This is the mail archive of the gcc-bugs@gcc.gnu.org mailing list for the GCC project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

[Bug c/35592] Want attribute to enable precision loss warning

From: "manu at gcc dot gnu dot org" <gcc-bugzilla at gcc dot gnu dot org>
To: gcc-bugs at gcc dot gnu dot org
Date: 1 Apr 2008 02:53:14 -0000
Subject: [Bug c/35592] Want attribute to enable precision loss warning
References: <bug-35592-3511@http.gcc.gnu.org/bugzilla/>
Reply-to: gcc-bugzilla at gcc dot gnu dot org


------- Comment #3 from manu at gcc dot gnu dot org  2008-04-01 02:53 -------
(In reply to comment #2)
> 
> If the size_t given to memcpy is truncated, that does not overwrite a buffer.
> But if the size_t given to malloc is truncated, that is a pretty surefire way
> to find a security issue.

I guess that depends on how the conversion occurs:

int i = -5;
...
memcpy (dest, src, i);

I would have trouble defining which cases are security issues.

On the other hand, the truncation may actually take place far from where malloc
is called:

size_t len = 999999999999999LL;
...
buffer = malloc (len);

not sure how your proposal could handle that.


-- 

manu at gcc dot gnu dot org changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |manu at gcc dot gnu dot org


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=35592

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]