From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SRS0=W9qQ=DS=tugraz.at=uecker@sourceware.org>
Received: from mailrelay.tugraz.at (mailrelay.tugraz.at [129.27.2.202])
	by sourceware.org (Postfix) with ESMTPS id 8A5613858430
	for <gcc-patches@gcc.gnu.org>; Tue,  1 Aug 2023 14:31:51 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 8A5613858430
Authentication-Results: sourceware.org; dmarc=pass (p=quarantine dis=none) header.from=tugraz.at
Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=tugraz.at
Received: from fbmtpc21.tugraz.at (fbmtpc21.tugraz.at [129.27.144.40])
	by mailrelay.tugraz.at (Postfix) with ESMTPSA id 4RFcxb6F0fz3wR8;
	Tue,  1 Aug 2023 16:31:47 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tugraz.at;
	s=mailrelay; t=1690900308;
	bh=mhNVsQ20fPrexFCYJmwiq7lEyOJtwAiIFLhZlMcA6SM=;
	h=Subject:From:To:Cc:Date:In-Reply-To:References;
	b=e0d81jS/0cNbwstue1EwNhFvAYoU2uAbtZIQtdNXun9tQdleBjDPK41qTyUgP4kT/
	 veW2rrclLfRIdxaoe2ous/CPl4+Jn5d64myJrhvAJr2a+lPGzT2iu16BnDb0MpEul/
	 O7DZU+l/2rGQwLcT7qFz6HYM/LhEYWBMbmXSdr1M=
Message-ID: <09c7e37362800bf5eacffc8b442d3a84c3f7f817.camel@tugraz.at>
Subject: Re: [C PATCH]: Add Walloc-type to warn about insufficient size in
 allocations
From: Martin Uecker <uecker@tugraz.at>
To: Qing Zhao <qing.zhao@oracle.com>
Cc: Prathamesh Kulkarni <prathamesh.kulkarni@linaro.org>, 
	"gcc-patches@gcc.gnu.org"
	 <gcc-patches@gcc.gnu.org>, Joseph Myers <joseph@codesourcery.com>
Date: Tue, 01 Aug 2023 16:31:47 +0200
In-Reply-To: <B9A0E993-016A-45C5-8568-E8F25751CF4D@oracle.com>
References: <f7af59d52ac0b134bd6617b8f45673c63981e13a.camel@tugraz.at>
	 <CAAgBjMkx_6dOdSk4+ZcA_8g5pzV0X2MfndOrxK3sOS7=8CdAWQ@mail.gmail.com>
	 <f0bda7b6ba670bf2ae7d3e777ebe74c794f73497.camel@tugraz.at>
	 <B9A0E993-016A-45C5-8568-E8F25751CF4D@oracle.com>
Content-Type: text/plain; charset="UTF-8"
User-Agent: Evolution 3.38.3-1+deb11u2 
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-TUG-Backscatter-control: G/VXY7/6zeyuAY/PU2/0qw
X-Spam-Scanner: SpamAssassin 3.003001 
X-Spam-Score-relay: -0.4
X-Scanned-By: MIMEDefang 2.74 on 129.27.10.116
X-Spam-Status: No, score=-3.1 required=5.0 tests=BAYES_00,BODY_8BITS,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,SPF_HELO_NONE,SPF_PASS,TXREP,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org
List-Id: <gcc-patches.gcc.gnu.org>

Am Dienstag, dem 01.08.2023 um 13:27 +0000 schrieb Qing Zhao:
> 
> > On Aug 1, 2023, at 3:51 AM, Martin Uecker via Gcc-patches <gcc-patches@gcc.gnu.org> wrote:
> > 

....
> > > Hi Martin,
> > > Just wondering if it'd be a good idea perhaps to warn if alloc size is
> > > not a multiple of TYPE_SIZE_UNIT instead of just less-than ?
> > > So it can catch cases like:
> > > int *p = malloc (sizeof (int) + 2); // probably intended malloc
> > > (sizeof (int) * 2)
> > > 
> > > FWIW, this is caught using -fanalyzer:
> > > f.c: In function 'f':
> > > f.c:3:12: warning: allocated buffer size is not a multiple of the
> > > pointee's size [CWE-131] [-Wanalyzer-allocation-size]
> > >    3 |   int *p = __builtin_malloc (sizeof(int) + 2);
> > >      |            ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> > > 
> > > Thanks,
> > > Prathamesh
> > 
> > Yes, this is probably a good idea.  It might need special
> > logic for flexible array members then...
> 
> Why special logic for FAM on such warning? (Not a multiple of TYPE_SIZE_UNIT for the element).
> 

For

struct { int n; char buf[]; } *p = malloc(sizeof *p + n);
p->n = n;

the size would not be a multiple.

Martin