From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 117323 invoked by alias); 14 Aug 2017 17:12:57 -0000 Mailing-List: contact gcc-patches-help@gcc.gnu.org; run by ezmlm Precedence: bulk List-Id: List-Archive: List-Post: List-Help: Sender: gcc-patches-owner@gcc.gnu.org Received: (qmail 113304 invoked by uid 89); 14 Aug 2017 17:12:54 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-24.9 required=5.0 tests=AWL,BAYES_00,FREEMAIL_FROM,GIT_PATCH_0,GIT_PATCH_1,GIT_PATCH_2,GIT_PATCH_3,RCVD_IN_DNSWL_NONE,RCVD_IN_SORBS_SPAM,SPF_PASS autolearn=ham version=3.3.2 spammy= X-HELO: mail-qk0-f176.google.com Received: from mail-qk0-f176.google.com (HELO mail-qk0-f176.google.com) (209.85.220.176) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Mon, 14 Aug 2017 17:12:53 +0000 Received: by mail-qk0-f176.google.com with SMTP id x191so53658885qka.5 for ; Mon, 14 Aug 2017 10:12:52 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-transfer-encoding; bh=Pixvgn6lMOvCx4HTf59L/EMuDfP5UTwlRy6jeT8/urk=; b=Zbw3KOIAge+vYtGFx9Jc8BvLxBvgPA3k/4Kow6l8pe3uq8YBJ92c0z2ZY+e+MDhuof JrRwfYORDvBmt2vNufj7gI/2vVylaoqG2B6Ng0CF+6ZfcfUQzqs8IR3MWfD03StB+Sru 2l9zfmojHzaKrXXheQY8NeEOoZkZribvNa+587CGtG3REh0xWCGdX/0cpQwW9sHE8Pfh 9y5JlCm3mNn3Zg47TBZIBDJpVYjezKsgwxfGHhrEfjpfOfkGG5/1XKYYbcJou5Wd9xok XBGe4kjFWQ7LUec9CxDO6li3xeaRjUi81yWmDGT1DmfsOAnzEQeQht23n9dgGsW/sUKX ozkQ== X-Gm-Message-State: AHYfb5iU46zoYDUdVvi2A9AwMKD33eg9/3tLyvmLQYr/BFgLszonZ8G9 WWOQeVduIS6Sg9Og X-Received: by 10.55.46.66 with SMTP id u63mr32589834qkh.333.1502730771260; Mon, 14 Aug 2017 10:12:51 -0700 (PDT) Received: from localhost.localdomain (174-16-125-25.hlrn.qwest.net. [174.16.125.25]) by smtp.gmail.com with ESMTPSA id 55sm5780965qtm.51.2017.08.14.10.12.50 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 14 Aug 2017 10:12:50 -0700 (PDT) Subject: Re: [PATCH 2/4] enhance overflow and truncation detection in strncpy and strncat (PR 81117) To: Jeff Law , Gcc Patch List References: <13944863-99a8-4144-1703-c6e1a2f36425@gmail.com> <0bbc91cd-fcdb-be61-e1d0-4b230f23b1a9@redhat.com> <4f4fbd4c-cb46-b80d-5749-ebb6bb050bc4@gmail.com> <164d8b08-ced6-f2b2-ae6e-ee96afebb52e@gmail.com> <492f0259-d37a-d20d-28b5-64fc24439415@redhat.com> From: Martin Sebor Message-ID: <03941b60-209b-7e58-6ddb-74c785464cf1@gmail.com> Date: Mon, 14 Aug 2017 18:04:00 -0000 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.8.0 MIME-Version: 1.0 In-Reply-To: <492f0259-d37a-d20d-28b5-64fc24439415@redhat.com> Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit X-IsSubscribed: yes X-SW-Source: 2017-08/txt/msg00885.txt.bz2 On 08/09/2017 11:00 PM, Jeff Law wrote: > On 08/06/2017 02:07 PM, Martin Sebor wrote: >> Part 2 of the series adds attribute nostring to annotate arrays >> of and pointers to char with that are intended to store sequences >> of characters that aren't necessarily valid (nul-terminated) >> strings. In the subsequent patch the attribute is relied on to >> avoid diagnosing strcncpy calls that truncate strings and create >> such copies. In the future I'd like to also use the attribute >> to diagnose when arrays or pointers with the attribute are passed >> to functions that expect nul-terminated strings (such as strlen >> or strcpy). >> >> Martin >> >> >> gcc-81117-2.diff >> >> >> PR c/81117 - Improve buffer overflow checking in strncpy >> >> gcc/ChangeLog: >> >> PR c/81117 >> * builtin-attrs.def (attribute nonstring): New. >> * doc/extend.texi (attribute nonstring): Document new attribute. >> >> gcc/c-family/ChangeLog: >> >> PR c/81117 >> * c-attribs.c (c_common_attribute_table): Add nonstring entry. >> (handle_nonstring_attribute): New function. >> >> gcc/testsuite/ChangeLog: >> >> PR c/81117 >> * c-c++-common/attr-nonstring-1.c: New test. >> >> --- a/gcc/builtin-attrs.def >> +++ b/gcc/builtin-attrs.def >> @@ -93,6 +93,7 @@ DEF_ATTR_IDENT (ATTR_FORMAT, "format") >> DEF_ATTR_IDENT (ATTR_FORMAT_ARG, "format_arg") >> DEF_ATTR_IDENT (ATTR_MALLOC, "malloc") >> DEF_ATTR_IDENT (ATTR_NONNULL, "nonnull") >> +DEF_ATTR_IDENT (ATTR_NONSTRING, "nonstring") >> DEF_ATTR_IDENT (ATTR_NORETURN, "noreturn") >> DEF_ATTR_IDENT (ATTR_NOTHROW, "nothrow") >> DEF_ATTR_IDENT (ATTR_LEAF, "leaf") > So all the attributes here are associated with functions I believe. > You're defining a variable attribute. In fact, I'm not even sure that > variable attributes get a DEF_ATTR_ I assumed every attribute needed to define an identifier but nothing broke after I removed it so it looks like you're right variable attributes don't need one. Go figure. It would be nice if there was a comment above the block that mentioned that. I'll try to remember to add one separately. >> diff --git a/gcc/doc/extend.texi b/gcc/doc/extend.texi >> index b253ccc..1954ca5 100644 >> --- a/gcc/doc/extend.texi >> +++ b/gcc/doc/extend.texi >> @@ -5835,6 +5835,30 @@ The @code{deprecated} attribute can also be used for functions and >> types (@pxref{Common Function Attributes}, >> @pxref{Common Type Attributes}). >> >> +@item nonstring (@var{nonstring}) >> +@cindex @code{nonstring} variable attribute >> +The @code{nonstring} variable attribute specifies that an object or member >> +declaration with type array of @code{char} or pointer to @code{char} is >> +intended to store character arrays that do not necessarily contain >> +a terminating @code{NUL} character. This is useful to avoid warnings >> +when such an array or pointer is used as an argument to a bounded string >> +manipulation function such as @code{strncpy}. For example, without the >> +attribute, GCC will issue a warning for the call below because it may >> +truncate the copy without appending the terminating NUL character. Using >> +the attribute makes it possible to suppress the warning. > [ ... ] > I think this is in the wrong section, I believe it belongs in the > "Variable Attributes" section. It is in the Variable Attributes section. The "pxref{Common Type Attributes})." reference above is just a cross-reference to the Type Attributes section. > Assuming you don't actually need the ATTR_NONSTRING, this patch is fine > with that hunk removed and the documentation moved into the right section. Okay, thanks. Martin