This is the mail archive of the gcc-patches@gcc.gnu.org mailing list for the GCC project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: [PATCH] - improve sprintf buffer overflow detection (middle-end/49905)

From: Martin Sebor <msebor at gmail dot com>
To: Florian Weimer <fweimer at redhat dot com>
Cc: Joseph Myers <joseph at codesourcery dot com>, Jeff Law <law at redhat dot com>, Richard Biener <rguenther at suse dot de>, Gcc Patch List <gcc-patches at gcc dot gnu dot org>, Jakub Jelinek <jakub at redhat dot com>, Bernd Schmidt <bschmidt at redhat dot com>, David Malcolm <dmalcolm at redhat dot com>, Manuel López-Ibáñez <lopezibanez at gmail dot com>
Date: Wed, 24 Aug 2016 13:18:56 -0600
Subject: Re: [PATCH] - improve sprintf buffer overflow detection (middle-end/49905)
Authentication-results: sourceware.org; auth=none
References: <5776B33E.2080504@gmail.com> <alpine.LSU.2.11.1607041255060.29772@t29.fhfr.qr> <577A8D6A.3070902@gmail.com> <alpine.LSU.2.11.1607051208470.29772@t29.fhfr.qr> <578D512F.9050909@gmail.com> <9bb5ad66-4985-8c42-f800-4d84e0e18659@redhat.com> <57A3AFFF.7090109@gmail.com> <f3d09350-de5d-a0e4-8203-affac268ced2@redhat.com> <57AD30E5.3000801@gmail.com> <22a47656-c23c-4840-2e49-a59f4af513b1@redhat.com> <57B725F6.8000405@gmail.com> <110cfc6b-7856-9b51-885f-05402b14fc3e@redhat.com> <57BCC6A4.3050004@gmail.com> <alpine.DEB.2.20.1608232250420.1642@digraph.polyomino.org.uk> <57BDCE16.6010000@gmail.com> <822568d7-618b-9617-c37e-6ab808207022@redhat.com>

On 08/24/2016 12:54 PM, Florian Weimer wrote:

On 08/24/2016 06:40 PM, Martin Sebor wrote:

On 08/23/2016 05:00 PM, Joseph Myers wrote:

Some observations:

* Does -fprintf-return-value allow for the possibility of snprintf
failing
because of a memory allocation failure and so returning -1 when GCC
computed bounds on what it could return if successful?


No.  I recall having seen Glibc fail with ENOMEM years ago when
formatting a floating point number to a very large precision but
I haven't seen any implementation fail.  I haven't yet looked to
see if the Glibc failure can still happen.  My reading of C and
POSIX is that snprintf is only allowed to fail due to an encoding
error, not because it runs out of memory, so such a failure would
seem like a bug.


It can still happen, and not just for floating point.

#include <stdio.h>

int
main()
{
   printf("%0999999d\n", 5);
}

valgrind reports:

    total heap usage: 1 allocs, 1 frees, 1,000,031 bytes allocated


Thanks for the information (even though that's not the news I was
hoping for).  Is there a way to determine from the format string
whether the allocation will happen?  Does it just happen with
output beyond some length, for example?

Martin

References:
- Re: [PATCH] - improve sprintf buffer overflow detection (middle-end/49905)
  - From: Martin Sebor
- Re: [PATCH] - improve sprintf buffer overflow detection (middle-end/49905)
  - From: Jeff Law
- Re: [PATCH] - improve sprintf buffer overflow detection (middle-end/49905)
  - From: Martin Sebor
- Re: [PATCH] - improve sprintf buffer overflow detection (middle-end/49905)
  - From: Jeff Law
- Re: [PATCH] - improve sprintf buffer overflow detection (middle-end/49905)
  - From: Martin Sebor
- Re: [PATCH] - improve sprintf buffer overflow detection (middle-end/49905)
  - From: Jeff Law
- Re: [PATCH] - improve sprintf buffer overflow detection (middle-end/49905)
  - From: Martin Sebor
- Re: [PATCH] - improve sprintf buffer overflow detection (middle-end/49905)
  - From: Joseph Myers
- Re: [PATCH] - improve sprintf buffer overflow detection (middle-end/49905)
  - From: Martin Sebor
- Re: [PATCH] - improve sprintf buffer overflow detection (middle-end/49905)
  - From: Florian Weimer

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]