[Bug analyzer/105022] New: -Wanalyzer-tainted-allocation-size doesn't warn for custom allocators marked with "malloc" attribute

dmalcolm at gcc dot gnu.org via Gcc-bugs Tue, 22 Mar 2022 11:07:13 -0700

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105022


            Bug ID: 105022
           Summary: -Wanalyzer-tainted-allocation-size doesn't warn for
                    custom allocators marked with "malloc" attribute
           Product: gcc
           Version: 12.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: analyzer
          Assignee: dmalcolm at gcc dot gnu.org
          Reporter: dmalcolm at gcc dot gnu.org
  Target Milestone: ---

Given:

typedef __SIZE_TYPE__ size_t;

void *custom_alloc (size_t sz) __attribute__((malloc (__builtin_free)));

void * __attribute__ ((tainted_args))
test_ (size_t sz)
{
  return custom_alloc (sz);
}

and compiling with:
  -fanalyzer -fanalyzer-checker=taint

there is no output.  Ideally the analyzer should complain with
-Wanalyzer-tainted-allocation-size that "sz" is attacker-controlled.


https://godbolt.org/z/oohh39Gjj

[Bug analyzer/105022] New: -Wanalyzer-tainted-allocation-size doesn't warn for custom allocators marked with "malloc" attribute

Reply via email to