public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug c/35592] New: Want attribute to enable precision loss warning
@ 2008-03-14 19:18 felix-gcc at fefe dot de
2008-03-14 19:20 ` [Bug c/35592] " pinskia at gcc dot gnu dot org
` (5 more replies)
0 siblings, 6 replies; 7+ messages in thread
From: felix-gcc at fefe dot de @ 2008-03-14 19:18 UTC (permalink / raw)
To: gcc-bugs
gcc has a warning if one assigns a pointer to an integer of lower width.
I would like to have a way to be warned if someone calls malloc(long long) on
32-bit platforms. A general warning about integer truncation would generate
lots of spam, so I suggest adding a way to say "if an integer given to this
function is implicitly truncated, that's a bug). The main target would be
malloc and malloc-like functions, obviously.
--
Summary: Want attribute to enable precision loss warning
Product: gcc
Version: 4.3.0
Status: UNCONFIRMED
Severity: enhancement
Priority: P3
Component: c
AssignedTo: unassigned at gcc dot gnu dot org
ReportedBy: felix-gcc at fefe dot de
GCC build triplet: x86_64-unknown-linux-gnu
GCC host triplet: x86_64-unknown-linux-gnu
GCC target triplet: x86_64-unknown-linux-gnu
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=35592
^ permalink raw reply [flat|nested] 7+ messages in thread
* [Bug c/35592] Want attribute to enable precision loss warning
2008-03-14 19:18 [Bug c/35592] New: Want attribute to enable precision loss warning felix-gcc at fefe dot de
@ 2008-03-14 19:20 ` pinskia at gcc dot gnu dot org
2008-03-14 19:59 ` felix-gcc at fefe dot de
` (4 subsequent siblings)
5 siblings, 0 replies; 7+ messages in thread
From: pinskia at gcc dot gnu dot org @ 2008-03-14 19:20 UTC (permalink / raw)
To: gcc-bugs
------- Comment #1 from pinskia at gcc dot gnu dot org 2008-03-14 19:20 -------
You should try -Wconversion .
--
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=35592
^ permalink raw reply [flat|nested] 7+ messages in thread
* [Bug c/35592] Want attribute to enable precision loss warning
2008-03-14 19:18 [Bug c/35592] New: Want attribute to enable precision loss warning felix-gcc at fefe dot de
2008-03-14 19:20 ` [Bug c/35592] " pinskia at gcc dot gnu dot org
@ 2008-03-14 19:59 ` felix-gcc at fefe dot de
2008-04-01 2:54 ` manu at gcc dot gnu dot org
` (3 subsequent siblings)
5 siblings, 0 replies; 7+ messages in thread
From: felix-gcc at fefe dot de @ 2008-03-14 19:59 UTC (permalink / raw)
To: gcc-bugs
------- Comment #2 from felix-gcc at fefe dot de 2008-03-14 19:58 -------
I am aware of -Wconversion, but I am not interested in ALL conversion
truncations. Truncation happens to be a security issue in a few cases, in many
other cases it would just be a regular bug. My suggestions aims to isolate the
security relevant cases, for the rest we have -Wconversion.
If the size_t given to memcpy is truncated, that does not overwrite a buffer.
But if the size_t given to malloc is truncated, that is a pretty surefire way
to find a security issue.
--
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=35592
^ permalink raw reply [flat|nested] 7+ messages in thread
* [Bug c/35592] Want attribute to enable precision loss warning
2008-03-14 19:18 [Bug c/35592] New: Want attribute to enable precision loss warning felix-gcc at fefe dot de
2008-03-14 19:20 ` [Bug c/35592] " pinskia at gcc dot gnu dot org
2008-03-14 19:59 ` felix-gcc at fefe dot de
@ 2008-04-01 2:54 ` manu at gcc dot gnu dot org
2008-04-01 16:10 ` felix-gcc at fefe dot de
` (2 subsequent siblings)
5 siblings, 0 replies; 7+ messages in thread
From: manu at gcc dot gnu dot org @ 2008-04-01 2:54 UTC (permalink / raw)
To: gcc-bugs
------- Comment #3 from manu at gcc dot gnu dot org 2008-04-01 02:53 -------
(In reply to comment #2)
>
> If the size_t given to memcpy is truncated, that does not overwrite a buffer.
> But if the size_t given to malloc is truncated, that is a pretty surefire way
> to find a security issue.
I guess that depends on how the conversion occurs:
int i = -5;
...
memcpy (dest, src, i);
I would have trouble defining which cases are security issues.
On the other hand, the truncation may actually take place far from where malloc
is called:
size_t len = 999999999999999LL;
...
buffer = malloc (len);
not sure how your proposal could handle that.
--
manu at gcc dot gnu dot org changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |manu at gcc dot gnu dot org
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=35592
^ permalink raw reply [flat|nested] 7+ messages in thread
* [Bug c/35592] Want attribute to enable precision loss warning
2008-03-14 19:18 [Bug c/35592] New: Want attribute to enable precision loss warning felix-gcc at fefe dot de
` (2 preceding siblings ...)
2008-04-01 2:54 ` manu at gcc dot gnu dot org
@ 2008-04-01 16:10 ` felix-gcc at fefe dot de
2008-04-01 19:18 ` rguenth at gcc dot gnu dot org
2008-04-01 19:35 ` felix-gcc at fefe dot de
5 siblings, 0 replies; 7+ messages in thread
From: felix-gcc at fefe dot de @ 2008-04-01 16:10 UTC (permalink / raw)
To: gcc-bugs
------- Comment #4 from felix-gcc at fefe dot de 2008-04-01 16:09 -------
I'm not familiar enough with how gcc works to say whether warning about
precision loss that turns out important later on can be done at all.
But I think we should not reject an idea because it only handles 60% of the
cases. Instead we should be happy we only have to worry about the other 40%,
not about 100% from then on.
I agree that signed int to size_t conversion for memcpy should also be warned
about by some attribute. Could be done by the same attribute.
--
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=35592
^ permalink raw reply [flat|nested] 7+ messages in thread
* [Bug c/35592] Want attribute to enable precision loss warning
2008-03-14 19:18 [Bug c/35592] New: Want attribute to enable precision loss warning felix-gcc at fefe dot de
` (3 preceding siblings ...)
2008-04-01 16:10 ` felix-gcc at fefe dot de
@ 2008-04-01 19:18 ` rguenth at gcc dot gnu dot org
2008-04-01 19:35 ` felix-gcc at fefe dot de
5 siblings, 0 replies; 7+ messages in thread
From: rguenth at gcc dot gnu dot org @ 2008-04-01 19:18 UTC (permalink / raw)
To: gcc-bugs
------- Comment #5 from rguenth at gcc dot gnu dot org 2008-04-01 19:18 -------
Can you cook up some code examples where you'd like to see a warning?
--
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=35592
^ permalink raw reply [flat|nested] 7+ messages in thread
* [Bug c/35592] Want attribute to enable precision loss warning
2008-03-14 19:18 [Bug c/35592] New: Want attribute to enable precision loss warning felix-gcc at fefe dot de
` (4 preceding siblings ...)
2008-04-01 19:18 ` rguenth at gcc dot gnu dot org
@ 2008-04-01 19:35 ` felix-gcc at fefe dot de
5 siblings, 0 replies; 7+ messages in thread
From: felix-gcc at fefe dot de @ 2008-04-01 19:35 UTC (permalink / raw)
To: gcc-bugs
------- Comment #6 from felix-gcc at fefe dot de 2008-04-01 19:34 -------
Sure. For example:
char* c=malloc(lseek(somefd,0,SEEK_END);
on a platform where off_t is 64-bit, but where size_t is 32-bit. For example:
i686-linux with #define _FILE_OFFSET_BITS 64.
Now that I'm thinking about it, would it be possible to have a generic overflow
warning in that context? For example,
malloc(p->len+1)
So that gcc sees I'm adding something there, and if the range is not clamped
down before that gives an error?
--
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=35592
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2008-04-01 19:35 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2008-03-14 19:18 [Bug c/35592] New: Want attribute to enable precision loss warning felix-gcc at fefe dot de
2008-03-14 19:20 ` [Bug c/35592] " pinskia at gcc dot gnu dot org
2008-03-14 19:59 ` felix-gcc at fefe dot de
2008-04-01 2:54 ` manu at gcc dot gnu dot org
2008-04-01 16:10 ` felix-gcc at fefe dot de
2008-04-01 19:18 ` rguenth at gcc dot gnu dot org
2008-04-01 19:35 ` felix-gcc at fefe dot de
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).