public inbox for gcc-bugs@sourceware.org help / color / mirror / Atom feed
* [Bug analyzer/105900] New: RFE: -fanalyzer could check malloc sizes when casting the result to a pointer
@ 2022-06-08 15:05 dmalcolm at gcc dot gnu.org
2022-06-16 12:54 ` [Bug analyzer/105900] " dmalcolm at gcc dot gnu.org
` (4 more replies)
0 siblings, 5 replies; 6+ messages in thread
From: dmalcolm at gcc dot gnu.org @ 2022-06-08 15:05 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105900
Bug ID: 105900
Summary: RFE: -fanalyzer could check malloc sizes when casting
the result to a pointer
Product: gcc
Version: 12.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: analyzer
Assignee: dmalcolm at gcc dot gnu.org
Reporter: dmalcolm at gcc dot gnu.org
Blocks: 105887
Target Milestone: ---
See:
https://clang.llvm.org/docs/analyzer/checkers.html#unix-mallocsizeof-c
Tim Lange has expressed an interest in implementing this as part of GSoC 2022.
Referenced Bugs:
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105887
[Bug 105887] RFE: clang analyzer warnings that GCC's -fanalyzer could implement
^ permalink raw reply [flat|nested] 6+ messages in thread* [Bug analyzer/105900] RFE: -fanalyzer could check malloc sizes when casting the result to a pointer 2022-06-08 15:05 [Bug analyzer/105900] New: RFE: -fanalyzer could check malloc sizes when casting the result to a pointer dmalcolm at gcc dot gnu.org @ 2022-06-16 12:54 ` dmalcolm at gcc dot gnu.org 2022-06-16 13:48 ` dmalcolm at gcc dot gnu.org ` (3 subsequent siblings) 4 siblings, 0 replies; 6+ messages in thread From: dmalcolm at gcc dot gnu.org @ 2022-06-16 12:54 UTC (permalink / raw) To: gcc-bugs https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105900 --- Comment #1 from David Malcolm <dmalcolm at gcc dot gnu.org> --- See https://cwe.mitre.org/data/definitions/131.html e.g. example 5. See also: https://clang.llvm.org/docs/analyzer/checkers.html#alpha-security-mallocoverflow-c (CWE 131's example 2 has a case of this) ^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug analyzer/105900] RFE: -fanalyzer could check malloc sizes when casting the result to a pointer 2022-06-08 15:05 [Bug analyzer/105900] New: RFE: -fanalyzer could check malloc sizes when casting the result to a pointer dmalcolm at gcc dot gnu.org 2022-06-16 12:54 ` [Bug analyzer/105900] " dmalcolm at gcc dot gnu.org @ 2022-06-16 13:48 ` dmalcolm at gcc dot gnu.org 2022-06-17 15:55 ` tlange at gcc dot gnu.org ` (2 subsequent siblings) 4 siblings, 0 replies; 6+ messages in thread From: dmalcolm at gcc dot gnu.org @ 2022-06-16 13:48 UTC (permalink / raw) To: gcc-bugs https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105900 --- Comment #2 from David Malcolm <dmalcolm at gcc dot gnu.org> --- See also: https://cwe.mitre.org/data/definitions/467.html ^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug analyzer/105900] RFE: -fanalyzer could check malloc sizes when casting the result to a pointer 2022-06-08 15:05 [Bug analyzer/105900] New: RFE: -fanalyzer could check malloc sizes when casting the result to a pointer dmalcolm at gcc dot gnu.org 2022-06-16 12:54 ` [Bug analyzer/105900] " dmalcolm at gcc dot gnu.org 2022-06-16 13:48 ` dmalcolm at gcc dot gnu.org @ 2022-06-17 15:55 ` tlange at gcc dot gnu.org 2022-07-02 17:08 ` cvs-commit at gcc dot gnu.org 2022-07-02 17:11 ` tlange at gcc dot gnu.org 4 siblings, 0 replies; 6+ messages in thread From: tlange at gcc dot gnu.org @ 2022-06-17 15:55 UTC (permalink / raw) To: gcc-bugs https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105900 --- Comment #3 from Tim Lange <tlange at gcc dot gnu.org> --- See also this mailing list thread: https://gcc.gnu.org/pipermail/gcc/2022-June/238907.html ^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug analyzer/105900] RFE: -fanalyzer could check malloc sizes when casting the result to a pointer 2022-06-08 15:05 [Bug analyzer/105900] New: RFE: -fanalyzer could check malloc sizes when casting the result to a pointer dmalcolm at gcc dot gnu.org ` (2 preceding siblings ...) 2022-06-17 15:55 ` tlange at gcc dot gnu.org @ 2022-07-02 17:08 ` cvs-commit at gcc dot gnu.org 2022-07-02 17:11 ` tlange at gcc dot gnu.org 4 siblings, 0 replies; 6+ messages in thread From: cvs-commit at gcc dot gnu.org @ 2022-07-02 17:08 UTC (permalink / raw) To: gcc-bugs https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105900 --- Comment #4 from CVS Commits <cvs-commit at gcc dot gnu.org> --- The master branch has been updated by Tim Lange <tlange@gcc.gnu.org>: https://gcc.gnu.org/g:e6c3bb379f515b27268d08e62b4b3e5d7200b437 commit r13-1405-ge6c3bb379f515b27268d08e62b4b3e5d7200b437 Author: Tim Lange <mail@tim-lange.me> Date: Fri Jul 1 00:02:17 2022 +0200 analyzer: add allocation size checker [PR105900] This patch adds an checker that warns about code paths in which a buffer is assigned to a incompatible type, i.e. when the allocated buffer size is not a multiple of the pointee's size. Regression-tested on x86_64 Linux. Also compiled coreutils, curl, openssh and httpd with the patch enabled. 2022-07-01 Tim Lange <mail@tim-lange.me> gcc/analyzer/ChangeLog: PR analyzer/105900 * analyzer.opt: Added Wanalyzer-allocation-size. * checker-path.cc (region_creation_event::get_desc): Added call to new virtual function pending_diagnostic::describe_region_creation_event. * checker-path.h: Added region_creation_event::get_desc. * diagnostic-manager.cc (diagnostic_manager::add_event_on_final_node): New function. * diagnostic-manager.h: Added diagnostic_manager::add_event_on_final_node. * pending-diagnostic.h (struct region_creation): New event_desc struct. (pending_diagnostic::describe_region_creation_event): Added virtual function to overwrite description of a region creation. * region-model.cc (class dubious_allocation_size): New class. (capacity_compatible_with_type): New helper function. (class size_visitor): New class. (struct_or_union_with_inheritance_p): New helper function. (is_any_cast_p): New helper function. (region_model::check_region_size): New function. (region_model::set_value): Added call to region_model::check_region_size. * region-model.h (class region_model): New function check_region_size. * svalue.cc (region_svalue::accept): Changed to post-order traversal. (initial_svalue::accept): Likewise. (unaryop_svalue::accept): Likewise. (binop_svalue::accept): Likewise. (sub_svalue::accept): Likewise. (repeated_svalue::accept): Likewise. (bits_within_svalue::accept): Likewise. (widening_svalue::accept): Likewise. (unmergeable_svalue::accept): Likewise. (compound_svalue::accept): Likewise. (conjured_svalue::accept): Likewise. (asm_output_svalue::accept): Likewise. (const_fn_result_svalue::accept): Likewise. gcc/ChangeLog: PR analyzer/105900 * doc/invoke.texi: Added Wanalyzer-allocation-size. gcc/testsuite/ChangeLog: PR analyzer/105900 * gcc.dg/analyzer/pr96639.c: Changed buffer size to omit warning. * gcc.dg/analyzer/allocation-size-1.c: New test. * gcc.dg/analyzer/allocation-size-2.c: New test. * gcc.dg/analyzer/allocation-size-3.c: New test. * gcc.dg/analyzer/allocation-size-4.c: New test. * gcc.dg/analyzer/allocation-size-5.c: New test. Signed-off-by: Tim Lange <mail@tim-lange.me> ^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug analyzer/105900] RFE: -fanalyzer could check malloc sizes when casting the result to a pointer 2022-06-08 15:05 [Bug analyzer/105900] New: RFE: -fanalyzer could check malloc sizes when casting the result to a pointer dmalcolm at gcc dot gnu.org ` (3 preceding siblings ...) 2022-07-02 17:08 ` cvs-commit at gcc dot gnu.org @ 2022-07-02 17:11 ` tlange at gcc dot gnu.org 4 siblings, 0 replies; 6+ messages in thread From: tlange at gcc dot gnu.org @ 2022-07-02 17:11 UTC (permalink / raw) To: gcc-bugs https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105900 Tim Lange <tlange at gcc dot gnu.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |FIXED Status|UNCONFIRMED |RESOLVED --- Comment #5 from Tim Lange <tlange at gcc dot gnu.org> --- Committed my patch to master. ^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2022-07-02 17:11 UTC | newest] Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2022-06-08 15:05 [Bug analyzer/105900] New: RFE: -fanalyzer could check malloc sizes when casting the result to a pointer dmalcolm at gcc dot gnu.org 2022-06-16 12:54 ` [Bug analyzer/105900] " dmalcolm at gcc dot gnu.org 2022-06-16 13:48 ` dmalcolm at gcc dot gnu.org 2022-06-17 15:55 ` tlange at gcc dot gnu.org 2022-07-02 17:08 ` cvs-commit at gcc dot gnu.org 2022-07-02 17:11 ` tlange at gcc dot gnu.org
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).