This is the mail archive of the
mailing list for the GCC project.
Re: [PATCH][ubsan] Add VLA bound instrumentation
- From: Marek Polacek <polacek at redhat dot com>
- To: "Joseph S. Myers" <joseph at codesourcery dot com>
- Cc: GCC Patches <gcc-patches at gcc dot gnu dot org>, Jakub Jelinek <jakub at redhat dot com>, Jason Merrill <jason at redhat dot com>
- Date: Mon, 16 Sep 2013 12:54:27 +0200
- Subject: Re: [PATCH][ubsan] Add VLA bound instrumentation
- Authentication-results: sourceware.org; auth=none
- References: <20130912122655 dot GN23899 at redhat dot com> <Pine dot LNX dot 4 dot 64 dot 1309121546080 dot 5614 at digraph dot polyomino dot org dot uk> <Pine dot LNX dot 4 dot 64 dot 1309121555130 dot 5614 at digraph dot polyomino dot org dot uk>
On Thu, Sep 12, 2013 at 04:05:48PM +0000, Joseph S. Myers wrote:
> On Thu, 12 Sep 2013, Joseph S. Myers wrote:
> > (Actually, I believe sizes (in bytes) greater than target PTRDIFF_MAX, not
> > just SIZE_MAX, should be caught, because pointer subtraction cannot work
> > reliably with larger objects. So it's not just when the size or
> > multiplication overflow size_t, but when they overflow ptrdiff_t.)
> And, to add a bit more to the list of possible ubsan features (is this
> todo list maintained anywhere?), even if the size is such that operations
> on the array are in principle defined, it's possible that adjusting the
> stack pointer by too much may take it into other areas of memory and so
> cause stack overflow that doesn't get detected by the kernel. So maybe
> ubsan should imply -fstack-check or similar.
> Everything about VLA checking - checks on the size being positive and on
> it not being larger than PTRDIFF_MAX, and on avoiding stack overflow -
> applies equally to alloca: calls to alloca should also be instrumented.
> (But I think alloca (0) is valid.)
Problem here is that libubsan doesn't contain appropriate routines for
this VLA/alloca extended checking, it really can only issue "variable
length array bound evaluates to non-positive value", nothing else.
So perhaps reach out to some clang mailing list and try to implement
it first in the libubsan...