diff --git a/cpp/ql/lib/semmle/code/cpp/models/interfaces/FormattingFunction.qll b/cpp/ql/lib/semmle/code/cpp/models/interfaces/FormattingFunction.qll
index ce65a65319a..757db13fe8c 100644
--- a/cpp/ql/lib/semmle/code/cpp/models/interfaces/FormattingFunction.qll
+++ b/cpp/ql/lib/semmle/code/cpp/models/interfaces/FormattingFunction.qll
@@ -170,6 +170,16 @@ abstract class FormattingFunction extends ArrayFunction, TaintFunction {
       output.isParameterDeref(this.getOutputParameterIndex(_))
     )
   }
+
+  final override predicate isPartialWrite(FunctionOutput output) {
+    exists(int outputParameterIndex |
+      output.isParameterDeref(outputParameterIndex) and
+      // We require the output to be a stream since that definitely means that
+      // it's a partial write. If it's not a stream then it will most likely
+      // fill the whole buffer.
+      outputParameterIndex = this.getOutputParameterIndex(true)
+    )
+  }
 }
 
 /**
diff --git a/cpp/ql/test/library-tests/dataflow/taint-tests/taint.cpp b/cpp/ql/test/library-tests/dataflow/taint-tests/taint.cpp
index bc8261df0dd..0c09665de1c 100644
--- a/cpp/ql/test/library-tests/dataflow/taint-tests/taint.cpp
+++ b/cpp/ql/test/library-tests/dataflow/taint-tests/taint.cpp
@@ -840,6 +840,6 @@ int f7(void)
 {
   FILE* fp = (FILE*)indirect_source();
   fprintf(fp, "");
-	indirect_sink(fp); // $ MISSING: ast,ir
+	indirect_sink(fp); // $ ir MISSING: ast
   return 0;
 }
\ No newline at end of file