This is the mail archive of the gcc-patches@gcc.gnu.org mailing list for the GCC project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: [PATCH] - improve sprintf buffer overflow detection (middle-end/49905)

From: Joseph Myers <joseph at codesourcery dot com>
To: Martin Sebor <msebor at gmail dot com>
Cc: Rainer Orth <ro at CeBiTec dot Uni-Bielefeld dot DE>, David Malcolm <dmalcolm at redhat dot com>, Gcc Patch List <gcc-patches at gcc dot gnu dot org>, Jeff Law <law at redhat dot com>, Richard Biener <rguenther at suse dot de>, Jakub Jelinek <jakub at redhat dot com>, Bernd Schmidt <bschmidt at redhat dot com>, Manuel López-Ibáñez <lopezibanez at gmail dot com>, Florian Weimer <fweimer at redhat dot com>
Date: Wed, 5 Oct 2016 16:27:01 +0000
Subject: Re: [PATCH] - improve sprintf buffer overflow detection (middle-end/49905)
Authentication-results: sourceware.org; auth=none
References: <5776B33E.2080504@gmail.com> <57AD30E5.3000801@gmail.com> <22a47656-c23c-4840-2e49-a59f4af513b1@redhat.com> <57B725F6.8000405@gmail.com> <110cfc6b-7856-9b51-885f-05402b14fc3e@redhat.com> <57D1B5F0.1030504@gmail.com> <alpine.DEB.2.20.1609082201120.17041@digraph.polyomino.org.uk> <57D60D03.7080601@gmail.com> <1474050251.6782.70.camel@redhat.com> <ab69c4bf-a8e2-cee7-4178-97ebd509a291@gmail.com> <yddoa3gb93q.fsf@CeBiTec.Uni-Bielefeld.DE> <yddbmzgb08e.fsf@CeBiTec.Uni-Bielefeld.DE> <c56ef85c-a26b-e5e9-9a04-64a9bbf6ce93@gmail.com> <yddh996aftl.fsf@CeBiTec.Uni-Bielefeld.DE> <bff8cc5c-1f69-6a65-c2a7-d7cb3f79ab0b@gmail.com> <yddtwcsmpig.fsf@CeBiTec.Uni-Bielefeld.DE> <0a1c535f-f5a9-4bda-a598-a9af92e9e855@gmail.com> <alpine.DEB.2.20.1610050012520.17011@digraph.polyomino.org.uk> <461cfc81-1dcc-9c6f-cf03-44d91917bdeb@gmail.com> <alpine.DEB.2.20.1610051535520.1722@digraph.polyomino.org.uk> <cc51b95b-9934-b408-6494-4b748d489e9b@gmail.com>

On Wed, 5 Oct 2016, Martin Sebor wrote:

> The warning would only helpful if there was a target where wchar_t
> didn't promote to a type with the same precision as wint_t, or in

Or it could show up a logical error where the code should have had a 
wint_t variable and checked for WEOF somewhere but just assumed things 
would fit in wchar_t (and so could be passing a negative value where the 
ABI means the callee expects wint_t values to be zero-extended, with 
consequent undefined behavior there).  The correct fix involves thinking 
about where you know something is a wide character, and where something 
might be a wide character or WEOF.  It might then involve a cast to 
wint_t, or changing the type of a variable, or more changes than that.

-- 
Joseph S. Myers
joseph@codesourcery.com

Follow-Ups:
- Re: [PATCH] - improve sprintf buffer overflow detection (middle-end/49905)
  - From: Martin Sebor

References:
- Re: [PATCH] - improve sprintf buffer overflow detection (middle-end/49905)
  - From: Martin Sebor
- Re: [PATCH] - improve sprintf buffer overflow detection (middle-end/49905)
  - From: Rainer Orth
- Re: [PATCH] - improve sprintf buffer overflow detection (middle-end/49905)
  - From: Martin Sebor
- Re: [PATCH] - improve sprintf buffer overflow detection (middle-end/49905)
  - From: Joseph Myers
- Re: [PATCH] - improve sprintf buffer overflow detection (middle-end/49905)
  - From: Martin Sebor
- Re: [PATCH] - improve sprintf buffer overflow detection (middle-end/49905)
  - From: Joseph Myers
- Re: [PATCH] - improve sprintf buffer overflow detection (middle-end/49905)
  - From: Martin Sebor

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]