This is the mail archive of the
gcc-patches@gcc.gnu.org
mailing list for the GCC project.
Re: [PATCH][ubsan] Add VLA bound instrumentation
- From: "Joseph S. Myers" <joseph at codesourcery dot com>
- To: Marek Polacek <polacek at redhat dot com>
- Cc: GCC Patches <gcc-patches at gcc dot gnu dot org>, Jakub Jelinek <jakub at redhat dot com>, Jason Merrill <jason at redhat dot com>
- Date: Thu, 12 Sep 2013 16:05:48 +0000
- Subject: Re: [PATCH][ubsan] Add VLA bound instrumentation
- Authentication-results: sourceware.org; auth=none
- References: <20130912122655 dot GN23899 at redhat dot com> <Pine dot LNX dot 4 dot 64 dot 1309121546080 dot 5614 at digraph dot polyomino dot org dot uk>
On Thu, 12 Sep 2013, Joseph S. Myers wrote:
> (Actually, I believe sizes (in bytes) greater than target PTRDIFF_MAX, not
> just SIZE_MAX, should be caught, because pointer subtraction cannot work
> reliably with larger objects. So it's not just when the size or
> multiplication overflow size_t, but when they overflow ptrdiff_t.)
And, to add a bit more to the list of possible ubsan features (is this
todo list maintained anywhere?), even if the size is such that operations
on the array are in principle defined, it's possible that adjusting the
stack pointer by too much may take it into other areas of memory and so
cause stack overflow that doesn't get detected by the kernel. So maybe
ubsan should imply -fstack-check or similar.
Everything about VLA checking - checks on the size being positive and on
it not being larger than PTRDIFF_MAX, and on avoiding stack overflow -
applies equally to alloca: calls to alloca should also be instrumented.
(But I think alloca (0) is valid.)
--
Joseph S. Myers
joseph@codesourcery.com