This is the mail archive of the
gcc-patches@gcc.gnu.org
mailing list for the GCC project.
Re: [PING 2] [PATCH] c++/67942 - diagnose placement new buffer overflow
- From: Jason Merrill <jason at redhat dot com>
- To: Martin Sebor <msebor at gmail dot com>, Gcc Patch List <gcc-patches at gcc dot gnu dot org>
- Date: Mon, 2 Nov 2015 21:40:56 -0500
- Subject: Re: [PING 2] [PATCH] c++/67942 - diagnose placement new buffer overflow
- Authentication-results: sourceware.org; auth=none
- References: <561D3DEC dot 5090209 at gmail dot com> <5626D4D0 dot 4010603 at gmail dot com> <562ED7E4 dot 8030001 at gmail dot com>
On 10/26/2015 09:48 PM, Martin Sebor wrote:
+ while (TREE_CODE (oper) == NOP_EXPR)
+ oper = TREE_OPERAND (oper, 0);
This is STRIP_NOPS.
+ to placement new is not checked since it's unknownwhat it might
Missing space.
+ else if (TREE_CODE (oper) == ADDR_EXPR) {
The brace should go on its own line.
+ /* A possibly optimistic estimate Number of bytes available
Maybe "of the number"?
+ /* When the referenced object is a member of a union, use the size
+ of the entire union as the size of the buffer. */
Why? If we're accessing one union member, we should limit the allowed
space to the size of that member.
+ if (bytes_avail <= abs (adjust))
+ bytes_avail = 0;
+ else if (0 <= adjust)
+ bytes_avail -= adjust;
+ else
+ bytes_avail += adjust;
If adjust is negative, I would think that we would have returned already
because we were dealing with an offset from a pointer of unknown value.
It also seems that you're being careful to avoid bytes_avail going
negative, so I wonder why you have it signed and bytes_need unsigned.
+ warning_at (EXPR_LOC_OR_LOC (orig_oper, input_location),
Let's remember this location early on so you don't need orig_oper.
Jason