https://gcc.gnu.org/bugzilla/show_bug.cgi?id=80807
Bug ID: 80807
Summary: Improve FORTIFY_SOURCE protection for sprintf
Product: gcc
Version: 5.4.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: c
Assignee: unassigned at gcc dot gnu.org
Reporter: [email protected]
Target Milestone: ---
Following code compiles cleanly with -D_FORTIFY_SOURCE=2, and then crashes at
runtime because buffer overflow was detected. However gcc could detect that
this code will overflow buffer at compilation time, by analyzing format string
and calculating minimum output string length which is 3 in this example.
#include <stdio.h>
const char* test(char a, char b)
{
static char buf[2];
sprintf(buf, "%c%c", a, b);
return buf;
}
Code compiled using following command:
gcc -c -O3 -Wall -Wextra test.c -o test.o -D_FORTIFY_SOURCE=2
