This is the mail archive of the
gcc-bugs@gcc.gnu.org
mailing list for the GCC project.
[Bug tree-optimization/70717] missing warning on trivial buffer overflow
- From: "msebor at gcc dot gnu.org" <gcc-bugzilla at gcc dot gnu dot org>
- To: gcc-bugs at gcc dot gnu dot org
- Date: Fri, 22 Apr 2016 22:45:35 +0000
- Subject: [Bug tree-optimization/70717] missing warning on trivial buffer overflow
- Auto-submitted: auto-generated
- References: <bug-70717-4 at http dot gcc dot gnu dot org/bugzilla/>
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70717
Martin Sebor <msebor at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|UNCONFIRMED |NEW
Last reconfirmed| |2016-04-22
CC| |msebor at gcc dot gnu.org
Component|sanitizer |tree-optimization
Summary|-fsanitize=object-size as |missing warning on trivial
|warning |buffer overflow
Ever confirmed|0 |1
--- Comment #3 from Martin Sebor <msebor at gcc dot gnu.org> ---
I agree there's an opportunity to diagnose a subset of buffer overflows and
other simple out-of-bounds accesses during translation and without
optimization. For example, in the slightly less trivial example below, the
call to memcpy() clearly overwrites the destination buffer and could be
diagnosed (it is neither diagnosed nor prevented with _FORTIFY_SOURCE):
void f (unsigned N)
{
int a [N];
read (0, a, sizeof a);
char b [N];
memcpy (b, a, sizeof a);
write (1, b, sizeof a);
}
Rather than in the sanitizer which typically involves run-time instrumentation
and has a considerable performance overhead, I think it would be better done in
GCC under the -Warray-bounds option (without requiring optimization for the
simple cases). -Warray-bounds doesn't warn about code like the above even when
the value of N is a known (including a constant expression).
_FORTIFY_SOURCE could also be enhanced to detect this problem. Since this
latter part is something I'm supposed to be looking into I'll confirm this
request, adjust the Summary, and for lack of a better alternative set the
Component to tree-optimization.