I'm looking for a review of the patch below: https://gcc.gnu.org/ml/gcc-patches/2016-11/msg00779.html
Thanks On 11/08/2016 05:09 PM, Martin Sebor wrote:
The -Wformat-length checker relies on the compute_builtin_object_size function to determine the size of the buffer it checks for overflow. The function returns either a size computed by the tree-object-size pass for objects referenced by the __builtin_object_size intrinsic (if it's used in the program) or it tries to compute it for a small subset of expressions otherwise. This subset doesn't include objects allocated by either malloc or alloca, and so for those the function returns "unknown" or (size_t)-1 in the case of -Wformat-length. As a consequence, -Wformat-length is unable to detect overflows involving such objects. The attached patch adds a new function, compute_object_size, that uses the existing algorithms to compute and return the sizes of allocated objects as well, as if they were referenced by __builtin_object_size in the program source, enabling the -Wformat-length checker to detect more buffer overflows. Martin PS The function makes use of the init_function_sizes API that is otherwise unused outside the tree-object-size pass to initialize the internal structures, but then calls fini_object_sizes to release them before returning. That seems wasteful because the size of the same object or one related to it might need to computed again in the context of the same function. I experimented with allocating and releasing the structures only when current_function_decl changes but that led to crashes. I suspect I'm missing something about the management of memory allocated for these structures. Does anyone have any suggestions how to make this work? (Do I perhaps need to allocate them using a special allocator so they don't get garbage collected?)