From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 25956 invoked by alias); 20 Feb 2015 11:06:39 -0000 Mailing-List: contact gcc-help@gcc.gnu.org; run by ezmlm Precedence: bulk List-Id: List-Archive: List-Post: List-Help: Sender: gcc-owner@gcc.gnu.org Received: (qmail 25945 invoked by uid 89); 20 Feb 2015 11:06:38 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-3.5 required=5.0 tests=AWL,BAYES_00,RP_MATCHES_RCVD,SPF_HELO_PASS,SPF_PASS autolearn=ham version=3.3.2 X-HELO: mx1.redhat.com Received: from mx1.redhat.com (HELO mx1.redhat.com) (209.132.183.28) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with (AES256-GCM-SHA384 encrypted) ESMTPS; Fri, 20 Feb 2015 11:06:37 +0000 Received: from int-mx09.intmail.prod.int.phx2.redhat.com (int-mx09.intmail.prod.int.phx2.redhat.com [10.5.11.22]) by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id t1KB6V5V016220 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL); Fri, 20 Feb 2015 06:06:31 -0500 Received: from oldenburg.str.redhat.com (oldenburg.str.redhat.com [10.33.200.60]) by int-mx09.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id t1KB6ThV025679 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO); Fri, 20 Feb 2015 06:06:30 -0500 Message-ID: <54E71534.8070805@redhat.com> Date: Fri, 20 Feb 2015 11:06:00 -0000 From: Florian Weimer User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.4.0 MIME-Version: 1.0 To: Sandra Loosemore , Jakub Jelinek CC: Jeff Prothero , gcc@gcc.gnu.org Subject: Re: Obscure crashes due to gcc 4.9 -O2 => -fisolate-erroneous-paths-dereference References: <20150218192943.GR1746@tucnak.redhat.com> <54E64DFF.8030100@codesourcery.com> In-Reply-To: <54E64DFF.8030100@codesourcery.com> Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-IsSubscribed: yes X-SW-Source: 2015-02/txt/msg00186.txt.bz2 On 02/19/2015 09:56 PM, Sandra Loosemore wrote: > Hmmmm, Passing the additional option in user code would be one thing, > but what about library code? E.g., using memcpy (either explicitly or > implicitly for a structure copy)? The memcpy problem isn't restricted to embedded architectures. size_t size; const unsigned char *source; std::vector vec; … vec.resize(size); memcpy(vec.data(), source, size); std::vector::data() can return a null pointer if the vector is empty, which means that this code is invalid for empty inputs. I think the C standard is wrong here. We should extend it, as a QoI matter, and support null pointers for variable-length inputs and outputs if the size is 0. But I suspect this is still a minority view. -- Florian Weimer / Red Hat Product Security