Thanks Martin! I now better understand how things work, so I'll experiment with changing the values of the test before so that only in range values reach the snprintf. Pico On Thu, Jun 22, 2017 at 6:24 PM, Martin Sebor <msebor@xxxxxxxxx> wrote: > On 06/22/2017 09:05 AM, Pico Geyer wrote: >> >> On Thu, Jun 22, 2017 at 4:51 PM, Jonathan Wakely <jwakely.gcc@xxxxxxxxx> >> wrote: >>> >>> On 22 June 2017 at 15:31, Jonathan Wakely wrote: >>>> >>>> Because the -Wformat-overflow warnings are new in GCC 7, i.e. GCC got >>>> better. See https://gcc.gnu.org/gcc-7/changes.html#c-family >>> >>> >>> Oops, I meant -Wformat-truncation not -Wformat-overflow. I copy&pasted >>> the wrong option. >> >> >> I didn't even notice :-| >> >> I forgot to follow up on the comment in the code. >> Any idea why commenting out the " if ( amt == 0 ) return " makes the >> warning go away? >> I can't think of a reason. > > > It's an effect of the logic used by the warning. The conditional > constrains the range of values the variable amt may have when it's > passed to snprintf to a subrange of the variable's type. This is > used by the warning to indicate that the caller made an attempt > to prevent the function from truncating an excessively large value > but didn't go quite far enough to. With the conditional removed > the variable has no such range associated with it (all GCC can > tell is that it can have any value of its type). That's > (conservatively) taken to mean that the variable is constrained > somewhere else in the program that GCC can't see, and so the > warning is more relaxed. It was done to avoid excessive false > positives. With -Wformat-truncation=2 the logic is the same > regardless and so the warning triggers both with and without > the conditional. > > Martin
