>>>
>>> well... I think, this should work for both compile time known buffers and
>>> heap-alloced buffers.
>>>
>>
>> this is what __builtin_object_size() is for
>> (and sprintf already uses that due to -D_FORTIFY_SOURCE=2)
>>
>
> yes, but I didn't want to use GCC C extensions (e.g. __builtin_foo). though,
> clang/llvm probably support them.
>
>> btw all these "n" usages in these patches are buggy, they do not leave space for a trailing 0
>> making the problem worse, not better...
>> esp since with -D_FORTIFY_SOURCE=2 the compiler will abort the program if there's an overflow,
>> and now you make it silently keep running but corrupt.
>
> yes, this is the reason behind this proposal. these patches a) don't check for
> overrun; b) don't handle overrun. they just shut up the compiler.


that's never a good tradeoff.
-D_FORTIFY_SOURCE-2 is an essential compiler feature that has a defined semantic/etc
patches that make behavior worse than that baseline, but shut up some warning, are damage
not value.