[PING #2][PATCH] use get_size_range to get allocated size (PR 92942)
Martin Sebor
msebor@gmail.com
Wed Sep 30 22:25:01 GMT 2020
Ping: https://gcc.gnu.org/pipermail/gcc-patches/2020-August/552903.html
(I lost track of this patch.)
On 9/9/20 3:42 PM, Martin Sebor wrote:
> Ping: https://gcc.gnu.org/pipermail/gcc-patches/2020-August/552903.html
>
> On 8/28/20 11:12 AM, Martin Sebor wrote:
>> The gimple_call_alloc_size() function that determines the range
>> of sizes of allocated objects and constrains the bounds in calls
>> to functions like memcpy calls get_range() instead of
>> get_size_range() to obtain its result. The latter is the right
>> function to call because it has the necessary logic to constrain
>> the range to just the values that are valid for object sizes.
>> This is especially useful when the range is the result of
>> a conversion from a signed to a wider unsigned integer where
>> the upper subrange is excessive and can be eliminated such as in:
>>
>> char* f (int n)
>> {
>> if (n > 8)
>> n = 8;
>> char *p = malloc (n);
>> strcpy (p, "0123456789"); // buffer overflow
>> ...
>> }
>>
>> Attached is a fix that lets -Wstringop-overflow diagnose the buffer
>> overflow above. Besides with GCC I have also tested the change by
>> building Binutils/GDB and Glibc and verifying that it doesn't
>> introduce any false positives.
>>
>> Martin
>
More information about the Gcc-patches
mailing list