From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SRS0=ASy5=7M=vinc17.net=vincent@sourceware.org>
Received: from cventin.lip.ens-lyon.fr (cventin.lip.ens-lyon.fr [140.77.13.17])
	by sourceware.org (Postfix) with ESMTPS id 16F9E3858413
	for <libc-alpha@sourceware.org>; Mon, 20 Mar 2023 16:33:21 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 16F9E3858413
Authentication-Results: sourceware.org; dmarc=none (p=none dis=none) header.from=vinc17.net
Authentication-Results: sourceware.org; spf=none smtp.mailfrom=vinc17.net
Received: from vlefevre by cventin.lip.ens-lyon.fr with local (Exim 4.96)
	(envelope-from <vincent@vinc17.net>)
	id 1peIRj-001Fzb-2A;
	Mon, 20 Mar 2023 17:33:19 +0100
Date: Mon, 20 Mar 2023 17:33:19 +0100
From: Vincent Lefevre <vincent@vinc17.net>
To: libc-alpha@sourceware.org
Subject: Re: UB status of snprintf on invalid ptr+size combination?
Message-ID: <20230320163319.GF203866@cventin.lip.ens-lyon.fr>
Mail-Followup-To: Vincent Lefevre <vincent@vinc17.net>,
	libc-alpha@sourceware.org
References: <CAOOWow1L2ZMXE6S5pd3uKvAeHNQXMPtjew42LbAiQE-Pnd2ULg@mail.gmail.com>
 <a5bda742-c534-f5a6-abba-39d29c26f01e@cs.ucla.edu>
 <mvmy1nyz7w7.fsf@suse.de>
 <9d7ca3d8-6998-e741-b669-03ef42bc99f1@gmail.com>
 <20230320150929.GA283644@cventin.lip.ens-lyon.fr>
 <ba3499ce-f296-5368-e9ed-f55526fb4b07@gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <ba3499ce-f296-5368-e9ed-f55526fb4b07@gmail.com>
X-Mailer-Info: https://www.vinc17.net/mutt/
User-Agent: Mutt/2.2.9+71 (caea3018) vl-149028 (2023-03-14)
X-Spam-Status: No, score=-2.7 required=5.0 tests=BAYES_00,KAM_DMARC_STATUS,KAM_LAZY_DOMAIN_SECURITY,SPF_HELO_NONE,SPF_NONE,TXREP autolearn=no autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org
List-Id: <libc-alpha.sourceware.org>

On 2023-03-20 17:15:49 +0100, Alejandro Colomar wrote:
> $ cat str.c 
> #include <stdio.h>
> 
> void f(char *dst, char *src)
> {
> 	sprintf(dst, "%s plus some extra stuff", src);
> }
> 
> $ cat main.c 
> void f(char *dst, char *src);
> 
> int main(void)
> {
> 	char *str = "some long string";
> 	char s[20];
> 
> 	f(s, str);
> }
> 
> $ cc -Wall -Wextra *.c -flto -O3 -fanalyzer -D_FORTIFY_SOURCE=1
> $ ./a.out 
> *** buffer overflow detected ***: terminated
> Aborted
> $ cc -Wall -Wextra *.c -flto -O3 -fanalyzer -D_FORTIFY_SOURCE=3
> alx@asus5775:~/tmp/fort$ ./a.out 
> *** buffer overflow detected ***: terminated
> Aborted
> 
> 
> Is this what you're looking for?  I agree that it would be nicer
> if the analyzer could catch this at build time, but it seems it's
> not yet so powerful.

I meant at build time.

-- 
Vincent Lefèvre <vincent@vinc17.net> - Web: <https://www.vinc17.net/>
100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/>
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)