[CC Jason]
When you have a chance, the patch is at the link below for review:
https://gcc.gnu.org/ml/gcc-patches/2015-10/msg02001.html
On 10/20/2015 01:57 PM, Martin Sebor wrote:
Attached is a slightly updated patch that tweaks the diagnostic
messages to avoid assuming the English punctuation, and adds
a few test cases exercising the text of the diagnostics.
Martin
On 10/13/2015 11:22 AM, Martin Sebor wrote:
C++ placement new expression is susceptible to buffer overflow flaws
(see [1]). In many such cases GCC has sufficient information to
detect and diagnose such defects. The attached patch is a starting
point for this feature. It lets GCC diagnose basic cases of buffer
overflows when both the size of the buffer and the type being
constructed are constant expressions. A more sophisticated
implementation would try to detect additional cases in a manner
similar to _FORTIFY_SOURCE.
Besides buffer overflow, placement new can also be misused to
construct objects in unaligned storage (also discussed in the paper
below). I leave diagnosing such cases and improving the detection
of buffer overflows via a mechanism like Object Size Checking for
a future patch.
Tested on x86_64 with no regressions.
Martin
[1] A New Class of Buffer Overflow Attacks, Kundu, A., Bertino, E.,
31st International Conference on Distributed Computing Systems (ICDCS),
2011 http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=5961725