r218063 - Patch to check at compile time for overflow when
jahanian
fjahanian at apple.com
Fri Sep 19 08:42:22 PDT 2014
On Sep 18, 2014, at 4:31 PM, jahanian <fjahanian at apple.com> wrote:
>>
>> I am not sure what you mean. memcpy does not do any checking for overflow. You may do the checking for overflow before calling
>> memcpy yourself (essentially do what __builtin_memcpy_chk does).
>>
>> But it's detectable at compile time, right? Consider this, slightly changed from your tests:
>>
>> static char buf[10];
>> memcpy(&buf[6], in, 5);
>>
>> Is there any reason this shouldn't say "memcpy will always overflow destination buffer”?
>
>
> On the surface there is no reason. But manage does not disallow this and there will be applications which probably take advantage of this relaxation.
Btw, on second thought, this might be a worthwhile feature for those who do not redefine memcpy to their __builtin_memcpy_chk siblings (provided it is
placed under its own security warning flag). It might be worth a bugzilla report.
- Thanks, Fariborz
>
> - fariborz
>
>
> _______________________________________________
> cfe-commits mailing list
> cfe-commits at cs.uiuc.edu
> http://lists.cs.uiuc.edu/mailman/listinfo/cfe-commits
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/cfe-commits/attachments/20140919/9f780c8a/attachment.html>
More information about the cfe-commits
mailing list