From: Martin Sebor <msebor@gmail.com>
To: Gcc Patch List <gcc-patches@gcc.gnu.org>, Jeff Law <law@redhat.com>
Subject: [PATCH 0/6] improve handling of char arrays with missing nul (PR 86552, 86711, 86714)
Date: Mon, 13 Aug 2018 21:23:00 -0000 [thread overview]
Message-ID: <fcafd5f3-b8fa-faa3-29f4-41fab9d927c8@gmail.com> (raw)
In-Reply-To: <ff946355-efec-e286-d7b7-1505a8acc55b@gmail.com>
To make reviewing the changes easier I've split up the patch
into a series:
1. Detection of nul-terminated constant arrays to prevent early
folding. This resolves PR 86711 - wrong folding of memchr,
and prevents PR 86714 - tree-ssa-forwprop.c confused by too
long initializer, but doesn't warn.
2. Warn for reads past unterminated constant character arrays.
This adds warnings for string functions called with such arrays
to resolve PR 86552 - missing warning for reading past the end
of non-string arrays. Now that GCC transforms braced-initializer
lists into STRING_CSTs (even those with no nul), the warning is
capable of diagnosing even those.
2.1 strlen
2.2 strcpy
2.3 sprintf
2.4 stpcpy
2.5 strnlen
There are many more string functions where unterminated (constant
or otherwise) should be diagnosed. I plan to continue to work on
those (with the constant ones first) but I want to post this
updated patch for review now, mainly so that the wrong code bug
(PR 86711) can be resolved and the basic detection infrastructure
agreed on.
An open question in my mind is what should GCC do with such calls
after issuing a warning: replace them with traps? Fold them into
constants? Or continue to pass them through to the corresponding
library functions?
Martin
On 07/25/2018 05:38 PM, Martin Sebor wrote:
> Ping: https://gcc.gnu.org/ml/gcc-patches/2018-07/msg01124.html
>
> The fix for bug 86532 has been checked in so this enhancement
> can now be applied on top of it (with only minor adjustments).
>
> On 07/19/2018 02:08 PM, Martin Sebor wrote:
>> In the discussion of my patch for pr86532 Bernd noted that
>> GCC silently accepts constant character arrays with no
>> terminating nul as arguments to strlen (and other string
>> functions).
>>
>> The attached patch is a first step in detecting these kinds
>> of bugs in strlen calls by issuing -Wstringop-overflow.
>> The next step is to modify all other handlers of built-in
>> functions to detect the same problem (not part of this patch).
>> Yet another step is to detect these problems in arguments
>> initialized using the non-string form:
>>
>> const char a[] = { 'a', 'b', 'c' };
>>
>> This patch is meant to apply on top of the one for bug 86532
>> (I tested it with an earlier version of that patch so there
>> is code in the context that does not appear in the latest
>> version of the other diff).
>>
>> Martin
>>
>
next prev parent reply other threads:[~2018-08-13 21:23 UTC|newest]
Thread overview: 47+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-07-19 20:09 [PATCH] warn for strlen of arrays with missing nul (PR 86552) Martin Sebor
2018-07-25 23:38 ` PING " Martin Sebor
2018-07-30 19:18 ` Martin Sebor
2018-08-02 2:44 ` PING [PATCH] warn for strlen of arrays with missing nul (PR 86552, 86711, 86714) ) Martin Sebor
2018-08-02 13:26 ` Bernd Edlinger
2018-08-02 18:56 ` Bernd Edlinger
2018-08-02 20:34 ` Martin Sebor
2018-08-03 13:01 ` Bernd Edlinger
2018-08-03 19:59 ` Martin Sebor
2018-08-15 5:31 ` Jeff Law
2018-08-29 17:17 ` Jeff Law
2018-08-24 6:36 ` Jeff Law
2018-08-24 12:28 ` Bernd Edlinger
2018-08-24 16:04 ` Jeff Law
2018-08-24 21:56 ` Bernd Edlinger
2018-08-24 16:51 ` Jeff Law
2018-08-24 17:26 ` Bernd Edlinger
2018-08-24 23:54 ` Jeff Law
2018-08-25 6:32 ` Bernd Edlinger
2018-08-25 17:33 ` Jeff Law
2018-08-25 18:36 ` Bernd Edlinger
2018-08-25 19:02 ` Jeff Law
2018-08-25 19:32 ` Bernd Edlinger
2018-08-25 20:42 ` Martin Sebor
2018-08-26 10:20 ` Bernd Edlinger
2018-08-25 23:22 ` Jeff Law
2018-08-17 5:15 ` Jeff Law
2018-08-17 14:38 ` Martin Sebor
2018-08-13 21:23 ` Martin Sebor [this message]
2018-08-13 21:25 ` [PATCH 1/6] prevent folding of unterminated const arrays in memchr calls (PR 86711, 86714) Martin Sebor
2018-08-13 21:27 ` [PATCH 3/6] detect unterminated const arrays in strcpy calls (PR 86552) Martin Sebor
2018-08-30 22:31 ` Jeff Law
2018-08-13 21:28 ` [PATCH 4/6] detect unterminated const arrays in sprintf " Martin Sebor
2018-08-30 22:55 ` Jeff Law
2018-08-13 21:29 ` [PATCH 6/6] detect unterminated const arrays in strnlen " Martin Sebor
2018-08-30 23:25 ` Jeff Law
2018-10-01 21:49 ` Jeff Law
2018-08-13 21:29 ` [PATCH 5/6] detect unterminated const arrays in stpcpy " Martin Sebor
2018-08-30 23:07 ` Jeff Law
2018-09-14 18:39 ` Jeff Law
2018-08-14 3:21 ` [PATCH 2/6] detect unterminated const arrays in strlen " Martin Sebor
2018-08-30 22:15 ` Jeff Law
2018-08-31 2:25 ` Martin Sebor
2018-08-15 6:02 ` [PATCH 0/6] improve handling of char arrays with missing nul (PR 86552, 86711, 86714) Jeff Law
2018-08-15 14:47 ` Martin Sebor
2018-08-15 15:42 ` Jeff Law
2018-08-24 10:13 ` Richard Biener
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=fcafd5f3-b8fa-faa3-29f4-41fab9d927c8@gmail.com \
--to=msebor@gmail.com \
--cc=gcc-patches@gcc.gnu.org \
--cc=law@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).