This is the mail archive of the
mailing list for the GCC project.
Re: Obscure crashes due to gcc 4.9 -O2 => -fisolate-erroneous-paths-dereference
- From: Florian Weimer <fweimer at redhat dot com>
- To: Sandra Loosemore <sandra at codesourcery dot com>, Jakub Jelinek <jakub at redhat dot com>
- Cc: Jeff Prothero <jprother at altera dot com>, gcc at gcc dot gnu dot org
- Date: Fri, 20 Feb 2015 12:06:28 +0100
- Subject: Re: Obscure crashes due to gcc 4.9 -O2 => -fisolate-erroneous-paths-dereference
- Authentication-results: sourceware.org; auth=none
- References: <pdf61azt48b dot fsf at sj-interactive3 dot altera dot com> <20150218192943 dot GR1746 at tucnak dot redhat dot com> <54E64DFF dot 8030100 at codesourcery dot com>
On 02/19/2015 09:56 PM, Sandra Loosemore wrote:
> Hmmmm, Passing the additional option in user code would be one thing,
> but what about library code? E.g., using memcpy (either explicitly or
> implicitly for a structure copy)?
The memcpy problem isn't restricted to embedded architectures.
const unsigned char *source;
memcpy(vec.data(), source, size);
std::vector<T>::data() can return a null pointer if the vector is empty,
which means that this code is invalid for empty inputs.
I think the C standard is wrong here. We should extend it, as a QoI
matter, and support null pointers for variable-length inputs and outputs
if the size is 0. But I suspect this is still a minority view.
Florian Weimer / Red Hat Product Security