From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-qt1-x843.google.com (mail-qt1-x843.google.com [IPv6:2607:f8b0:4864:20::843]) by sourceware.org (Postfix) with ESMTPS id E92503851C3B for ; Mon, 4 May 2020 17:34:07 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.3.2 sourceware.org E92503851C3B Received: by mail-qt1-x843.google.com with SMTP id k12so197711qtm.4 for ; Mon, 04 May 2020 10:34:07 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=n0B+sdCNSDCPWLvpZg1F2jYIBYwy+nTtd5BeIvh7s7M=; b=XUGq1B/tDwjLxVlVpblKolw0pbAUswss84ENKT/VwUUI8EcoGlqv3DSG+gwwEHJ7W1 7jb1ThDSX8KhQQ2We5Gv77ey4irWLKYu1aXhiRWS82Rf8n3xToNJ52iw9Q6MU9PcoOnn SglbIsdjZXVwWjg6uVuB1cd32pbsdegLVYEUrrsRo7vS4/JPoVJcEETVXcxnHDcJnDIp eOiRyycKbEsNTVbemYecKNWXiYwTOhHwhEijfs3WoU5Y1FM50e0bwV7VbNxBNkJU6dIb b2sKTiiUz0HA8eC5sxwt69MJ+/BImW8J5dw5fOyY/0KZqGQ0u0tQKPhCQz3F6ILBum9K mE2A== X-Gm-Message-State: AGi0PuZGCc+oug+2I4CTaHVDybDcDWc46oegb/GJsZ1EP5WV+xTfpAa8 blO2w1+fS/k7WaC+ZlIt9aXkOSwy X-Google-Smtp-Source: APiQypKI0/w/rAVkbe/aIN7B4piu3JW4OR0Y27kXibNU7QVlSbJy925FHm1uWFvx0pCLGFC0M4SESQ== X-Received: by 2002:ac8:2ba7:: with SMTP id m36mr207462qtm.254.1588613647339; Mon, 04 May 2020 10:34:07 -0700 (PDT) Received: from [192.168.0.41] (174-16-121-251.hlrn.qwest.net. [174.16.121.251]) by smtp.gmail.com with ESMTPSA id p75sm3726995qke.121.2020.05.04.10.34.06 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 04 May 2020 10:34:06 -0700 (PDT) Subject: Re: [PATCH] improve out-of-bounds checking with GCC 10 attribute access [BZ #25219] To: DJ Delorie Cc: libc-alpha@sourceware.org References: From: Martin Sebor Message-ID: <8d359caf-0522-c753-af3d-2680d54a0cb8@gmail.com> Date: Mon, 4 May 2020 11:34:05 -0600 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.6.1 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=-6.8 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, FREEMAIL_FROM, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 04 May 2020 17:34:09 -0000 On 5/1/20 4:02 PM, DJ Delorie wrote: > Martin Sebor writes: >> Thanks for the careful review! > > This new version LGTM. > > Reviewed-by: DJ Delorie > > (but IMHO a second set of eyes would be good for this one) > >> Yes, that's wrong. Good catch! I completely missed stdio when >> testing so I also didn't notice I forgot to add the attribute to >> fgets() itself. I've fixed that in the updated patch. > > Ok. > >>> IMHO comment should state that the first argument is index 1. >>> >>> IMHO should document what happens when size-index is missing. >> >> I've tweaked the comment a bit. I hesitate to go into a lot of >> detail here and would expect people needing it to read the manual. > > Right, but there should be just enough info for someone adding a new use > of it to know what to do, without requiring the gcc docs. The new > comment is fine. > >>> __buf[???] >> >> When size-index is missing at least one byte of the array must be >> accessible (or the pointer must be null). There's no way to specify >> a constant size with the current syntax. In the future I'd like to >> try to teach GCC to get it from the argument itself (for ordinary >> arrays as well as for VLAs): > > Makes sense, just didn't know. > >>> NOTE: does not use the __attr_access macro >> >> Fixed, thanks. > > Ok. > Thanks. I have committed the latest patch in 06febd8c6705c816b2f32ee7aa1f4c0184b05248. Martin