[PATCH] use get_size_range to get allocated size (PR 92942)
Martin Sebor
msebor@gmail.com
Fri Aug 28 17:12:26 GMT 2020
The gimple_call_alloc_size() function that determines the range
of sizes of allocated objects and constrains the bounds in calls
to functions like memcpy calls get_range() instead of
get_size_range() to obtain its result. The latter is the right
function to call because it has the necessary logic to constrain
the range to just the values that are valid for object sizes.
This is especially useful when the range is the result of
a conversion from a signed to a wider unsigned integer where
the upper subrange is excessive and can be eliminated such as in:
char* f (int n)
{
if (n > 8)
n = 8;
char *p = malloc (n);
strcpy (p, "0123456789"); // buffer overflow
...
}
Attached is a fix that lets -Wstringop-overflow diagnose the buffer
overflow above. Besides with GCC I have also tested the change by
building Binutils/GDB and Glibc and verifying that it doesn't
introduce any false positives.
Martin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: gcc-92942.diff
Type: text/x-patch
Size: 12484 bytes
Desc: not available
URL: <https://gcc.gnu.org/pipermail/gcc-patches/attachments/20200828/e1bb85bf/attachment-0001.bin>
More information about the Gcc-patches
mailing list