[Bug analyzer/108719] New: RFE: allow specifying argument indexes for __attribute__((tainted_args))

public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed

From: "clopez at suse dot de" <gcc-bugzilla@gcc.gnu.org>
To: gcc-bugs@gcc.gnu.org
Subject: [Bug analyzer/108719] New: RFE: allow specifying argument indexes for __attribute__((tainted_args))
Date: Wed, 08 Feb 2023 15:25:43 +0000	[thread overview]
Message-ID: <bug-108719-4@http.gcc.gnu.org/bugzilla/> (raw)

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=108719

            Bug ID: 108719
           Summary: RFE: allow specifying argument indexes for
                    __attribute__((tainted_args))
           Product: gcc
           Version: 13.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: analyzer
          Assignee: dmalcolm at gcc dot gnu.org
          Reporter: clopez at suse dot de
  Target Milestone: ---

Consider allowing developers to specify which function arguments are tainted,
very much like the nonnull attribute, e.g.:

    __attribute__((tainted_args (2, 3)))

When no indexes are specified, all arguments should be considered tainted -
this is the behavior currently implemented.

Specifically, there is a common pattern for callbacks where the first argument
corresponds to untainted data (often either a structure provided by caller of
the callback or some opaque pointer requested by the callee). A prime example
of this are Linux device drivers, where the first parameter is a
kernel-provided structure:

    struct file_operations {
        ...
        ssize_t (*read) (struct file *, char *, size_t, loff_t *);
        ssize_t (*write) (struct file *, const char *, size_t, loff_t *);
        ...
    }

Another example would be qemu MMIO callbacks:

    struct MemoryRegionOps {
        uint64_t (*read)(void *opaque, hwaddr addr, unsigned size);
        void (*write)(void *opaque, hwaddr addr, uint64_t data, unsigned size);
        ...
    }

                 reply	other threads:[~2023-02-08 15:25 UTC|newest]

Thread overview: [no followups] expand[flat|nested]  mbox.gz  Atom feed

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=bug-108719-4@http.gcc.gnu.org/bugzilla/ \
    --to=gcc-bugzilla@gcc.gnu.org \
    --cc=gcc-bugs@gcc.gnu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).