This is the mail archive of the
gcc-bugs@gcc.gnu.org
mailing list for the GCC project.
[Bug c++/67942] New: diagnose placement new buffer overflow
- From: "msebor at gcc dot gnu.org" <gcc-bugzilla at gcc dot gnu dot org>
- To: gcc-bugs at gcc dot gnu dot org
- Date: Mon, 12 Oct 2015 18:16:16 +0000
- Subject: [Bug c++/67942] New: diagnose placement new buffer overflow
- Auto-submitted: auto-generated
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=67942
Bug ID: 67942
Summary: diagnose placement new buffer overflow
Product: gcc
Version: 6.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: c++
Assignee: unassigned at gcc dot gnu.org
Reporter: msebor at gcc dot gnu.org
Target Milestone: ---
C++ placement new expression is known to be subject to buffer overflow flaws
(see for example [1]). For instance, in the program below, the placement new
expression writes past the end of the local buffer buf. In many cases of its
use (including the one below), GCC has sufficient information to detect and
diagnose such defects. This bug tracks the proposed implementation of this
detection.
#include <new>
struct S {
int a [4];
} s;
void f (S *s) {
char buf [sizeof s];
S *t = new (buf) S (*s);
// ...
}
A New Class of Buffer Overflow Attacks, Kundu, A., Bertino, E., 31st
International Conference on Distributed Computing Systems (ICDCS), 2011
http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=5961725