From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: by sourceware.org (Postfix, from userid 48) id C08D13858287; Mon, 5 Feb 2024 15:07:42 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org C08D13858287 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sourceware.org; s=default; t=1707145662; bh=DXXuQ9h+EfeWnOXj2L7l0Idd/ILpVKUG/fGcb/wicnE=; h=From:To:Subject:Date:In-Reply-To:References:From; b=W/oYJpMsi/ObXZ3y74Rkgsk9BWCo/tFVkHQN4BVMTsQhXat2jLqkLNxgGbS9GRs1c GCnLvzPu7uqMF+tl4lyM9ye6hO5Z52d0D5q6HfNMoWfvWM1/lwbI45fb7Z1kI+lrne VARB8DToOp25oHdHUliFohoE1Ju13PKFlXtkQrD0= From: "fweimer at redhat dot com" To: glibc-bugs@sourceware.org Subject: [Bug string/31332] Improve detection of buffer overflow at compile-time with FORTIFY_SOURCE Date: Mon, 05 Feb 2024 15:07:42 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: glibc X-Bugzilla-Component: string X-Bugzilla-Version: unspecified X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: fweimer at redhat dot com X-Bugzilla-Status: UNCONFIRMED X-Bugzilla-Resolution: X-Bugzilla-Priority: P2 X-Bugzilla-Assigned-To: unassigned at sourceware dot org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://sourceware.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 List-Id: https://sourceware.org/bugzilla/show_bug.cgi?id=3D31332 --- Comment #2 from Florian Weimer --- Comment on attachment 15350 --> https://sourceware.org/bugzilla/attachment.cgi?id=3D15350 Test case with buffer overflow in memcpy call Current GCC already warns about this: #include __attribute__ ((weak)) void use (void *) { } int main() { char buffer[5]; char *src =3D "Hi guys"; memcpy(buffer, src, strlen(src)); use(buffer); return 0; } memcpy.c: In function =E2=80=98main=E2=80=99: memcpy.c:12:3: warning: =E2=80=98memcpy=E2=80=99 forming offset [5, 6] is o= ut of the bounds [0, 5] of object =E2=80=98buffer=E2=80=99 with type =E2=80=98char[5]=E2=80=99 [= -Warray-bounds=3D] 12 | memcpy(buffer, src, strlen(src)); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ memcpy.c:9:8: note: =E2=80=98buffer=E2=80=99 declared here 9 | char buffer[5]; | ^~~~~~ This can be turned into an error with -Werror=3Darray-bounds. The advantage= is that GCC can provide some helpful context about buffer sizes and offsets, w= hich we can do from a header with an inline wrapper function. The issue is that with your original test case is that the memcpy call is already gone at the point when such warnings are generated. (What's missing is a GCC compilation mode where operations on a pointer that cannot be bounds-checked fail to compile, but to be useful, that would have= to cover pointer arithmetic as well, so a header-only solution doesn't help wi= th that, either.) --=20 You are receiving this mail because: You are on the CC list for the bug.=