This is the mail archive of the
gcc-bugs@gcc.gnu.org
mailing list for the GCC project.
Re: c/4967: GCC should warn about obvious violations of restrict
- From: Andreas Jaeger <aj at suse dot de>
- To: "Joseph S. Myers" <jsm28 at cam dot ac dot uk>
- Cc: <gcc-gnats at gcc dot gnu dot org>, <ma at suse dot de>, <gcc-bugs at gcc dot gnu dot org>,<schwab at suse dot de>
- Date: Thu, 29 Nov 2001 17:32:25 +0100
- Subject: Re: c/4967: GCC should warn about obvious violations of restrict
- References: <Pine.LNX.4.33.0111291621410.20885-100000@kern.srcf.societies.cam.ac.uk>
[Get raw message]
"Joseph S. Myers" <jsm28@cam.ac.uk> writes:
> On Thu, 29 Nov 2001, Andreas Jaeger wrote:
>
>> whether a call is defined or not. A call sprintf_restrict (buf, buf)
>> would only be undefined when the function writes to both pointers but
>> this cannot be detected at the call side for e.g. library
>> functions:-(.
>
> Only when it writes to the same object via one pointer as it accesses by
> the other, indeed. Adding 25 to the second pointer, then copying 25 bytes
> from the first to the second, or something more complicated where each
> byte is only accessed via one of the pointers, would still be OK.
>
> You could always work out some way to annotate function declarations with
> information about how much is read or written from each argument and
> whether aliasing is OK (note that the restrict qualifiers in declarations
> not part of the definition are still irrelevant and are effectively
> ignored (6.7.5.3#15), but you could define them to be relevant in
that's much more involved then the simple solution I had in mind -
which is not ok :-(
> interpreting such an attribute). I'd like to get -Wformat-security to
> warn about sprintf into fixed-length buffers that might be too short for
> the format, and similar such possible security holes.
I'm closing this bug report now, since what I orignally intented is
not possible.
Thanks,
Andreas
--
Andreas Jaeger
SuSE Labs aj@suse.de
private aj@arthur.inka.de
http://www.suse.de/~aj