This is the mail archive of the gcc-patches@gcc.gnu.org mailing list for the GCC project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: [PATCH] - improve sprintf buffer overflow detection (middle-end/49905)


On 07/01/2016 08:15 PM, Martin Sebor wrote:
The attached patch enhances compile-time checking for buffer overflow
and output truncation in non-trivial calls to the sprintf family of
functions under a new option -Wformat-length=[12].  This initial
patch handles printf directives with string, integer, and simple
floating arguments but eventually I'd like to extend it all other
functions and directives for which it makes sense.

I tried your patch with the following code, which is close to a real-world example:

#include <stdio.h>

void print (const char *);

void
format_1 (unsigned address)
{
  unsigned char a = address >> 24;
  unsigned char b = address >> 16;
  unsigned char c = address >> 8;
  unsigned char d = address;
  char buf[15];
  sprintf ("%u.%u.%u.%u", buf, a, b, c, d);
  print (buf);
}

void
format_2 (unsigned address)
{
  char buf[15];
  sprintf ("%u.%u.%u.%u", buf,
           address >> 24,
           (address >> 16) & 0xff,
           (address >> 8) & 0xff,
           address & 0xff);
  print (buf);
}

I didn't get a warning (with -O2 and -Wformat-length=1 or -Wformat-length=2). If the warning is implemented in builtin folding, I guess this has to be expected because there is no range information, and warning for all %us similar to those in the example would produce too many false positives.

Florian


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]