Avoid overflow warnings in {v,}sprintfHEAD master

gcc does not seem to reliably notice that the if condition makes overflows impossible in the code. To please the compiler we can use the __bos flag to return 0 (instead of -1) when the size is unknown. Fixes https://github.com/jvoisin/fortify-headers/issues/62 Fixes https://github.com/jvoisin/fortify-headers/issues/68 Fixes https://github.com/jvoisin/fortify-headers/issues/80
author: Sertonix 2026-04-15 16:41:46 +0200
committer: Julien Voisin 2026-04-20 23:15:31 +0200
commit: 5ac7e1b695281ebdcfe365176d40053764d44684 (patch)
tree: 4a3419f75c2bf012f5d6abbd0ee35a5a5dbe46fe
parent: 57e658873fe794a654cc773b521dd8fdf3ddd9ed (diff)
1 files changed, 4 insertions, 4 deletions
diff --git a/include/stdio.h b/include/stdio.h
index 2d1ee33..7a8ef05 100644
--- a/include/stdio.h
+++ b/include/stdio.h
@@ -95,10 +95,10 @@ __fortify_access(read_only, 2)
 _FORTIFY_FN(vsprintf) int vsprintf(char * _FORTIFY_POS0 __s, const char *__f,
                                   __builtin_va_list __v)
 {
-        size_t __b = __bos(__s, 0);
+        size_t __b = __bos(__s, 2);
        int __r;
-        if (__b != (size_t)-1) {
+        if (__b) {
                __r = __orig_vsnprintf(__s, __b, __f, __v);
                if (__r != -1 && (size_t)__r >= __b)
                        __builtin_trap();
@@ -136,10 +136,10 @@ _FORTIFY_FN(snprintf) int snprintf(char *__s, size_t __n,
 __fortify__format(printf, 2, 3)
 _FORTIFY_FN(sprintf) int sprintf(char *__s, const char *__f, ...)
 {
-        size_t __b = __bos(__s, 0);
+        size_t __b = __bos(__s, 2);
        int __r;
-        if (__b != (size_t)-1) {
+        if (__b) {
                __r = __orig_snprintf(__s, __b, __f, __builtin_va_arg_pack());
                if (__r != -1 && (size_t)__r >= __b)
                        __builtin_trap();
author	Sertonix	2026-04-15 16:41:46 +0200
committer	Julien Voisin	2026-04-20 23:15:31 +0200
commit	5ac7e1b695281ebdcfe365176d40053764d44684 (patch)
tree	4a3419f75c2bf012f5d6abbd0ee35a5a5dbe46fe
parent	57e658873fe794a654cc773b521dd8fdf3ddd9ed (diff)

diff --git a/include/stdio.h b/include/stdio.h index 2d1ee33..7a8ef05 100644 --- a/include/stdio.h +++ b/include/stdio.h
@@ -95,10 +95,10 @@ __fortify_access(read_only, 2)
95	_FORTIFY_FN(vsprintf) int vsprintf(char * _FORTIFY_POS0 __s, const char *__f,	95	_FORTIFY_FN(vsprintf) int vsprintf(char * _FORTIFY_POS0 __s, const char *__f,
96	__builtin_va_list __v)	96	__builtin_va_list __v)
97	{	97	{
98	size_t __b = __bos(__s, 0);	98	size_t __b = __bos(__s, 2);
99	int __r;	99	int __r;
100		100
101	if (__b != (size_t)-1) {	101	if (__b) {
102	__r = __orig_vsnprintf(__s, __b, __f, __v);	102	__r = __orig_vsnprintf(__s, __b, __f, __v);
103	if (__r != -1 && (size_t)__r >= __b)	103	if (__r != -1 && (size_t)__r >= __b)
104	__builtin_trap();	104	__builtin_trap();
@@ -136,10 +136,10 @@ _FORTIFY_FN(snprintf) int snprintf(char *__s, size_t __n,
136	__fortify__format(printf, 2, 3)	136	__fortify__format(printf, 2, 3)
137	_FORTIFY_FN(sprintf) int sprintf(char __s, const char __f, ...)	137	_FORTIFY_FN(sprintf) int sprintf(char __s, const char __f, ...)
138	{	138	{
139	size_t __b = __bos(__s, 0);	139	size_t __b = __bos(__s, 2);
140	int __r;	140	int __r;
141		141
142	if (__b != (size_t)-1) {	142	if (__b) {
143	__r = __orig_snprintf(__s, __b, __f, __builtin_va_arg_pack());	143	__r = __orig_snprintf(__s, __b, __f, __builtin_va_arg_pack());
144	if (__r != -1 && (size_t)__r >= __b)	144	if (__r != -1 && (size_t)__r >= __b)
145	__builtin_trap();	145	__builtin_trap();