This is the mail archive of the
gcc-patches@gcc.gnu.org
mailing list for the GCC project.
Re: [PATCH][ubsan] Add VLA bound instrumentation
- From: Marek Polacek <polacek at redhat dot com>
- To: "Joseph S. Myers" <joseph at codesourcery dot com>
- Cc: GCC Patches <gcc-patches at gcc dot gnu dot org>, Jakub Jelinek <jakub at redhat dot com>, Jason Merrill <jason at redhat dot com>
- Date: Thu, 12 Sep 2013 18:12:37 +0200
- Subject: Re: [PATCH][ubsan] Add VLA bound instrumentation
- Authentication-results: sourceware.org; auth=none
- References: <20130912122655 dot GN23899 at redhat dot com> <Pine dot LNX dot 4 dot 64 dot 1309121546080 dot 5614 at digraph dot polyomino dot org dot uk>
On Thu, Sep 12, 2013 at 03:52:18PM +0000, Joseph S. Myers wrote:
> On Thu, 12 Sep 2013, Marek Polacek wrote:
>
> > This patch adds the instrumentation of VLA bounds. Basically, it just
> > checks that the size of a VLA is positive. I.e., We also issue an error
> > if the size of the VLA is 0. It catches e.g.
>
> This is not an objection to this patch, but there are a few other bits of
> VLA bound instrumentation that could be done as well. If the size has a
> wide-enough type to be bigger than the target's SIZE_MAX, and is indeed
> bigger than SIZE_MAX, that could be detected at runtime as well. Or if
> the multiplication of array size and element size exceeds SIZE_MAX (this
> covers both elements of constant size, and elements that are themselves
> VLAs, but the former can be handled more efficiently by comparing against
> an appropriate constant rather than needing a runtime test for whether a
> multiplication in size_t overflows).
>
> (Actually, I believe sizes (in bytes) greater than target PTRDIFF_MAX, not
> just SIZE_MAX, should be caught, because pointer subtraction cannot work
> reliably with larger objects. So it's not just when the size or
> multiplication overflow size_t, but when they overflow ptrdiff_t.)
Yup, this all sounds good. I'll look at this tomorrow. I think I'd
prefer doing this as a follow-up, after the C/C++ FE parts are
reviewed; doing SIZE_MAX/PTRDIFF_MAX checking then should require
changes only in c-ubsan.c.
Marek