This is the mail archive of the gcc-patches@gcc.gnu.org mailing list for the GCC project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: [PATCH] - improve sprintf buffer overflow detection (middle-end/49905)

From: Jeff Law <law at redhat dot com>
To: Martin Sebor <msebor at gmail dot com>, Richard Biener <rguenther at suse dot de>, Gcc Patch List <gcc-patches at gcc dot gnu dot org>, Jakub Jelinek <jakub at redhat dot com>, Bernd Schmidt <bschmidt at redhat dot com>, David Malcolm <dmalcolm at redhat dot com>, Manuel López-Ibáñez <lopezibanez at gmail dot com>, Florian Weimer <fweimer at redhat dot com>, Joseph Myers <joseph at codesourcery dot com>
Date: Thu, 21 Jul 2016 15:48:20 -0600
Subject: Re: [PATCH] - improve sprintf buffer overflow detection (middle-end/49905)
Authentication-results: sourceware.org; auth=none
References: <5776B33E.2080504@gmail.com> <alpine.LSU.2.11.1607041255060.29772@t29.fhfr.qr> <577A8D6A.3070902@gmail.com> <alpine.LSU.2.11.1607051208470.29772@t29.fhfr.qr> <578D512F.9050909@gmail.com>

I saw a few places in GCC itself where you increased buffer sizes. Wereany of those level 1 failures?


In c.opt:

+C ObjC C++ ObjC++ Warning Alias (Wformat-length=, 1, 0)

Can't this take on values 0, 1, 2? And if so, is the "1" above correct?

In invoke.texi we have:

+-Wno-format-contains-nul -Wno-format-extra-args -Wformat-length=2 @gol
Note Wformat-length=2.

Then in the actual documentation it says the default level is 1.

+in output truncation.  GCC counts the number of bytes that each format
+string and directive within it writes into the provided buffer and, when
+it detects that more bytes that fit in the destination buffer may be output,
+it emits a warning.


s/that fit/than fit

In that same section is the text which says the default level is 1

I'm curious about the heuristics for level 1. I guess if you get awarning at level 1, then you've got a situation where we know we'llwrite out of bounds. level 2 is a may write out of bounds. Which makesme wonder if rather than levels we should use symbolic names?

I guess my worry here is that if we don't message this right folks willmake their code level 1 clean and think they're done. When in realityall they've done is mitigate the most egregious problems.


Elsewhere in invoke.texi:

+buffer in an inforational note following the warning.

informational I assume

+the minimum buffer size.  For exampe, if @var{a} and @var{b} above can

example

In genmatch.c:

+      char id[13];   /* Big enough for a 32-bit UINT_MAX.  */

In general we don't add comments to the end of a line like that. If acomment is needed, put it before the declaration. I'm not sure if acomment is needed here or not -- your call.


Similarly for various other places were you increased buffer lengths.


In passes.c:

+
+      // inform (0, "executing pass: %s", pass->name);
+
       if (execute_one_pass (pass) && pass->sub)
-        execute_pass_list_1 (pass->sub);
+       {
+         // inform (0, "executing subpass: %s", pass->sub->name);
+         execute_pass_list_1 (pass->sub);
+       }
+



The comments left over from debugging?

Looks like ~1/3 of the patch are tests. Good stuff. I'm going toassume those are correct.

I'll get into gimple-ssa-sprintf.c either later tonight or tomorrow.But so far nothing major, just nits.


Jeff

References:
- [PATCH] - improve sprintf buffer overflow detection (middle-end/49905)
  - From: Martin Sebor
- Re: [PATCH] - improve sprintf buffer overflow detection (middle-end/49905)
  - From: Richard Biener
- Re: [PATCH] - improve sprintf buffer overflow detection (middle-end/49905)
  - From: Martin Sebor
- Re: [PATCH] - improve sprintf buffer overflow detection (middle-end/49905)
  - From: Richard Biener
- Re: [PATCH] - improve sprintf buffer overflow detection (middle-end/49905)
  - From: Martin Sebor

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]