This is the mail archive of the mailing list for the GCC project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: [PATCH][ubsan] Add VLA bound instrumentation

On Thu, Sep 12, 2013 at 03:52:18PM +0000, Joseph S. Myers wrote:
> On Thu, 12 Sep 2013, Marek Polacek wrote:
> > This patch adds the instrumentation of VLA bounds.  Basically, it just 
> > checks that the size of a VLA is positive.  I.e., We also issue an error 
> > if the size of the VLA is 0.  It catches e.g.
> This is not an objection to this patch, but there are a few other bits of 
> VLA bound instrumentation that could be done as well.  If the size has a 
> wide-enough type to be bigger than the target's SIZE_MAX, and is indeed 
> bigger than SIZE_MAX, that could be detected at runtime as well.  Or if 
> the multiplication of array size and element size exceeds SIZE_MAX (this 
> covers both elements of constant size, and elements that are themselves 
> VLAs, but the former can be handled more efficiently by comparing against 
> an appropriate constant rather than needing a runtime test for whether a 
> multiplication in size_t overflows).
> (Actually, I believe sizes (in bytes) greater than target PTRDIFF_MAX, not 
> just SIZE_MAX, should be caught, because pointer subtraction cannot work 
> reliably with larger objects.  So it's not just when the size or 
> multiplication overflow size_t, but when they overflow ptrdiff_t.)

Yup, this all sounds good.  I'll look at this tomorrow.  I think I'd
prefer doing this as a follow-up, after the C/C++ FE parts are
reviewed; doing SIZE_MAX/PTRDIFF_MAX checking then should require
changes only in c-ubsan.c.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]