This is the mail archive of the
gcc-bugs@gcc.gnu.org
mailing list for the GCC project.
[Bug c/35592] Want attribute to enable precision loss warning
- From: "manu at gcc dot gnu dot org" <gcc-bugzilla at gcc dot gnu dot org>
- To: gcc-bugs at gcc dot gnu dot org
- Date: 1 Apr 2008 02:53:14 -0000
- Subject: [Bug c/35592] Want attribute to enable precision loss warning
- References: <bug-35592-3511@http.gcc.gnu.org/bugzilla/>
- Reply-to: gcc-bugzilla at gcc dot gnu dot org
------- Comment #3 from manu at gcc dot gnu dot org 2008-04-01 02:53 -------
(In reply to comment #2)
>
> If the size_t given to memcpy is truncated, that does not overwrite a buffer.
> But if the size_t given to malloc is truncated, that is a pretty surefire way
> to find a security issue.
I guess that depends on how the conversion occurs:
int i = -5;
...
memcpy (dest, src, i);
I would have trouble defining which cases are security issues.
On the other hand, the truncation may actually take place far from where malloc
is called:
size_t len = 999999999999999LL;
...
buffer = malloc (len);
not sure how your proposal could handle that.
--
manu at gcc dot gnu dot org changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |manu at gcc dot gnu dot org
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=35592