https://gcc.gnu.org/bugzilla/show_bug.cgi?id=80512
Bug ID: 80512
Summary: missing -Wformat-overfow on a numbered directive with
width specified by "*m$"
Product: gcc
Version: 7.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: tree-optimization
Assignee: unassigned at gcc dot gnu.org
Reporter: msebor at gcc dot gnu.org
Target Milestone: ---
The gimple-ssa-sprintf.c pass doesn't handle numbered directives entirely
correctly. As a result, it fails to diagnose instances of buffer overflow such
as in the following (it has the same problem with precision):
$ cat a.c && gcc -O2 -Wall -Wextra -Wformat-overflow a.c && ./a.out
int main ()
{
char d[10];
int n = __builtin_sprintf (d, "%1$*1$i", 12);
__builtin_printf ("%i: \"%s\"\n", n, d);
}
12: " 12"
