PATCH RFC: Warn about pointer wraparound with -Wstrict-overflow
Richard Guenther
richard.guenther@gmail.com
Tue Apr 8 21:18:00 GMT 2008
On Tue, Apr 8, 2008 at 10:56 PM, Ian Lance Taylor <iant@google.com> wrote:
> Jakub Jelinek <jakub@redhat.com> writes:
>
> > I agree, both that it is a good idea to make -fwrapv/-ftrapv affect
> > even pointer arithmetics and that we want this in 4.3 and maybe even
> > in 4.2. I'd just be interested to know how many warnings it will generate
> > on a few popular packages to see whether the warnings might be actually
> > useful for security investigators or whether there will be just too many
> > to make them useless.
>
> I ran the new compiler with -Wstrict-overflow=3 over an old set of cc1
> .i files. I got 95 warnings. Of those, exactly one was the new
> pointer wraparound warning.
>
> ../../trunk/gcc/sched-vis.c:49: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2
>
> It was for the "if (cur > end)" line in this function:
>
> static char *
> safe_concat (char *buf, char *cur, const char *str)
> {
> char *end = buf + BUF_LEN - 2; /* Leave room for null. */
> int c;
>
> if (cur > end)
> {
> *end = '\0';
> return end;
> }
>
>
> It is happening because, of course, this is being inlined, and cur is
> based on buf. This is a false positive. It's easy to avoid by
> writing the code as, e.g.,:
> if (cur - buf > BUF_LEN - 2)
>
>
> For an aggressive warning like -Wstrict-overflow=3, I think that one
> false positive on all of cc1 is not too bad. Especially when you
> consider that this is one false positive amidst 94 existing false
> positives.
How about some C++ code using libstdc++? (of course #pragma system_header
may save our day here)
Richard.
More information about the Gcc-patches
mailing list