On Thu, Sep 20, 2012 at 10:13 AM, Chris Lattner <span dir="ltr"><<a href="mailto:clattner@apple.com" target="_blank">clattner@apple.com</a>></span> wrote:<br><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div class="im"><br>
On Sep 20, 2012, at 3:01 AM, Dmitri Gribenko <<a href="mailto:gribozavr@gmail.com">gribozavr@gmail.com</a>> wrote:<br>
<br>
> On Wed, Sep 19, 2012 at 3:00 AM, Martinez, Javier E<br>
> <<a href="mailto:javier.e.martinez@intel.com">javier.e.martinez@intel.com</a>> wrote:<br>
>> We have identified functions in LLVM sources using a static code analyzer<br>
>> which are marked as a “security vulnerability”[1][2]. There has been work<br>
>> already done to address some of them for Linux (e.g. snprintf). We are<br>
>> attempting to solve this issue in a comprehensive fashion across all<br>
>> platforms. Most of the functions identified are for manipulating strings.<br>
>> Memcpy is the most commonly used of all these unsecure methods. The<br>
>> following table lists all these functions are their recommended secure<br>
>> alternatives.<br>
><br>
> I am strongly opposed to using *_s functions. The issue is that they<br>
> are no more "secure" than original functions. One can still pass the<br>
> destination buffer length incorrectly, especially if it is not known<br>
> at compile time and should be computed.<br>
><br>
> I agree with Sean that we should move the code using C strings to LLVM<br>
> safe data types.<br>
<br>
</div>I agree.<br>
<div class="im"><br>
><br>
> And one more thing: it is interesting that the "unsafe"<br>
> APFloat::convertToHexString (from your patch) is not used anywhere.<br>
<br>
</div>Zap it! Oh wait, is it used by Clang or something else?</blockquote><div><br></div><div>Clang doesn't use it, but LLDB does, with an arbitrary-seeming 256-character buffer. Perhaps we should change it to take an llvm::SmallVectorImpl<char>, rather than relying on a character buffer "which must be of sufficient size".</div>
</div>