public inbox for gcc-bugs@sourceware.org help / color / mirror / Atom feed
From: "siddhesh at gcc dot gnu.org" <gcc-bugzilla@gcc.gnu.org> To: gcc-bugs@gcc.gnu.org Subject: [Bug middle-end/104854] -Wstringop-overread should not warn for strnlen, strndup and strncmp Date: Tue, 15 Mar 2022 05:16:19 +0000 [thread overview] Message-ID: <bug-104854-4-BYXWbhD7E7@http.gcc.gnu.org/bugzilla/> (raw) In-Reply-To: <bug-104854-4@http.gcc.gnu.org/bugzilla/> https://gcc.gnu.org/bugzilla/show_bug.cgi?id=104854 --- Comment #8 from Siddhesh Poyarekar <siddhesh at gcc dot gnu.org> --- (In reply to Martin Sebor from comment #7) > Moving warnings into the analyzer and scaling it up to be able to run by > default, during development, sounds like a good long-term plan. Until that That's not quite what I'm suggesting here. I'm not a 100% convinced that those are the right heuristics at all; the size argument for strnlen, strndup and strncmp does not intend to describe the size of the passed strings. It is only recommended security practice that the *n* variant functions be used instead of their unconstrained relatives to mitigate overflows. In fact in more common cases the size argument (especially in case of strnlen and strncmp) may describe a completely different buffer or some other application-specific property. This is different from the -Wformat-overflow, where there is a clear relationship between buffer, the format string and the string representation of input numbers and we're only tweaking is the optimism level of the warnings. So it is not just a question of levels of verosity/paranoia. In that context, using size to describe the underlying buffer of the source only makes sense only for a subset of uses, making this heuristic quite noisy. So what I'm actually saying is: the heuristic is too noisy but if we insist on keeping it, it makes sense as an analyzer warning where the user *chooses* to look for pessimistic scenarios and is more tolerant of noisy heuristics. > happens, rather than gratuitously removing warnings that we've added over > the years, just because they fall short of the ideal 100% efficacy (as has > been known and documented), making them easier to control seems like a > better approach. It's not just a matter of efficacy here IMO. The heuristic for strnlen, strncmp and strndup overreads is too loose for it to be taken seriously.
next prev parent reply other threads:[~2022-03-15 5:16 UTC|newest] Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top 2022-03-09 14:24 [Bug middle-end/104854] New: [11 Regression] -Wstringop-overread should not warn for strnlen and strndup siddhesh at gcc dot gnu.org 2022-03-09 14:51 ` [Bug middle-end/104854] [11/12 " rguenth at gcc dot gnu.org 2022-03-09 15:48 ` dmalcolm at gcc dot gnu.org 2022-03-09 16:05 ` siddhesh at gcc dot gnu.org 2022-03-09 22:32 ` [Bug middle-end/104854] " msebor at gcc dot gnu.org 2022-03-10 0:18 ` [Bug middle-end/104854] -Wstringop-overread should not warn for strnlen, strndup and strncmp siddhesh at gcc dot gnu.org 2022-03-14 17:51 ` msebor at gcc dot gnu.org 2022-03-14 19:13 ` siddhesh at gcc dot gnu.org 2022-03-14 20:58 ` msebor at gcc dot gnu.org 2022-03-15 5:16 ` siddhesh at gcc dot gnu.org [this message] 2022-03-17 12:47 ` dmalcolm at gcc dot gnu.org 2022-03-18 14:52 ` msebor at gcc dot gnu.org
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=bug-104854-4-BYXWbhD7E7@http.gcc.gnu.org/bugzilla/ \ --to=gcc-bugzilla@gcc.gnu.org \ --cc=gcc-bugs@gcc.gnu.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).