https://gcc.gnu.org/bugzilla/show_bug.cgi?id=67942
Bug ID: 67942
Summary: diagnose placement new buffer overflow
Product: gcc
Version: 6.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: c++
Assignee: unassigned at gcc dot gnu.org
Reporter: msebor at gcc dot gnu.org
Target Milestone: ---
C++ placement new expression is known to be subject to buffer overflow flaws
(see for example [1]). For instance, in the program below, the placement new
expression writes past the end of the local buffer buf. In many cases of its
use (including the one below), GCC has sufficient information to detect and
diagnose such defects. This bug tracks the proposed implementation of this
detection.
#include <new>
struct S {
int a [4];
} s;
void f (S *s) {
char buf [sizeof s];
S *t = new (buf) S (*s);
// ...
}
A New Class of Buffer Overflow Attacks, Kundu, A., Bertino, E., 31st
International Conference on Distributed Computing Systems (ICDCS), 2011
http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=5961725
