior then.

It's good to know that this was intentional, but too bad that Martin did the
work to change this, but the kernel commit still disabled the diagnostic.

Martin's GCC patch is dated:
Date: Tue Nov 29 21:08:02 2016

Linus' kernel patch is dated:
Date:   Wed Jul 12 19:25:47 2017 -0700

(So this was changed in GCC BEFORE the kernel commit; perhaps Linus was using
an older release at the time. Or perhaps there was something else Linus was
witnessing).

^ permalink raw reply	[flat|nested] 4+ messages in thread

* [Bug c/111219] -Wformat-truncation intentional false negative with %p modifier is undocumented
  2023-08-28 21:44 [Bug c/111219] New: -Wformat-truncation false negative with %p modifier ndesaulniers at google dot com
  2023-08-28 21:48 ` [Bug c/111219] " pinskia at gcc dot gnu.org
  2023-08-28 21:58 ` ndesaulniers at google dot com
@ 2023-08-29  8:16 ` rguenth at gcc dot gnu.org
  2 siblings, 0 replies; 4+ messages in thread
From: rguenth at gcc dot gnu.org @ 2023-08-29  8:16 UTC (permalink / raw)
  To: gcc-bugs

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=111219

Richard Biener <rguenth at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
   Last reconfirmed|                            |2023-08-29
     Ever confirmed|0                           |1
           Keywords|                            |documentation
             Status|UNCONFIRMED                 |NEW

^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2023-08-29  8:16 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-08-28 21:44 [Bug c/111219] New: -Wformat-truncation false negative with %p modifier ndesaulniers at google dot com
2023-08-28 21:48 ` [Bug c/111219] " pinskia at gcc dot gnu.org
2023-08-28 21:58 ` ndesaulniers at google dot com
2023-08-29  8:16 ` [Bug c/111219] -Wformat-truncation intentional false negative with %p modifier is undocumented rguenth at gcc dot gnu.org

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).