public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
From: "siddhesh at gcc dot gnu.org" <gcc-bugzilla@gcc.gnu.org>
To: gcc-bugs@gcc.gnu.org
Subject: [Bug middle-end/104854] -Wstringop-overread should not warn for strnlen, strndup and strncmp
Date: Tue, 15 Mar 2022 05:16:19 +0000 [thread overview]
Message-ID: <bug-104854-4-BYXWbhD7E7@http.gcc.gnu.org/bugzilla/> (raw)
In-Reply-To: <bug-104854-4@http.gcc.gnu.org/bugzilla/>
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=104854
--- Comment #8 from Siddhesh Poyarekar <siddhesh at gcc dot gnu.org> ---
(In reply to Martin Sebor from comment #7)
> Moving warnings into the analyzer and scaling it up to be able to run by
> default, during development, sounds like a good long-term plan. Until that
That's not quite what I'm suggesting here. I'm not a 100% convinced that those
are the right heuristics at all; the size argument for strnlen, strndup and
strncmp does not intend to describe the size of the passed strings. It is only
recommended security practice that the *n* variant functions be used instead of
their unconstrained relatives to mitigate overflows. In fact in more common
cases the size argument (especially in case of strnlen and strncmp) may
describe a completely different buffer or some other application-specific
property.
This is different from the -Wformat-overflow, where there is a clear
relationship between buffer, the format string and the string representation of
input numbers and we're only tweaking is the optimism level of the warnings.
So it is not just a question of levels of verosity/paranoia.
In that context, using size to describe the underlying buffer of the source
only makes sense only for a subset of uses, making this heuristic quite noisy.
So what I'm actually saying is: the heuristic is too noisy but if we insist on
keeping it, it makes sense as an analyzer warning where the user *chooses* to
look for pessimistic scenarios and is more tolerant of noisy heuristics.
> happens, rather than gratuitously removing warnings that we've added over
> the years, just because they fall short of the ideal 100% efficacy (as has
> been known and documented), making them easier to control seems like a
> better approach.
It's not just a matter of efficacy here IMO. The heuristic for strnlen,
strncmp and strndup overreads is too loose for it to be taken seriously.
next prev parent reply other threads:[~2022-03-15 5:16 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-03-09 14:24 [Bug middle-end/104854] New: [11 Regression] -Wstringop-overread should not warn for strnlen and strndup siddhesh at gcc dot gnu.org
2022-03-09 14:51 ` [Bug middle-end/104854] [11/12 " rguenth at gcc dot gnu.org
2022-03-09 15:48 ` dmalcolm at gcc dot gnu.org
2022-03-09 16:05 ` siddhesh at gcc dot gnu.org
2022-03-09 22:32 ` [Bug middle-end/104854] " msebor at gcc dot gnu.org
2022-03-10 0:18 ` [Bug middle-end/104854] -Wstringop-overread should not warn for strnlen, strndup and strncmp siddhesh at gcc dot gnu.org
2022-03-14 17:51 ` msebor at gcc dot gnu.org
2022-03-14 19:13 ` siddhesh at gcc dot gnu.org
2022-03-14 20:58 ` msebor at gcc dot gnu.org
2022-03-15 5:16 ` siddhesh at gcc dot gnu.org [this message]
2022-03-17 12:47 ` dmalcolm at gcc dot gnu.org
2022-03-18 14:52 ` msebor at gcc dot gnu.org
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=bug-104854-4-BYXWbhD7E7@http.gcc.gnu.org/bugzilla/ \
--to=gcc-bugzilla@gcc.gnu.org \
--cc=gcc-bugs@gcc.gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).