public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug analyzer/105022] New: -Wanalyzer-tainted-allocation-size doesn't warn for custom allocators marked with "malloc" attribute
@ 2022-03-22 18:07 dmalcolm at gcc dot gnu.org
2022-03-25 13:11 ` [Bug analyzer/105022] " dmalcolm at gcc dot gnu.org
2022-03-25 13:36 ` dmalcolm at gcc dot gnu.org
0 siblings, 2 replies; 3+ messages in thread
From: dmalcolm at gcc dot gnu.org @ 2022-03-22 18:07 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105022
Bug ID: 105022
Summary: -Wanalyzer-tainted-allocation-size doesn't warn for
custom allocators marked with "malloc" attribute
Product: gcc
Version: 12.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: analyzer
Assignee: dmalcolm at gcc dot gnu.org
Reporter: dmalcolm at gcc dot gnu.org
Target Milestone: ---
Given:
typedef __SIZE_TYPE__ size_t;
void *custom_alloc (size_t sz) __attribute__((malloc (__builtin_free)));
void * __attribute__ ((tainted_args))
test_ (size_t sz)
{
return custom_alloc (sz);
}
and compiling with:
-fanalyzer -fanalyzer-checker=taint
there is no output. Ideally the analyzer should complain with
-Wanalyzer-tainted-allocation-size that "sz" is attacker-controlled.
https://godbolt.org/z/oohh39Gjj
^ permalink raw reply [flat|nested] 3+ messages in thread
* [Bug analyzer/105022] -Wanalyzer-tainted-allocation-size doesn't warn for custom allocators marked with "malloc" attribute
2022-03-22 18:07 [Bug analyzer/105022] New: -Wanalyzer-tainted-allocation-size doesn't warn for custom allocators marked with "malloc" attribute dmalcolm at gcc dot gnu.org
@ 2022-03-25 13:11 ` dmalcolm at gcc dot gnu.org
2022-03-25 13:36 ` dmalcolm at gcc dot gnu.org
1 sibling, 0 replies; 3+ messages in thread
From: dmalcolm at gcc dot gnu.org @ 2022-03-25 13:11 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105022
--- Comment #1 from David Malcolm <dmalcolm at gcc dot gnu.org> ---
https://gcc.gnu.org/onlinedocs/gcc/Common-Function-Attributes.html#index-malloc-function-attribute
^ permalink raw reply [flat|nested] 3+ messages in thread
* [Bug analyzer/105022] -Wanalyzer-tainted-allocation-size doesn't warn for custom allocators marked with "malloc" attribute
2022-03-22 18:07 [Bug analyzer/105022] New: -Wanalyzer-tainted-allocation-size doesn't warn for custom allocators marked with "malloc" attribute dmalcolm at gcc dot gnu.org
2022-03-25 13:11 ` [Bug analyzer/105022] " dmalcolm at gcc dot gnu.org
@ 2022-03-25 13:36 ` dmalcolm at gcc dot gnu.org
1 sibling, 0 replies; 3+ messages in thread
From: dmalcolm at gcc dot gnu.org @ 2022-03-25 13:36 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105022
David Malcolm <dmalcolm at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Resolution|--- |WONTFIX
Status|UNCONFIRMED |RESOLVED
--- Comment #2 from David Malcolm <dmalcolm at gcc dot gnu.org> ---
There isn't currently a way to express size argument(s) to the "malloc"
attribute. Perhaps we could have a heuristic where if we see a single size_t
argument passed to such a function we assume it's the size - but none of the
examples in the docs work that way. There are also cases analogous to calloc
which take a pair of numeric values.
Resolving this one as WONTFIX (in the absence of a way to express size params
for an allocation).
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2022-03-25 13:36 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-03-22 18:07 [Bug analyzer/105022] New: -Wanalyzer-tainted-allocation-size doesn't warn for custom allocators marked with "malloc" attribute dmalcolm at gcc dot gnu.org
2022-03-25 13:11 ` [Bug analyzer/105022] " dmalcolm at gcc dot gnu.org
2022-03-25 13:36 ` dmalcolm at gcc dot gnu.org
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).