[Bug c/35592] Want attribute to enable precision loss warning

manu at gcc dot gnu dot org Mon, 31 Mar 2008 19:54:05 -0700


------- Comment #3 from manu at gcc dot gnu dot org  2008-04-01 02:53 -------
(In reply to comment #2)
> 
> If the size_t given to memcpy is truncated, that does not overwrite a buffer.
> But if the size_t given to malloc is truncated, that is a pretty surefire way
> to find a security issue.


I guess that depends on how the conversion occurs:

int i = -5;
...
memcpy (dest, src, i);

I would have trouble defining which cases are security issues.

On the other hand, the truncation may actually take place far from where malloc
is called:

size_t len = 999999999999999LL;
...
buffer = malloc (len);

not sure how your proposal could handle that.


-- 

manu at gcc dot gnu dot org changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |manu at gcc dot gnu dot org


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=35592

[Bug c/35592] Want attribute to enable precision loss warning

Reply via email to