From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mailrelay.tugraz.at (mailrelay.tugraz.at [129.27.2.202]) by sourceware.org (Postfix) with ESMTPS id 457863857C4F for ; Wed, 2 Aug 2023 17:55:16 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 457863857C4F Authentication-Results: sourceware.org; dmarc=pass (p=quarantine dis=none) header.from=tugraz.at Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=tugraz.at Received: from vra-170-35.tugraz.at (vra-170-35.tugraz.at [129.27.170.35]) by mailrelay.tugraz.at (Postfix) with ESMTPSA id 4RGKPp6ywJz3wcR; Wed, 2 Aug 2023 19:55:10 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tugraz.at; s=mailrelay; t=1690998912; bh=5sWeVHOdsjvWOjaPyXKy8mp6y+t/cyAmmtXi+1/YhDQ=; h=Subject:From:To:Cc:Date:In-Reply-To:References; b=oBQd/PBgiJZTPQxIsUdSV+Uuc1zlBTY71VcTNUkVi9UQUq9eD3cbWDqlL8V5jzdaS 1B/l7ZWbNdJWN2VyeZxQ1XaWJINaflzK20zLaGWU5kQ3zcxJl9QA+Y7+k4PszI6CHl 466WRdqFlQBmIwrxBRIi8OyS+Qx/s6O7KnuKEVWw= Message-ID: <83b2a19a3459dcb57cb5fb905e02510468cd0142.camel@tugraz.at> Subject: Re: [C PATCH]: Add Walloc-type to warn about insufficient size in allocations From: Martin Uecker To: Qing Zhao Cc: Prathamesh Kulkarni , "gcc-patches@gcc.gnu.org" , Joseph Myers Date: Wed, 02 Aug 2023 19:55:05 +0200 In-Reply-To: References: <09c7e37362800bf5eacffc8b442d3a84c3f7f817.camel@tugraz.at> Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable User-Agent: Evolution 3.46.4-2 MIME-Version: 1.0 X-TUG-Backscatter-control: G/VXY7/6zeyuAY/PU2/0qw X-Spam-Scanner: SpamAssassin 3.003001 X-Spam-Score-relay: -0.4 X-Scanned-By: MIMEDefang 2.74 on 129.27.10.117 X-Spam-Status: No, score=-4.0 required=5.0 tests=BAYES_00,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,SPF_HELO_NONE,SPF_PASS,TXREP,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: Am Mittwoch, dem 02.08.2023 um 16:45 +0000 schrieb Qing Zhao: >=20 > > On Aug 1, 2023, at 10:31 AM, Martin Uecker wrote: > >=20 > > Am Dienstag, dem 01.08.2023 um 13:27 +0000 schrieb Qing Zhao: > > >=20 > > > > On Aug 1, 2023, at 3:51 AM, Martin Uecker via Gcc-patches wrote: > > > >=20 > >=20 > > .... > > > > > Hi Martin, > > > > > Just wondering if it'd be a good idea perhaps to warn if alloc si= ze is > > > > > not a multiple of TYPE_SIZE_UNIT instead of just less-than ? > > > > > So it can catch cases like: > > > > > int *p =3D malloc (sizeof (int) + 2); // probably intended malloc > > > > > (sizeof (int) * 2) > > > > >=20 > > > > > FWIW, this is caught using -fanalyzer: > > > > > f.c: In function 'f': > > > > > f.c:3:12: warning: allocated buffer size is not a multiple of the > > > > > pointee's size [CWE-131] [-Wanalyzer-allocation-size] > > > > > 3 | int *p =3D __builtin_malloc (sizeof(int) + 2); > > > > > | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > > > > >=20 > > > > > Thanks, > > > > > Prathamesh > > > >=20 > > > > Yes, this is probably a good idea. It might need special > > > > logic for flexible array members then... > > >=20 > > > Why special logic for FAM on such warning? (Not a multiple of TYPE_SI= ZE_UNIT for the element). > > >=20 > >=20 > > For > >=20 > > struct { int n; char buf[]; } *p =3D malloc(sizeof *p + n); > > p->n =3D n; > >=20 > > the size would not be a multiple. >=20 > But n is still a multiple of sizeof (char), right? Do I miss anything her= e? Right, for a struct with FAM we could check that it is sizeof () plus a multiple of the element size of the FAM. Still special logic...=20 Martin > Qing > >=20 > > Martin > >=20 > >=20 > >=20 > >=20 >=20 --=20 Univ.-Prof. Dr. rer. nat. Martin Uecker Graz University of Technology Institute of Biomedical Imaging