This is the mail archive of the gcc-patches@gcc.gnu.org mailing list for the GCC project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: [PATCH] - improve sprintf buffer overflow detection (middle-end/49905)

From: Joseph Myers <joseph at codesourcery dot com>
To: Jakub Jelinek <jakub at redhat dot com>
Cc: Martin Sebor <msebor at gmail dot com>, Rainer Orth <ro at CeBiTec dot Uni-Bielefeld dot DE>, David Malcolm <dmalcolm at redhat dot com>, Gcc Patch List <gcc-patches at gcc dot gnu dot org>, Jeff Law <law at redhat dot com>, Richard Biener <rguenther at suse dot de>, Bernd Schmidt <bschmidt at redhat dot com>, Manuel López-Ibáñez <lopezibanez at gmail dot com>, Florian Weimer <fweimer at redhat dot com>
Date: Wed, 5 Oct 2016 16:10:45 +0000
Subject: Re: [PATCH] - improve sprintf buffer overflow detection (middle-end/49905)
Authentication-results: sourceware.org; auth=none
References: <yddoa3gb93q.fsf@CeBiTec.Uni-Bielefeld.DE> <yddbmzgb08e.fsf@CeBiTec.Uni-Bielefeld.DE> <c56ef85c-a26b-e5e9-9a04-64a9bbf6ce93@gmail.com> <yddh996aftl.fsf@CeBiTec.Uni-Bielefeld.DE> <bff8cc5c-1f69-6a65-c2a7-d7cb3f79ab0b@gmail.com> <yddtwcsmpig.fsf@CeBiTec.Uni-Bielefeld.DE> <0a1c535f-f5a9-4bda-a598-a9af92e9e855@gmail.com> <alpine.DEB.2.20.1610050012520.17011@digraph.polyomino.org.uk> <461cfc81-1dcc-9c6f-cf03-44d91917bdeb@gmail.com> <alpine.DEB.2.20.1610051535520.1722@digraph.polyomino.org.uk> <20161005154444.GP7282@tucnak.redhat.com>

On Wed, 5 Oct 2016, Jakub Jelinek wrote:

> On Wed, Oct 05, 2016 at 03:40:18PM +0000, Joseph Myers wrote:
> > On Tue, 4 Oct 2016, Martin Sebor wrote:
> > 
> > > > Well, typically cases where one of long and int is passed and the other is
> > > > expected, but they have the same size, are bugs waiting to happen when the
> > > > code is built on a 64-bit system.  That is, they *should* warn.
> > > 
> > > Typically, yes.  In the case of wchar_t (or int) and wint_t I don't
> > > think it's helpful.  Consider this case from my comment #5 on bug
> > > 72858.  I don't think there is any point in issuing a warning here.
> > > On the majority of targets they either all are or promote to a type
> > > of the same size, don't they?
> > 
> > I'm unconvinced by that "majority of targets" of argument (which once 
> > would have been true for int and long, and you could say it is true for 
> > long and size_t).  There's a clear correct type here, and it's wint_t, and 
> > it's always easy to fix the code to use the correct type.
> 
> But, can we reliably detect differences between wint_t and unsigned int if
> wint_t is a typedef to that, or size_t and unsigned long etc., I mean doesn't
> early folding already throw it away?

Detecting it in all cases is hard as for size_t etc., but that shouldn't 
stop us warning in the cases where the types are different enough that we 
can tell the program is wrong.

-- 
Joseph S. Myers
joseph@codesourcery.com

References:
- Re: [PATCH] - improve sprintf buffer overflow detection (middle-end/49905)
  - From: Martin Sebor
- Re: [PATCH] - improve sprintf buffer overflow detection (middle-end/49905)
  - From: Rainer Orth
- Re: [PATCH] - improve sprintf buffer overflow detection (middle-end/49905)
  - From: Martin Sebor
- Re: [PATCH] - improve sprintf buffer overflow detection (middle-end/49905)
  - From: Joseph Myers
- Re: [PATCH] - improve sprintf buffer overflow detection (middle-end/49905)
  - From: Martin Sebor
- Re: [PATCH] - improve sprintf buffer overflow detection (middle-end/49905)
  - From: Joseph Myers
- Re: [PATCH] - improve sprintf buffer overflow detection (middle-end/49905)
  - From: Jakub Jelinek

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]