From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 10978 invoked by alias); 12 Sep 2013 15:53:19 -0000 Mailing-List: contact gcc-patches-help@gcc.gnu.org; run by ezmlm Precedence: bulk List-Id: List-Archive: List-Post: List-Help: Sender: gcc-patches-owner@gcc.gnu.org Received: (qmail 10939 invoked by uid 89); 12 Sep 2013 15:53:19 -0000 Received: from relay1.mentorg.com (HELO relay1.mentorg.com) (192.94.38.131) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Thu, 12 Sep 2013 15:53:19 +0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-2.7 required=5.0 tests=AWL,BAYES_00,KHOP_THREADED,RDNS_NONE,SPF_HELO_FAIL autolearn=no version=3.3.2 X-HELO: relay1.mentorg.com Received: from svr-orw-exc-10.mgc.mentorg.com ([147.34.98.58]) by relay1.mentorg.com with esmtp id 1VK9Cj-0004fj-HW from joseph_myers@mentor.com ; Thu, 12 Sep 2013 08:53:13 -0700 Received: from SVR-IES-FEM-01.mgc.mentorg.com ([137.202.0.104]) by SVR-ORW-EXC-10.mgc.mentorg.com with Microsoft SMTPSVC(6.0.3790.4675); Thu, 12 Sep 2013 08:52:21 -0700 Received: from digraph.polyomino.org.uk (137.202.0.76) by SVR-IES-FEM-01.mgc.mentorg.com (137.202.0.104) with Microsoft SMTP Server id 14.2.247.3; Thu, 12 Sep 2013 16:52:19 +0100 Received: from jsm28 (helo=localhost) by digraph.polyomino.org.uk with local-esmtp (Exim 4.76) (envelope-from ) id 1VK9Bq-0000Pv-Af; Thu, 12 Sep 2013 15:52:18 +0000 Date: Thu, 12 Sep 2013 16:12:00 -0000 From: "Joseph S. Myers" To: Marek Polacek CC: GCC Patches , Jakub Jelinek , Jason Merrill Subject: Re: [PATCH][ubsan] Add VLA bound instrumentation In-Reply-To: <20130912122655.GN23899@redhat.com> Message-ID: References: <20130912122655.GN23899@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" X-SW-Source: 2013-09/txt/msg00949.txt.bz2 On Thu, 12 Sep 2013, Marek Polacek wrote: > This patch adds the instrumentation of VLA bounds. Basically, it just > checks that the size of a VLA is positive. I.e., We also issue an error > if the size of the VLA is 0. It catches e.g. This is not an objection to this patch, but there are a few other bits of VLA bound instrumentation that could be done as well. If the size has a wide-enough type to be bigger than the target's SIZE_MAX, and is indeed bigger than SIZE_MAX, that could be detected at runtime as well. Or if the multiplication of array size and element size exceeds SIZE_MAX (this covers both elements of constant size, and elements that are themselves VLAs, but the former can be handled more efficiently by comparing against an appropriate constant rather than needing a runtime test for whether a multiplication in size_t overflows). (Actually, I believe sizes (in bytes) greater than target PTRDIFF_MAX, not just SIZE_MAX, should be caught, because pointer subtraction cannot work reliably with larger objects. So it's not just when the size or multiplication overflow size_t, but when they overflow ptrdiff_t.) -- Joseph S. Myers joseph@codesourcery.com