This is the mail archive of the
gcc-prs@gcc.gnu.org
mailing list for the GCC project.
Re: c/4967: GCC should warn about obvious violations of restrict
- From: Andreas Jaeger <aj at suse dot de>
- To: nobody at gcc dot gnu dot org
- Cc: gcc-prs at gcc dot gnu dot org,
- Date: 29 Nov 2001 16:36:01 -0000
- Subject: Re: c/4967: GCC should warn about obvious violations of restrict
- Reply-to: Andreas Jaeger <aj at suse dot de>
[Get raw message]
The following reply was made to PR c/4967; it has been noted by GNATS.
From: Andreas Jaeger <aj@suse.de>
To: "Joseph S. Myers" <jsm28@cam.ac.uk>
Cc: <gcc-gnats@gcc.gnu.org>, <ma@suse.de>, <gcc-bugs@gcc.gnu.org>,
<schwab@suse.de>
Subject: Re: c/4967: GCC should warn about obvious violations of restrict
Date: Thu, 29 Nov 2001 17:32:25 +0100
"Joseph S. Myers" <jsm28@cam.ac.uk> writes:
> On Thu, 29 Nov 2001, Andreas Jaeger wrote:
>
>> whether a call is defined or not. A call sprintf_restrict (buf, buf)
>> would only be undefined when the function writes to both pointers but
>> this cannot be detected at the call side for e.g. library
>> functions:-(.
>
> Only when it writes to the same object via one pointer as it accesses by
> the other, indeed. Adding 25 to the second pointer, then copying 25 bytes
> from the first to the second, or something more complicated where each
> byte is only accessed via one of the pointers, would still be OK.
>
> You could always work out some way to annotate function declarations with
> information about how much is read or written from each argument and
> whether aliasing is OK (note that the restrict qualifiers in declarations
> not part of the definition are still irrelevant and are effectively
> ignored (6.7.5.3#15), but you could define them to be relevant in
that's much more involved then the simple solution I had in mind -
which is not ok :-(
> interpreting such an attribute). I'd like to get -Wformat-security to
> warn about sprintf into fixed-length buffers that might be too short for
> the format, and similar such possible security holes.
I'm closing this bug report now, since what I orignally intented is
not possible.
Thanks,
Andreas
--
Andreas Jaeger
SuSE Labs aj@suse.de
private aj@arthur.inka.de
http://www.suse.de/~aj