On 04/27/2016 03:55 AM, Bernd Schmidt wrote:
On 04/26/2016 11:23 PM, Martin Sebor wrote:
The documentation for the new option implies that it should warn
for calls to memset where the third argument contains the number
of elements not multiplied by the element size. But in my (quick)
testing it only warns when the argument is a constant equal to
the number of elements and less than the size of the array. For
example, neither of the following is diagnosed:
int a [4];
__builtin_memset (a, 0, 2 + 2);
__builtin_memset (a, 0, 4 * 1);
__builtin_memset (a, 0, 3);
__builtin_memset (a, 0, 4 * sizeof a);
If it's possible and not too difficult, it would be nice if
the detection logic could be made a bit smarter to also diagnose
these less trivial cases (and matched the documented behavior).
I've thought about some of these cases. The problem is there are
legitimate cases of calling memset for only part of an array. I wanted
to start with something that is unlikely to give false positives.
A multiplication by the wrong sizeof would be a nice thing to spot.
Would you like to work on followup patches? I probably won't get to it
in a while.
Yes, I think enhancing this warning would be in line with
the _FORTIFY_SOURCE improvements I'm starting to look into now.
I agree that minimizing false positives is important. I'm not
sure there is complete consensus on exactly what qualifies as
a false positive, but that's probably a discussion we can have
once we have a patch and some tests to look at).
Martin
