This is the mail archive of the
gcc-bugs@gcc.gnu.org
mailing list for the GCC project.
Re: c/4967: GCC should warn about obvious violations of restrict
- From: "Joseph S. Myers" <jsm28 at cam dot ac dot uk>
- To: Andreas Jaeger <aj at suse dot de>
- Cc: <gcc-gnats at gcc dot gnu dot org>, <ma at suse dot de>, <gcc-bugs at gcc dot gnu dot org>, <schwab at suse dot de>
- Date: Thu, 29 Nov 2001 16:29:00 +0000 (GMT)
- Subject: Re: c/4967: GCC should warn about obvious violations of restrict
[Get raw message]
On Thu, 29 Nov 2001, Andreas Jaeger wrote:
> whether a call is defined or not. A call sprintf_restrict (buf, buf)
> would only be undefined when the function writes to both pointers but
> this cannot be detected at the call side for e.g. library
> functions:-(.
Only when it writes to the same object via one pointer as it accesses by
the other, indeed. Adding 25 to the second pointer, then copying 25 bytes
from the first to the second, or something more complicated where each
byte is only accessed via one of the pointers, would still be OK.
You could always work out some way to annotate function declarations with
information about how much is read or written from each argument and
whether aliasing is OK (note that the restrict qualifiers in declarations
not part of the definition are still irrelevant and are effectively
ignored (6.7.5.3#15), but you could define them to be relevant in
interpreting such an attribute). I'd like to get -Wformat-security to
warn about sprintf into fixed-length buffers that might be too short for
the format, and similar such possible security holes.
--
Joseph S. Myers
jsm28@cam.ac.uk