GNU bug report logs - #57211
29.0.50; generate-new-buffer-name sprintf format overflow warning

Previous Next

Package: emacs;

Reported by: "Basil L. Contovounesios" <contovob <at> tcd.ie>

Date: Sun, 14 Aug 2022 16:51:02 UTC

Severity: minor

Found in version 29.0.50

Done: Paul Eggert <eggert <at> cs.ucla.edu>

Bug is archived. No further changes may be made.

Full log

Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):

From: "Basil L. Contovounesios" <contovob <at> tcd.ie>
To: bug-gnu-emacs <at> gnu.org
Subject: 29.0.50; generate-new-buffer-name sprintf format overflow warning
Date: Sun, 14 Aug 2022 19:50:03 +0300

Severity: minor

Compiling with gcc (Debian 12.1.0-7) 12.1.0 and -Og, I get the following
-Wformat-overflow warning:

In file included from buffer.c:33:
buffer.c: In function ‘Fgenerate_new_buffer_name’:
buffer.c:1167:46: warning: ‘sprintf’ may write a terminating nul past the end of the destination [-Wformat-overflow=]
 1167 |       AUTO_STRING_WITH_LEN (lnumber, number, sprintf (number, "-%d", i));
      |                                              ^~~~~~~~~~~~~~~~~~~~~~~~~~
lisp.h:5493:36: note: in definition of macro ‘AUTO_STRING_WITH_LEN’
 5493 |         ((&(struct Lisp_String) {{{len, -1, 0, (unsigned char *) (str)}}}), \
      |                                    ^~~
buffer.c:1167:46: note: ‘sprintf’ output between 3 and 9 bytes into a destination of size 8
 1167 |       AUTO_STRING_WITH_LEN (lnumber, number, sprintf (number, "-%d", i));
      |                                              ^~~~~~~~~~~~~~~~~~~~~~~~~~
lisp.h:5493:36: note: in definition of macro ‘AUTO_STRING_WITH_LEN’
 5493 |         ((&(struct Lisp_String) {{{len, -1, 0, (unsigned char *) (str)}}}), \
      |                                    ^~~

Can the upper bound 9 ever be achieved?  If so, how?  If not, is this a
GCC bug?  Either way, is there a way to pacify the warning?

I tried

  snprintf (number, sizeof number, ...)

but got the same warning.

BTW, in the preceding

  int i = r % 1000000;

can the result of % ever exceed INT_MAX?  And do we care either way?

Thanks,

-- 
Basil

In GNU Emacs 29.0.50 (build 1, x86_64-pc-linux-gnu, X toolkit, cairo version 1.16.0, Xaw3d scroll bars)
 of 2022-08-14 built on tia
Repository revision: 1d3fe256907d5e78a4acedd194e55db8ab952952
Repository branch: master
Windowing system distributor 'The X.Org Foundation', version 11.0.12101004
System Description: Debian GNU/Linux bookworm/sid

Configured using:
 'configure CC=gcc-12 'CFLAGS=-Og -ggdb3' --config-cache
 --prefix=/home/blc/.local --enable-checking=structs
 --with-file-notification=yes --with-x-toolkit=lucid --with-x'

Configured features:
ACL CAIRO DBUS FREETYPE GIF GLIB GMP GNUTLS GPM GSETTINGS HARFBUZZ JPEG
JSON LCMS2 LIBOTF LIBSELINUX LIBSYSTEMD LIBXML2 M17N_FLT MODULES NOTIFY
INOTIFY PDUMPER PNG RSVG SECCOMP SOUND SQLITE3 THREADS TIFF
TOOLKIT_SCROLL_BARS WEBP X11 XAW3D XDBE XIM XINPUT2 XPM LUCID ZLIB

Important settings:
  value of $LANG: en_IE.UTF-8
  value of $XMODIFIERS: @im=ibus
  locale-coding-system: utf-8-unix
This bug report was last modified 2 years and 281 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.