[PATCH 2/4] enhance overflow and truncation detection in strncpy and strncat (PR 81117)
Martin Sebor
msebor@gmail.com
Mon Aug 14 18:04:00 GMT 2017
On 08/09/2017 11:00 PM, Jeff Law wrote:
> On 08/06/2017 02:07 PM, Martin Sebor wrote:
>> Part 2 of the series adds attribute nostring to annotate arrays
>> of and pointers to char with that are intended to store sequences
>> of characters that aren't necessarily valid (nul-terminated)
>> strings. In the subsequent patch the attribute is relied on to
>> avoid diagnosing strcncpy calls that truncate strings and create
>> such copies. In the future I'd like to also use the attribute
>> to diagnose when arrays or pointers with the attribute are passed
>> to functions that expect nul-terminated strings (such as strlen
>> or strcpy).
>>
>> Martin
>>
>>
>> gcc-81117-2.diff
>>
>>
>> PR c/81117 - Improve buffer overflow checking in strncpy
>>
>> gcc/ChangeLog:
>>
>> PR c/81117
>> * builtin-attrs.def (attribute nonstring): New.
>> * doc/extend.texi (attribute nonstring): Document new attribute.
>>
>> gcc/c-family/ChangeLog:
>>
>> PR c/81117
>> * c-attribs.c (c_common_attribute_table): Add nonstring entry.
>> (handle_nonstring_attribute): New function.
>>
>> gcc/testsuite/ChangeLog:
>>
>> PR c/81117
>> * c-c++-common/attr-nonstring-1.c: New test.
>>
>> --- a/gcc/builtin-attrs.def
>> +++ b/gcc/builtin-attrs.def
>> @@ -93,6 +93,7 @@ DEF_ATTR_IDENT (ATTR_FORMAT, "format")
>> DEF_ATTR_IDENT (ATTR_FORMAT_ARG, "format_arg")
>> DEF_ATTR_IDENT (ATTR_MALLOC, "malloc")
>> DEF_ATTR_IDENT (ATTR_NONNULL, "nonnull")
>> +DEF_ATTR_IDENT (ATTR_NONSTRING, "nonstring")
>> DEF_ATTR_IDENT (ATTR_NORETURN, "noreturn")
>> DEF_ATTR_IDENT (ATTR_NOTHROW, "nothrow")
>> DEF_ATTR_IDENT (ATTR_LEAF, "leaf")
> So all the attributes here are associated with functions I believe.
> You're defining a variable attribute. In fact, I'm not even sure that
> variable attributes get a DEF_ATTR_<whatever>
I assumed every attribute needed to define an identifier but
nothing broke after I removed it so it looks like you're right
variable attributes don't need one. Go figure. It would be
nice if there was a comment above the block that mentioned that.
I'll try to remember to add one separately.
>> diff --git a/gcc/doc/extend.texi b/gcc/doc/extend.texi
>> index b253ccc..1954ca5 100644
>> --- a/gcc/doc/extend.texi
>> +++ b/gcc/doc/extend.texi
>> @@ -5835,6 +5835,30 @@ The @code{deprecated} attribute can also be used for functions and
>> types (@pxref{Common Function Attributes},
>> @pxref{Common Type Attributes}).
>>
>> +@item nonstring (@var{nonstring})
>> +@cindex @code{nonstring} variable attribute
>> +The @code{nonstring} variable attribute specifies that an object or member
>> +declaration with type array of @code{char} or pointer to @code{char} is
>> +intended to store character arrays that do not necessarily contain
>> +a terminating @code{NUL} character. This is useful to avoid warnings
>> +when such an array or pointer is used as an argument to a bounded string
>> +manipulation function such as @code{strncpy}. For example, without the
>> +attribute, GCC will issue a warning for the call below because it may
>> +truncate the copy without appending the terminating NUL character. Using
>> +the attribute makes it possible to suppress the warning.
> [ ... ]
> I think this is in the wrong section, I believe it belongs in the
> "Variable Attributes" section.
It is in the Variable Attributes section. The "pxref{Common Type
Attributes})." reference above is just a cross-reference to the
Type Attributes section.
> Assuming you don't actually need the ATTR_NONSTRING, this patch is fine
> with that hunk removed and the documentation moved into the right section.
Okay, thanks.
Martin
More information about the Gcc-patches
mailing list