c/4967: GCC should warn about obvious violations of restrict
Joseph S. Myers
jsm28@cam.ac.uk
Mon Nov 19 03:11:00 GMT 2001
On Thu, 29 Nov 2001, Andreas Jaeger wrote:
> whether a call is defined or not. A call sprintf_restrict (buf, buf)
> would only be undefined when the function writes to both pointers but
> this cannot be detected at the call side for e.g. library
> functions:-(.
Only when it writes to the same object via one pointer as it accesses by
the other, indeed. Adding 25 to the second pointer, then copying 25 bytes
from the first to the second, or something more complicated where each
byte is only accessed via one of the pointers, would still be OK.
You could always work out some way to annotate function declarations with
information about how much is read or written from each argument and
whether aliasing is OK (note that the restrict qualifiers in declarations
not part of the definition are still irrelevant and are effectively
ignored (6.7.5.3#15), but you could define them to be relevant in
interpreting such an attribute). I'd like to get -Wformat-security to
warn about sprintf into fixed-length buffers that might be too short for
the format, and similar such possible security holes.
--
Joseph S. Myers
jsm28@cam.ac.uk
More information about the Gcc-bugs
mailing list