bug#32189: 27.0.50; GCC 7 warning due to -Wformat-truncation=2

[Paul Eggert]

Eli Zaretskii wrote:
> Thanks, this LGTM, but I'd like to hear Paul's opinion about this
> warning before we push (since this should probably go to the emacs-26
> branch?).

Let's continue using -Wformat-truncation=2 since I recall it finding real bugs 
in Emacs in the past, and there's a better fix for this particular problem.

Some background. Generally I don't worry too much about warnings from older 
compilers, since one can just compile with --disable-gcc-warnings if the 
compiler is too old. It's better to use the latest GCC to find bugs, and not 
worry about pacifying older GCCs that are somewhat flaky in this area (as 
pacifying them would be a neverending project with little benefit).

Two comments for this particular case. First, Emacs generally prefers sprintf to 
snprintf, because truncation (which is what the latter does) is often just as 
serious a bug as buffer overflow (which is what the former does), and the GNU 
coding style is to avoid both bugs in which case sprintf is generally simpler 
and easier to use. I realize this goes against the common wisdom that snprintf 
is "safer" than sprintf, but the common wisdom is typically wrong for 
high-quality code. In the few places where Emacs does use snprintf, it either 
checks for truncated output and reports an error if so (which is lame, but at 
least there's an error check), or truncation is expected and is OK.

Second, the code in question uses snprintf followed by build_string, and can be 
simplified by using vformat_string instead. That would avoid the warnings and 
should make the code more reliable. Something like the attached patch, say. I 
haven't tested it since I don't use MS-Windows. Let's use something like this 
rather than shutting off the warnings.

0001-Simplify-w32cygwinx.c-and-pacify-GCC-Bug-32189.patch
Description: Text Data