This is the mail archive of the gcc-patches@gcc.gnu.org mailing list for the GCC project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: [PATCH] include size and offset in -Wstringop-overflow

From: Bernhard Reutner-Fischer <rep dot dot dot nop at gmail dot com>
To: gcc-patches at gcc dot gnu dot org,Martin Sebor <msebor at gmail dot com>,Jeff Law <law at redhat dot com>,gcc-patches <gcc-patches at gcc dot gnu dot org>
Date: Mon, 11 Nov 2019 12:30:39 +0100
Subject: Re: [PATCH] include size and offset in -Wstringop-overflow
References: <9d3210bf-e1bd-81ac-b1a0-5c66c8ec6db7@gmail.com> <6f6bdef6-0d0d-0303-b870-10ff2b036444@redhat.com> <41e6f241-2361-487d-1bb0-c376df10a116@gmail.com> <517e840d-7b24-7bbd-1981-0db5e3c9b036@redhat.com> <c9d01c93-777d-4297-72f3-6370358f5683@gmail.com> <ed464e97-8a13-e0eb-9632-754ea9f34dc7@gmail.com>

On 8 November 2019 17:57:51 CET, Martin Sebor <msebor@gmail.com> wrote:
>On 11/6/19 2:06 PM, Martin Sebor wrote:
>> On 11/6/19 1:39 PM, Jeff Law wrote:
>>> On 11/6/19 1:27 PM, Martin Sebor wrote:
>>>> On 11/6/19 11:55 AM, Jeff Law wrote:
>>>>> On 11/6/19 11:00 AM, Martin Sebor wrote:
>>>>>> The -Wstringop-overflow warnings for single-byte and multi-byte
>>>>>> stores mention the amount of data being stored and the amount of
>>>>>> space remaining in the destination, such as:
>>>>>>
>>>>>>
>warning: writing 4 bytes into a region of size 0 [-Wstringop-overflow=]
>
>>>>>>
>>>>>>     123 |   *p = 0;
>>>>>>         |   ~~~^~~
>>>>>> note: destination object declared here
>>>>>>      45 |   char b[N];
>>>>>>         |        ^
>>>>>>
>>>>>>
>A warning like this can take some time to analyze.  First, the size
>>>>>>
>of the destination isn't mentioned and may not be easy to tell from
>>>>>> the sources.  In the note above, when N's value is the result of
>>>>>>
>some non-trivial computation, chasing it down may be a small project
>>>>>>
>in and of itself.  Second, it's also not clear why the region size
>>>>>> is zero.  It could be because the offset is exactly N, or because
>>>>>> it's negative, or because it's in some range greater than N.
>>>>>>
>>>>>> Mentioning both the size of the destination object and the offset
>>>>>>
>makes the existing messages clearer, are will become essential when
>>>>>> GCC starts diagnosing overflow into allocated buffers (as my
>>>>>> follow-on patch does).
>>>>>>
>>>>>> The attached patch enhances -Wstringop-overflow to do this by
>>>>>> letting compute_objsize return the offset to its caller, doing
>>>>>> something similar in get_stridx, and adding a new function to
>>>>>> the strlen pass to issue this enhanced warning (eventually, I'd
>>>>>> like the function to replace the -Wstringop-overflow handler in
>>>>>>
>builtins.c).  With the change, the note above might read something
>>>>>> like:
>>>>>>
>>>>>> note: at offset 11 to object ‘b’ with size 8 declared here
>>>>>>      45 |   char b[N];
>>>>>>         |        ^
>>>>>>

Is "to object" correct? Into? I somehow fund it hard to read as proposed.

thanks,

Follow-Ups:
- Re: [PATCH] include size and offset in -Wstringop-overflow
  - From: Martin Sebor

References:
- [PATCH] include size and offset in -Wstringop-overflow
  - From: Martin Sebor
- Re: [PATCH] include size and offset in -Wstringop-overflow
  - From: Jeff Law
- Re: [PATCH] include size and offset in -Wstringop-overflow
  - From: Martin Sebor
- Re: [PATCH] include size and offset in -Wstringop-overflow
  - From: Jeff Law
- Re: [PATCH] include size and offset in -Wstringop-overflow
  - From: Martin Sebor
- Re: [PATCH] include size and offset in -Wstringop-overflow
  - From: Martin Sebor

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]