-Wformat-truncation in funknown.cpp

[danra]

The deprecated FUID::print (char8* string, int32 style) calls FUID::print (int32 style, char8* string, size_t stringBufferSize) passing 62 into stringBufferSize. That's exactly enough for the second-longest string which may be written into string, the DECLARE_UID one; but not enough for the longest one, the DECLARE_CLASS_IID one, which requires 78 bytes for the content + 1 for a null terminator.

GCC said it better (output from compiling a JUCE VST3-related source, some paths redacted):

[5/251] /usr/bin/c++ -DJUCE_GLOBAL_MODULE_SETTINGS_INCLUDED=1 -DNDEBUG=1 -D_NDEBUG=1 -DCMAKE_INTDIR=\"Release\" -IJUCE/modules/juce_audio_processors/format_types/VST3_SDK -IJUCE/modules -O3 -DNDEBUG -std=c++20 -fPIE -O3 -MD -MT CMakeFiles/juce_vst3_helper.dir/Release/Deps/JUCE/modules/juce_audio_plugin_client/VST3/juce_VST3ManifestHelper.cpp.o -MF CMakeFiles/juce_vst3_helper.dir/Release/Deps/JUCE/modules/juce_audio_plugin_client/VST3/juce_VST3ManifestHelper.cpp.o.d -o CMakeFiles/juce_vst3_helper.dir/Release/Deps/JUCE/modules/juce_audio_plugin_client/VST3/juce_VST3ManifestHelper.cpp.o -c JUCE/modules/juce_audio_plugin_client/VST3/juce_VST3ManifestHelper.cpp
In file included from JUCE/modules/juce_audio_plugin_client/VST3/juce_VST3ManifestHelper.cpp:62:
JUCE/modules/juce_audio_processors/format_types/VST3_SDK/pluginterfaces/base/funknown.cpp: In member function ‘void Steinberg::FUID::print(Steinberg::char8*, Steinberg::int32) const’:
JUCE/modules/juce_audio_processors/format_types/VST3_SDK/pluginterfaces/base/funknown.cpp:459:84: warning: ‘%08X’ directive output truncated writing 8 bytes into a region of size 6 [-Wformat-truncation=]
  459 |                                   "DECLARE_CLASS_IID (Interface, 0x%08X, 0x%08X, 0x%08X, 0x%08X)", l1, l2, l3,
      |                                                                                    ^~~~
In file included from /usr/include/stdio.h:894,
                 from /usr/include/c++/11/cstdio:42,
                 from /usr/include/c++/11/ext/string_conversions.h:43,
                 from /usr/include/c++/11/bits/basic_string.h:6608,
                 from /usr/include/c++/11/string:55,
                 from /usr/include/c++/11/bits/locale_classes.h:40,
                 from /usr/include/c++/11/bits/ios_base.h:41,
                 from /usr/include/c++/11/ios:42,
                 from /usr/include/c++/11/ostream:38,
                 from /usr/include/c++/11/bits/unique_ptr.h:42,
                 from /usr/include/c++/11/memory:76,
                 from JUCE/modules/juce_audio_processors/format_types/VST3_SDK/public.sdk/source/vst/hosting/../utility/optional.h:40,
                 from JUCE/modules/juce_audio_processors/format_types/VST3_SDK/public.sdk/source/vst/hosting/../utility/uid.h:39,
                 from JUCE/modules/juce_audio_processors/format_types/VST3_SDK/public.sdk/source/vst/hosting/module.h:39,
                 from JUCE/modules/juce_audio_processors/format_types/VST3_SDK/public.sdk/source/vst/hosting/module_linux.cpp:37,
                 from JUCE/modules/juce_audio_plugin_client/VST3/juce_VST3ManifestHelper.cpp:58:
/usr/include/x86_64-linux-gnu/bits/stdio2.h:71:35: note: ‘__builtin___snprintf_chk’ output 78 bytes into a destination of size 62
   71 |   return __builtin___snprintf_chk (__s, __n, __USE_FORTIFY_LEVEL - 1,
      |          ~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   72 |                                    __glibc_objsize (__s), __fmt,
      |                                    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   73 |                                    __va_arg_pack ());
      |                                    ~~~~~~~~~~~~~~~~~

(Only got the warning in a release build).

[ygrabit]

This is an issue.. it should be minimum 78... in the next update we will remove this deprecated function which is too risky