sprintf warning on overlapping output

Jeff Law law@redhat.com
Mon Sep 26 15:34:00 GMT 2016


On 09/26/2016 09:20 AM, Florian Weimer wrote:
> * Jeff Law:
>
>> On 09/25/2016 03:46 AM, Bernd Edlinger wrote:
>>> Hi Martin,
>>>
>>> in the past I have seen (and fixed) code like
>>>
>>> sprintf(buf, "%s %d", buf, x);
>>>
>>> that may possibly work by chance, but usually
>>> produces undefined results.
>>>
>>> Do you see a way to enhance the warning for cases
>>> where the output buffer overlaps an input buffer?
>
>> ISTM you really need strong PTA analysis here to nail down the
>> pointers to a single object, then you can query their ranges and look
>> for overlap.
>
> We could detect this at run time in glibc with reasonable cost, I
> think.  We should probably introduce new symbol versions if we do
> that, to avoid breaking existing applications needlessly.
Probably not a bad idea.  memstomp doesn't catch it for sprintf & 
friends -- it was deemed too painful to detect :-)


>
> Or we could make this well-defined because it is such a useful
> extension.
That just encourages developers to write non-portable code.  I'd rather 
see this kind of thing halt the program in its tracks before wandering 
into the realm of undefined or implementation defined behavior.

jeff



More information about the Gcc mailing list