From: Kirill A. Korinsky <kirill@korins.ky>
Subject: Re: gcc/15 libestdc++: drop sprintf/strcpy ld warnings
To: ports@openbsd.org, Pascal Stumpf <pascal@stumpf.co>
Date: Sun, 14 Sep 2025 20:05:34 +0200

On Sun, 14 Sep 2025 19:36:07 +0200,
Jeremie Courreges-Anglas <jca@wxcvbn.org> wrote:
> 
> On Sun, Sep 14, 2025 at 05:51:17PM +0200, Jeremie Courreges-Anglas wrote:
> > 
> > ld.bfd spots it with a "hello, world!" program, ld.lld doesn't.  The
> > sprintf_ld() change is adapted from code already in lang/gcc/15.
> > Since that function is internal, it's not a problem.
> > 
> > With this, eg++ (-fuse-ld=bfd) doesn't warn about the sprintf use.
> > This matters for some overly picky ports that fail to find a working
> > C++ compiler when ld(1) spits any warning.  Diff for gcc/15 to follow.
> 
> Same for gcc/15 where more occurrences have crept up.
> 
> ok?
>

OK kirill@

> 
> Index: Makefile
> ===================================================================
> RCS file: /home/cvs/ports/lang/gcc/15/Makefile,v
> diff -u -p -r1.6 Makefile
> --- Makefile	13 Sep 2025 14:45:15 -0000	1.6
> +++ Makefile	14 Sep 2025 16:00:49 -0000
> @@ -16,6 +16,8 @@ V = 15.2.0
>  FULL_VERSION = $V
>  FULL_PKGVERSION = $V
>  
> +REVISION = 0
> +
>  ADASTRAP-amd64 = adastrap-amd64-11.2.0-5.tar.xz
>  ADASTRAP-arm = adastrap-arm-4.9.4-0.tar.xz
>  ADASTRAP-hppa = adastrap-hppa-8.3.0-1.tar.xz
> Index: patches/patch-libiberty_cp-demangle_c
> ===================================================================
> RCS file: /home/cvs/ports/lang/gcc/15/patches/patch-libiberty_cp-demangle_c,v
> diff -u -p -r1.1.1.1 patch-libiberty_cp-demangle_c
> --- patches/patch-libiberty_cp-demangle_c	18 Aug 2025 19:49:24 -0000	1.1.1.1
> +++ patches/patch-libiberty_cp-demangle_c	14 Sep 2025 17:33:56 -0000
> @@ -1,12 +1,25 @@
> +Avoid using sprintf and strcpy: aside from their unsafety they trigger ld(1)
> +warnings, leading to broken feature detection when linking test
> +programs with libestdc++.
> +
>  Index: libiberty/cp-demangle.c
>  --- libiberty/cp-demangle.c.orig
>  +++ libiberty/cp-demangle.c
> +@@ -2832,7 +2832,7 @@ cplus_demangle_type (struct d_info *di)
> + 					      &cplus_demangle_builtin_types[34],
> + 					      arg, suffix);
> + 	    d_advance (di, 1);
> +-	    sprintf (buf, "%d", arg);
> ++	    snprintf (buf, sizeof buf, "%d", arg);
> + 	    di->expansion += ret->u.s_extended_builtin.type->len
> + 			     + strlen (buf) + (suffix != 0);
> + 	    break;
>  @@ -4618,7 +4618,7 @@ static inline void
>   d_append_num (struct d_print_info *dpi, int l)
>   {
>     char buf[25];
>  -  sprintf (buf,"%d", l);
> -+  snprintf (buf, 25, "%d", l);
> ++  snprintf (buf, sizeof buf, "%d", l);
>     d_append_string (dpi, buf);
>   }
>   
> Index: patches/patch-libstdc++-v3_src_c++11_debug_cc
> ===================================================================
> RCS file: /home/cvs/ports/lang/gcc/15/patches/patch-libstdc++-v3_src_c++11_debug_cc,v
> diff -u -p -r1.1.1.1 patch-libstdc++-v3_src_c++11_debug_cc
> --- patches/patch-libstdc++-v3_src_c++11_debug_cc	18 Aug 2025 19:49:25 -0000	1.1.1.1
> +++ patches/patch-libstdc++-v3_src_c++11_debug_cc	14 Sep 2025 17:33:28 -0000
> @@ -1,3 +1,7 @@
> +Avoid using sprintf: aside from its unsafety it triggers ld(1)
> +warnings, leading to broken feature detection when linking test
> +programs with libestdc++.
> +
>  Index: libstdc++-v3/src/c++11/debug.cc
>  --- libstdc++-v3/src/c++11/debug.cc.orig
>  +++ libstdc++-v3/src/c++11/debug.cc
> @@ -19,3 +23,30 @@ Index: libstdc++-v3/src/c++11/debug.cc
>       print_word(ctx, buf, written);
>     }
>   
> +@@ -1170,7 +1170,7 @@ namespace
> + 
> +     PrintContext& ctx = *static_cast<PrintContext*>(data);
> + 
> +-    int written = __builtin_sprintf(buf, "%p ", (void*)pc);
> ++    int written = __builtin_snprintf(buf, sizeof buf, "%p ", (void*)pc);
> +     print_word(ctx, buf, written);
> + 
> +     int ret = 0;
> +@@ -1198,7 +1198,7 @@ namespace
> + 
> + 	if (lineno)
> + 	  {
> +-	    written = __builtin_sprintf(buf, ":%u\n", lineno);
> ++	    written = __builtin_snprintf(buf, sizeof buf, ":%u\n", lineno);
> + 	    print_word(ctx, buf, written);
> + 	  }
> + 	else
> +@@ -1221,7 +1221,7 @@ namespace
> +     if (errnum > 0)
> +       {
> + 	char buf[64];
> +-	int written = __builtin_sprintf(buf, " (errno=%d)\n", errnum);
> ++	int written = __builtin_snprintf(buf, sizeof buf, " (errno=%d)\n", errnum);
> + 	print_word(ctx, buf, written);
> +       }
> +     else
> Index: patches/patch-libstdc++-v3_src_c++17_floating_to_chars_cc
> ===================================================================
> RCS file: patches/patch-libstdc++-v3_src_c++17_floating_to_chars_cc
> diff -N patches/patch-libstdc++-v3_src_c++17_floating_to_chars_cc
> --- /dev/null	1 Jan 1970 00:00:00 -0000
> +++ patches/patch-libstdc++-v3_src_c++17_floating_to_chars_cc	14 Sep 2025 17:33:43 -0000
> @@ -0,0 +1,24 @@
> +Avoid using sprintf: aside from its unsafety it triggers ld(1)
> +warnings, leading to broken feature detection when linking test
> +programs with libestdc++.
> +
> +Index: libstdc++-v3/src/c++17/floating_to_chars.cc
> +--- libstdc++-v3/src/c++17/floating_to_chars.cc.orig
> ++++ libstdc++-v3/src/c++17/floating_to_chars.cc
> +@@ -1073,14 +1073,14 @@ namespace
> + 	  {
> + 	    // strfromf128 unfortunately doesn't allow .*
> + 	    char fmt[3 * sizeof(int) + 6];
> +-	    sprintf(fmt, "%%.%d%c", args..., int(format_string[4]));
> ++	    snprintf(fmt, sizeof(fmt), "%%.%d%c", args..., int(format_string[4]));
> + 	    len = __strfromf128(buffer, length, fmt, value);
> + 	  }
> +       }
> +     else
> + #endif
> + #endif
> +-    len = sprintf(buffer, format_string, args..., value);
> ++    len = snprintf(buffer, length, format_string, args..., value);
> + 
> + #if _GLIBCXX_USE_C99_FENV_TR1 && defined(FE_TONEAREST)
> +     if (saved_rounding_mode != FE_TONEAREST)
> Index: patches/patch-libstdc++-v3_src_c++20_format_cc
> ===================================================================
> RCS file: patches/patch-libstdc++-v3_src_c++20_format_cc
> diff -N patches/patch-libstdc++-v3_src_c++20_format_cc
> --- /dev/null	1 Jan 1970 00:00:00 -0000
> +++ patches/patch-libstdc++-v3_src_c++20_format_cc	14 Sep 2025 17:34:28 -0000
> @@ -0,0 +1,19 @@
> +Avoid using strcpy: aside from its unsafety it triggers ld(1)
> +warnings, leading to broken feature detection when linking test
> +programs with libestdc++.
> +
> +Index: libstdc++-v3/src/c++20/format.cc
> +--- libstdc++-v3/src/c++20/format.cc.orig
> ++++ libstdc++-v3/src/c++20/format.cc
> +@@ -189,8 +189,9 @@ __with_encoding_conversion(const locale& loc)
> +   // just don't delete[] it in the locale(locale, Facet*) constructor.
> +   if (const char* name = loc._M_impl->_M_names[0])
> +     {
> +-      loc2._M_impl->_M_names[0] = new char[strlen(name) + 1];
> +-      strcpy(loc2._M_impl->_M_names[0], name);
> ++      size_t sz = strlen(name) + 1;
> ++      loc2._M_impl->_M_names[0] = new char[sz];
> ++      strlcpy(loc2._M_impl->_M_names[0], name, sz);
> +     }
> +   return loc2;
> + }
> 
> -- 
> jca
> 

-- 
wbr, Kirill