Re: c/4967: GCC should warn about obvious violations of restrict

[Andreas Jaeger <aj at suse dot de>]

The following reply was made to PR c/4967; it has been noted by GNATS.

From: Andreas Jaeger <aj@suse.de>
To: "Joseph S. Myers" <jsm28@cam.ac.uk>
Cc: <gcc-gnats@gcc.gnu.org>, <ma@suse.de>, <gcc-bugs@gcc.gnu.org>,
	<schwab@suse.de>
Subject: Re: c/4967: GCC should warn about obvious violations of restrict
Date: Thu, 29 Nov 2001 17:32:25 +0100

 "Joseph S. Myers" <jsm28@cam.ac.uk> writes:
 
 > On Thu, 29 Nov 2001, Andreas Jaeger wrote:
 >
 >> whether a call is defined or not.  A call sprintf_restrict (buf, buf)
 >> would only be undefined when the function writes to both pointers but
 >> this cannot be detected at the call side for e.g. library
 >> functions:-(.
 >
 > Only when it writes to the same object via one pointer as it accesses by
 > the other, indeed.  Adding 25 to the second pointer, then copying 25 bytes
 > from the first to the second, or something more complicated where each
 > byte is only accessed via one of the pointers, would still be OK.
 >
 > You could always work out some way to annotate function declarations with
 > information about how much is read or written from each argument and
 > whether aliasing is OK (note that the restrict qualifiers in declarations
 > not part of the definition are still irrelevant and are effectively
 > ignored (6.7.5.3#15), but you could define them to be relevant in
 
 that's much more involved then the simple solution I had in mind -
 which is not ok :-(
 
 > interpreting such an attribute).  I'd like to get -Wformat-security to
 > warn about sprintf into fixed-length buffers that might be too short for
 > the format, and similar such possible security holes.
 
 I'm closing this bug report now, since what I orignally intented is
 not possible.
 
 Thanks,
 Andreas
 -- 
  Andreas Jaeger
   SuSE Labs aj@suse.de
    private aj@arthur.inka.de
     http://www.suse.de/~aj