From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 11440 invoked by alias); 13 Sep 2013 16:52:36 -0000 Mailing-List: contact gcc-patches-help@gcc.gnu.org; run by ezmlm Precedence: bulk List-Id: List-Archive: List-Post: List-Help: Sender: gcc-patches-owner@gcc.gnu.org Received: (qmail 11431 invoked by uid 89); 13 Sep 2013 16:52:36 -0000 Received: from relay1.mentorg.com (HELO relay1.mentorg.com) (192.94.38.131) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Fri, 13 Sep 2013 16:52:36 +0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-2.7 required=5.0 tests=AWL,BAYES_00,KHOP_THREADED,RDNS_NONE,SPF_HELO_FAIL autolearn=no version=3.3.2 X-HELO: relay1.mentorg.com Received: from svr-orw-exc-10.mgc.mentorg.com ([147.34.98.58]) by relay1.mentorg.com with esmtp id 1VKWbe-0002Q7-Rx from joseph_myers@mentor.com ; Fri, 13 Sep 2013 09:52:30 -0700 Received: from SVR-IES-FEM-01.mgc.mentorg.com ([137.202.0.104]) by SVR-ORW-EXC-10.mgc.mentorg.com with Microsoft SMTPSVC(6.0.3790.4675); Fri, 13 Sep 2013 09:52:30 -0700 Received: from digraph.polyomino.org.uk (137.202.0.76) by SVR-IES-FEM-01.mgc.mentorg.com (137.202.0.104) with Microsoft SMTP Server id 14.2.247.3; Fri, 13 Sep 2013 17:52:29 +0100 Received: from jsm28 (helo=localhost) by digraph.polyomino.org.uk with local-esmtp (Exim 4.76) (envelope-from ) id 1VKWbb-0004Id-V2; Fri, 13 Sep 2013 16:52:28 +0000 Date: Fri, 13 Sep 2013 18:01:00 -0000 From: "Joseph S. Myers" To: Marek Polacek CC: GCC Patches , Jakub Jelinek , Jason Merrill Subject: Re: [PATCH][ubsan] Add VLA bound instrumentation In-Reply-To: <20130913095030.GS23899@redhat.com> Message-ID: References: <20130912122655.GN23899@redhat.com> <20130913095030.GS23899@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" X-SW-Source: 2013-09/txt/msg01057.txt.bz2 On Fri, 13 Sep 2013, Marek Polacek wrote: > On Thu, Sep 12, 2013 at 04:05:48PM +0000, Joseph S. Myers wrote: > > cause stack overflow that doesn't get detected by the kernel. So maybe > > ubsan should imply -fstack-check or similar. > > Well, I have a patch for that, but I no longer think that ubsan should > imply -fstack-check, since e.g. > > int > main (void) > { > int x = -1; > int b[x - 4]; > /* ... */ > return 0; > } > > segfaults at runtime on int b[x - 4]; line when -fstack-check is used > (even without sanitizing), so we wouldn't give proper diagnostics > for stmts following that line... A guaranteed segfault is better than doing something undefined. But I'd expect sanitizing to make the initial check that the array size in bytes is in the range [1, PTRDIFF_MAX] and -fstack-check only to come into play if that passes (for sizes that are too large for the stack limit in effect at runtime although within the range that is in principle valid). You probably don't want to enable -fstack-check from ubsan until the checks for the range [1, PTRDIFF_MAX] are in place. (Those checks, incidentally, would need to apply not just to arrays whose specified size is variable, but also to constant-size arrays of variable-size arrays - if you have a VLA type, then define an array VLA array[10]; then you need to check that the result of the multiplication of sizes in bytes doesn't exceed PTRDIFF_MAX. So the more general checks can't all go in the place where you're inserting the checks for a single variable size in isolation.) -- Joseph S. Myers joseph@codesourcery.com