This is the mail archive of the
gcc-patches@gcc.gnu.org
mailing list for the GCC project.
Re: [PATCH] - improve sprintf buffer overflow detection (middle-end/49905)
- From: Martin Sebor <msebor at gmail dot com>
- To: Bernd Schmidt <bschmidt at redhat dot com>, Gcc Patch List <gcc-patches at gcc dot gnu dot org>, Joseph Myers <joseph at codesourcery dot com>, Jakub Jelinek <jakub at redhat dot com>, Richard Biener <rguenther at suse dot de>
- Date: Tue, 12 Jul 2016 15:43:50 -0600
- Subject: Re: [PATCH] - improve sprintf buffer overflow detection (middle-end/49905)
- Authentication-results: sourceware.org; auth=none
- References: <5776B33E.2080504@gmail.com> <d92be3ef-249b-32e7-a6fb-01e88146e10f@redhat.com>
On 07/12/2016 06:32 AM, Bernd Schmidt wrote:
On 07/01/2016 08:15 PM, Martin Sebor wrote:
The attached patch enhances compile-time checking for buffer overflow
and output truncation in non-trivial calls to the sprintf family of
functions under a new option -Wformat-length=[12]. This initial
patch handles printf directives with string, integer, and simple
floating arguments but eventually I'd like to extend it all other
functions and directives for which it makes sense.
On the whole I think this looks good.
Thanks the detailed review!
Beyond these I have no objections to the patch but ideally a C frontend
maintainer would given an explicit ack as well.
In response to prior comments from Jakub and Richard I have actually
moved the patch to the middle end, into a pass of its own where it
works with LTO, and where it can also be used to optimize branches
based on the functions' return value (when they are known to be
exact).
I will make the changes you suggested (those that apply) and post
an updated patch for review soon that should be closer to final
than the initial prototype.
Martin