New Warning in gcc 7.4.0 with respect to gcc 5.4.9

Question

Some days ago I updated my UBUNTU distribution from 16.04.12 to 18.04.01.

This update caused the transition from gcc-5.4.0 to gcc-7-4-0.

In this system I developed an application in c that previously, compiled with the -Wall option, did not generate warnings.

Now I obtain the following warning:

src/load_input_file.c: In function ‘load_input_file’:
src/load_input_file.c:60:23: warning: ‘%s’ directive writing up to 499 bytes into a region of size 196 [-Wformat-overflow=]                                                                                           o 
sprintf(str,"cp %s %s",fileName,inputData.outDir);
                   ^~           ~~~~~~~~~
In file included from /usr/include/stdio.h:862:0,
             from hdr/load_input_file.h:3,
             from src/load_input_file.c:1:
/usr/include/x86_64-linux-gnu/bits/stdio2.h:33:10: note: ‘__builtin___sprintf_chk’ output 5 or more bytes (assuming 504) into a destination of size 200                                                                                             
  return __builtin___sprintf_chk (__s, __USE_FORTIFY_LEVEL - 1,
         ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      __bos (__s), __fmt, __va_arg_pack ());
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Could you help me to understand what is this warning and how to solve it? Thank you

To solve the issue, following the suggestion of KamilCuk I trnsformed the code in the following way

sprintf(str,"cp %s %s",fileName,inputData.outDir);

to

sprintf(str,"cp ");
snprintf(str+strlen(str),strlen(fileName),"%s ",fileName);
snprintf(str+strlen(str),strlen(inputData.outDir),"%s",inputData.outDir);

Thank you

Answer 1

As you can read HERE GCC 7.1 introduced Wformat-overflow option. This is why now is giving you that warning.

Most probably

sprintf(str,"cp %s %s",fileName,inputData.outDir);

can overflow because

sizeof(fileName)+sizeof(inputData.outDir) > sizeof(str)