This is the mail archive of the
gcc-patches@gcc.gnu.org
mailing list for the GCC project.
Re: [RFC] Warning for potentially unbound writes to function parameters
- From: Gabriel Dos Reis <gdr at integrable-solutions dot net>
- To: Florian Weimer <fweimer at redhat dot com>
- Cc: GCC Patches <gcc-patches at gcc dot gnu dot org>
- Date: Fri, 17 Aug 2012 14:15:07 -0500
- Subject: Re: [RFC] Warning for potentially unbound writes to function parameters
- References: <502E6FBE.7070609@redhat.com>
On Fri, Aug 17, 2012 at 11:22 AM, Florian Weimer <fweimer@redhat.com> wrote:
> In some real-world code, I noticed a curious pattern: using the unsafe
> string functions on function parameter arguments. This leads to
> gets()-style unsafe APIs.
>
> I've looked at how to implement a warning for this, and came up with the
> attached patch. Do you think this makes sense?
>
> 1 #include <string.h>
> 2
> 3 const char *data (void);
> 4
> 5 void test (char *target)
> 6 {
> 7 strcpy(target, data ());
> 8 }
> 9
> 10
> 11 void test_2 (char *target)
> 12 {
> 13 char *p = target;
> 14 strcpy(p, data ());
> 15 }
> 16
>
> /tmp/t.c: In function ‘test’:
> /tmp/t.c:7:9: warning: potentially unbound write to function parameter
> ‘target’ [-Wunbound-parameter-write]
> strcpy(target, data ());
> ^
> /tmp/t.c: In function ‘test_2’:
> /tmp/t.c:14:9: warning: potentially unbound write to function parameter
> ‘target’ [-Wunbound-parameter-write]
> strcpy(p, data ());
> ^
>
> Obviously, the warning and its name need adjusting, and more functions need
> to be covered. But I want to check first if you think the warning makes
> sense at all, and if I've found the right place to implement it (this
> approach seems to require optimization, alas).
>
> --
> Florian Weimer / Red Hat Product Security Team
Hmm, I think it help a little bit if you could expand on where exactly
the danger the patch is trying to prevent is, and where what
does "unbound parameter" refer to or mean? (I don't know what
an unbound parameter is)
-- Gaby