[PATCH] D92892: [clang] Change builtin object size to be compatible with GCC when sub-object is invalid

Peter Collingbourne via Phabricator via cfe-commits cfe-commits at lists.llvm.org
Fri Jan 15 18:07:47 PST 2021


pcc added a comment.

This causes us to reject the following (reduced from AOSP):

  int sprintf(char* __s, const char* __fmt, ...)
      __attribute__((__format__(printf, 2, 3))) ;
  int sprintf(char* dest, const char* format)
      __attribute__((overloadable))
      __attribute__((enable_if(((__builtin_object_size(((dest)), (1))) != ((unsigned long) -1) && (__builtin_object_size(((dest)), (1))) < (__builtin_strlen(format))), "format string will always overflow destination buffer")))
  
      __attribute__((unavailable("format string will always overflow destination buffer")));
  
  void f() {
    unsigned char number_buffer[26] = {0};
    sprintf((char *)number_buffer, "null");
  }

It doesn't seem like we ought to be rejecting this case. Can you please take a look?


Repository:
  rG LLVM Github Monorepo

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D92892/new/

https://reviews.llvm.org/D92892



More information about the cfe-commits mailing list