<div dir="ltr"><div class="gmail_extra"><div class="gmail_quote">On Thu, Sep 18, 2014 at 4:11 PM, jahanian <span dir="ltr"><<a href="mailto:fjahanian@apple.com" target="_blank">fjahanian@apple.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div style="word-wrap:break-word"><br><div><span class=""><div>On Sep 18, 2014, at 1:03 PM, Nico Weber <<a href="mailto:thakis@chromium.org" target="_blank">thakis@chromium.org</a>> wrote:</div><br><blockquote type="cite"><div dir="ltr"><div class="gmail_extra"><div class="gmail_quote">On Thu, Sep 18, 2014 at 11:38 AM, jahanian <span dir="ltr"><<a href="mailto:fjahanian@apple.com" target="_blank">fjahanian@apple.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><span><br>
On Sep 18, 2014, at 11:33 AM, Reid Kleckner <<a href="mailto:rnk@google.com" target="_blank">rnk@google.com</a>> wrote:<br>
<br>
> Cool! Do these warnings fire on plain memcpy if the system headers don't arrange for memcpy to route to __builtin__memcpy_chk? If so, can you add tests for plain prototyped memcpy as you did for strlcpy in the previous test?<br>
><br>
<br>
</span>No they don’t. Note that __builtin__memcpy_chk, etc. will have an added argument, __builtin_object_size, which will have<br>
the size of destination buffer and is needed to do the checking.<br></blockquote><div><br></div><div>But you can just call the code that does the computation that __builtin_object_size does when checking memcpy, right?</div></div></div></div></blockquote><div><br></div></span>I am not sure what you mean. memcpy does not do any checking for overflow. You may do the checking for overflow before calling</div><div>memcpy yourself (essentially do what __builtin_memcpy_chk does).</div></div></blockquote></div><br></div><div class="gmail_extra">But it's detectable at compile time, right? Consider this, slightly changed from your tests:</div><div class="gmail_extra"><br></div><div class="gmail_extra"><div class="gmail_extra"> static char buf[10];</div><div class="gmail_extra"> memcpy(&buf[6], in, 5);<br></div><div class="gmail_extra"><br>Is there any reason this shouldn't say "memcpy <span style="font-family:arial,sans-serif;font-size:13px">will always overflow destination buffer"?</span></div></div></div>