bug#57211: 29.0.50; generate-new-buffer-name sprintf format overflow war

bug-gnu-emacs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#57211: 29.0.50; generate-new-buffer-name sprintf format overflow war

From:	Basil L. Contovounesios
Subject:	bug#57211: 29.0.50; generate-new-buffer-name sprintf format overflow warning
Date:	Sun, 14 Aug 2022 19:50:03 +0300
User-agent:	Gnus/5.13 (Gnus v5.13) Emacs/29.0.50 (gnu/linux)

Severity: minor

Compiling with gcc (Debian 12.1.0-7) 12.1.0 and -Og, I get the following
-Wformat-overflow warning:

In file included from buffer.c:33:
buffer.c: In function ‘Fgenerate_new_buffer_name’:
buffer.c:1167:46: warning: ‘sprintf’ may write a terminating nul past the end 
of the destination [-Wformat-overflow=]
 1167 |       AUTO_STRING_WITH_LEN (lnumber, number, sprintf (number, "-%d", 
i));
      |                                              ^~~~~~~~~~~~~~~~~~~~~~~~~~
lisp.h:5493:36: note: in definition of macro ‘AUTO_STRING_WITH_LEN’
 5493 |         ((&(struct Lisp_String) {{{len, -1, 0, (unsigned char *) 
(str)}}}), \
      |                                    ^~~
buffer.c:1167:46: note: ‘sprintf’ output between 3 and 9 bytes into a 
destination of size 8
 1167 |       AUTO_STRING_WITH_LEN (lnumber, number, sprintf (number, "-%d", 
i));
      |                                              ^~~~~~~~~~~~~~~~~~~~~~~~~~
lisp.h:5493:36: note: in definition of macro ‘AUTO_STRING_WITH_LEN’
 5493 |         ((&(struct Lisp_String) {{{len, -1, 0, (unsigned char *) 
(str)}}}), \
      |                                    ^~~

Can the upper bound 9 ever be achieved?  If so, how?  If not, is this a
GCC bug?  Either way, is there a way to pacify the warning?

I tried

  snprintf (number, sizeof number, ...)

but got the same warning.

BTW, in the preceding

  int i = r % 1000000;

can the result of % ever exceed INT_MAX?  And do we care either way?

Thanks,

-- 
Basil

In GNU Emacs 29.0.50 (build 1, x86_64-pc-linux-gnu, X toolkit, cairo version 
1.16.0, Xaw3d scroll bars)
 of 2022-08-14 built on tia
Repository revision: 1d3fe256907d5e78a4acedd194e55db8ab952952
Repository branch: master
Windowing system distributor 'The X.Org Foundation', version 11.0.12101004
System Description: Debian GNU/Linux bookworm/sid

Configured using:
 'configure CC=gcc-12 'CFLAGS=-Og -ggdb3' --config-cache
 --prefix=/home/blc/.local --enable-checking=structs
 --with-file-notification=yes --with-x-toolkit=lucid --with-x'

Configured features:
ACL CAIRO DBUS FREETYPE GIF GLIB GMP GNUTLS GPM GSETTINGS HARFBUZZ JPEG
JSON LCMS2 LIBOTF LIBSELINUX LIBSYSTEMD LIBXML2 M17N_FLT MODULES NOTIFY
INOTIFY PDUMPER PNG RSVG SECCOMP SOUND SQLITE3 THREADS TIFF
TOOLKIT_SCROLL_BARS WEBP X11 XAW3D XDBE XIM XINPUT2 XPM LUCID ZLIB

Important settings:
  value of $LANG: en_IE.UTF-8
  value of $XMODIFIERS: @im=ibus
  locale-coding-system: utf-8-unix

[Prev in Thread]

Current Thread

[Next in Thread]

bug#57211: 29.0.50; generate-new-buffer-name sprintf format overflow warning, Basil L. Contovounesios <=
- bug#57211: 29.0.50; generate-new-buffer-name sprintf format overflow warning, Matt Armstrong, 2022/08/14
- bug#57211: 29.0.50; generate-new-buffer-name sprintf format overflow warning, Paul Eggert, 2022/08/14

Prev by Date: bug#56648: 29.0.50; Need for `compiled-function-p`
Next by Date: bug#57163: completing-read not allow cycling of the options by default
Previous by thread: bug#56648: 29.0.50; Need for `compiled-function-p`
Next by thread: bug#57211: 29.0.50; generate-new-buffer-name sprintf format overflow warning
Index(es):
- Date
- Thread