This is the mail archive of the
gcc-bugs@gcc.gnu.org
mailing list for the GCC project.
[Bug middle-end/49905] Better sanity checking on sprintf src & dest to produce warning for dodgy code ?
- From: "dcb314 at hotmail dot com" <gcc-bugzilla at gcc dot gnu dot org>
- To: gcc-bugs at gcc dot gnu dot org
- Date: Tue, 03 May 2016 07:10:54 +0000
- Subject: [Bug middle-end/49905] Better sanity checking on sprintf src & dest to produce warning for dodgy code ?
- Auto-submitted: auto-generated
- References: <bug-49905-4 at http dot gcc dot gnu dot org/bugzilla/>
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=49905
--- Comment #5 from David Binderman <dcb314 at hotmail dot com> ---
(In reply to Martin Sebor from comment #3)
> 5.1 and 6.1 warn on the first six out of the ten buffer overflows, and on
> Linux the program aborts at runtime in __sprintf_chk.
>
> GCC still doesn't diagnose any of the last four problems at compile time
My local version does. Some tweeks to gcc/builtins.c. 69 formats understood.
> (e.g., in 'char buf [4]; sprintf (buf, "%s %s", "abc", "def");') It seems
> that this class of problems could be handled by enhancing
> maybe_emit_sprintf_chk_warning to loop over the format string, recognize
> more involved format strings with embedded %s (and other simple directives),
> and count the number of characters they emit for constant arguments.
Indeed. Anything it doesn't understand it can afford to ignore.
It is only computing a lower bound.
> For slightly better compile-time coverage the approach could even assume that
> simple non-string directives like %i result in at least one character and
> compute an optimistic lower bound on the length of the formatted string.
That's right - it could even take account of other things like field widths.
My local version can find all the problems mentioned in the original bug
report.
Speculative patch attached. It'll need a lot of work to get it up to the
required standard, but it gives the general idea and it's been working
happily locally for years over the code of Redhat Fedora Linux and some
other projects.