public inbox for gcc-patches@gcc.gnu.org
 help / color / mirror / Atom feed
From: Martin Sebor <msebor@gmail.com>
To: gcc-patches <gcc-patches@gcc.gnu.org>
Subject: [PING][PATCH] extend -Wstringop-overflow to allocated objects (PR 91582)
Date: Mon, 18 Nov 2019 18:23:00 -0000	[thread overview]
Message-ID: <cd014ffb-5f72-6c9b-10e9-e97da10708ba@gmail.com> (raw)
In-Reply-To: <5b68c166-e94b-2660-04f3-e3fafe69112c@gmail.com>

Ping: https://gcc.gnu.org/ml/gcc-patches/2019-11/msg00652.html

On 11/8/19 3:11 PM, Martin Sebor wrote:
> Unless it's used with _FORTIFY_SOURCE, -Wstringop-overflow
> doesn't consider out-of-bounds accesses to objects allocated
> by alloca, malloc, other functions declared with attribute
> alloc_size, or even VLAs with variable bounds.  This was
> a known limitation of the checks (done just before expansion)
> relying on the the object size pass when they were introduced
> in GCC 7.
> 
> But since its introduction in GCC 7, the warning has evolved
> beyond some of the limitations of the object size pass.  Unlike
> it, the warning considers non-constant offsets and stores with
> non-constant sizes.  Attached is a simple enhancement that
> (finally) adds the ability to also detect overflow in allocated
> objects to the warning.
> 
> With the patch GCC detects the overflow in code like this:
> 
>    char* f (void)
>    {
>      char s[] = "12345";
>      char *p = malloc (strlen (s));
>      strcpy (p, s);   // warning here
>      return p;
>    }
> 
> but not (yet) in something like this:
> 
>    char* g (const char *s)
>    {
>      char *p = malloc (strlen (s));
>      strcpy (p, s);   // no warning (yet)
>      return p;
>    }
> 
> and quite a few other examples.  Doing better requires extending
> the strlen pass.  I'm working on this extension and expect to
> submit a patch before stage 1 ends.
> 
> Martin
> 
> PS I was originally planning to do all the allocation checking
> in the strlen pass but it occurred to me that by also enhancing
> the compute_objsize function, all warnings that use it will
> benefit.  Besides -Wstringop-overflow this includes a subset
> of -Warray-bounds, -Wformat-overflow, and -Wrestrict.  It's
> nice when a small enhancement has such a broad positive effect.

  reply	other threads:[~2019-11-18 18:22 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-11-08 22:11 [PATCH] " Martin Sebor
2019-11-18 18:23 ` Martin Sebor [this message]
2019-11-25 17:54   ` [PING 2][PATCH] " Martin Sebor
2019-12-02 17:06 ` [PATCH] " Jeff Law
2019-12-05  1:37   ` Martin Sebor
2019-12-06 15:44     ` Christophe Lyon
2019-12-06 17:03       ` Martin Sebor

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=cd014ffb-5f72-6c9b-10e9-e97da10708ba@gmail.com \
    --to=msebor@gmail.com \
    --cc=gcc-patches@gcc.gnu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).