[LLVMdev] Handling of unsafe functions

Chris Lattner clattner at apple.com
Thu Sep 20 10:13:21 PDT 2012


On Sep 20, 2012, at 3:01 AM, Dmitri Gribenko <gribozavr at gmail.com> wrote:

> On Wed, Sep 19, 2012 at 3:00 AM, Martinez, Javier E
> <javier.e.martinez at intel.com> wrote:
>> We have identified functions in LLVM sources using a static code analyzer
>> which are marked as a “security vulnerability”[1][2]. There has been work
>> already done to address some of them for Linux (e.g. snprintf). We are
>> attempting to solve this issue in a comprehensive fashion across all
>> platforms. Most of the functions identified are for manipulating strings.
>> Memcpy is the most commonly used of all these unsecure methods. The
>> following table lists all these functions are their recommended secure
>> alternatives.
> 
> I am strongly opposed to using *_s functions.  The issue is that they
> are no more "secure" than original functions.  One can still pass the
> destination buffer length incorrectly, especially if it is not known
> at compile time and should be computed.
> 
> I agree with Sean that we should move the code using C strings to LLVM
> safe data types.

I agree.

> 
> And one more thing: it is interesting that the "unsafe"
> APFloat::convertToHexString (from your patch) is not used anywhere.

Zap it!  Oh wait, is it used by Clang or something else?

-Chris



More information about the llvm-dev mailing list