[PATCH] - improve sprintf buffer overflow detection (middle-end/49905)
Manuel López-Ibáñez
lopezibanez@gmail.com
Thu Jul 14 01:57:00 GMT 2016
On 01/07/16 19:15, Martin Sebor wrote:
+ /* Differentiate between an exact and inexact buffer overflow
+ or truncation. */
+ const char *fmtstr;
+ if (res->number_chars < 0)
+ fmtstr = info->bounded
+ ? "output may be truncated at or before format character "
+ "%qc at offset %qlu past the end of a region of size %qlu"
+ : "writing format character %qc at offset %qlu "
+ "in a region of size %qlu";
+ else
+ fmtstr = info->bounded
+ ? "output truncated at format character %qc at offset %qlu "
+ "just past the end of a region of size %qlu"
+ : "writing format character %qc at offset %qlu "
+ "just past the end of a region of size %qlu";
+ warning_at (loc, OPT_Wformat_length_, fmtstr,
+ format_chars [-1], off - 1,
+ (unsigned long)info->objsize);
+ }
I'm not sure gettext can parse the text of format strings given like this. It
may be smarter enough if the conditional expression is directly the argument to
warning_at. GCC's -Wformat has the same limitations. Of course, the fool-proof
way is to use multiple calls to warning_at.
Cheers,
Manuel.
More information about the Gcc-patches
mailing list