On 11/13/16, Martin Sebor <mse...@gmail.com> wrote: > Bug 77531 requests a new warning for calls to allocation functions > (those declared with attribute alloc_size(X, Y)) that overflow the > computation X * Z of the size of the allocated object. > > Bug 78284 suggests that detecting and diagnosing other common errors > in calls to allocation functions, such as allocating more space than > SIZE_MAX / 2 bytes, would help prevent subsequent buffer overflows. > > The attached patch adds two new warning options, -Walloc-zero and > -Walloc-larger-than=bytes that implement these two enhancements. > The patch is not 100% finished because, as it turns out, the GCC > allocation built-ins (malloc et al.) do not make use of the > attribute and so don't benefit from the warnings. The tests are > also incomplete, and there's at least one bug in the implementation > I know about. > > I'm posting the patch while stage 1 is still open and to give > a heads up on it and to get early feedback. I expect completing > it will be straightforward. > > Martin > > PS The alloc_max_size function added in the patch handles sizes > specified using suffixes like KB, MB, etc. I added that to make > it possible to specify sizes in excess of the maximum of INT_MAX > that (AFAIK) options that take integer arguments handle out of > the box. It only belatedly occurred to me that the suffixes > are unnecessary if the option argument is handled using strtoull. > I can remove the suffix (as I suspect it will raise objections) > but I think that a general solution along these lines would be > useful to let users specify large byte sizes in other options > as well (such -Walloca-larger-than, -Wvla-larger-then). Are > there any suggestions or preferences? >
-Walloc-larger-than looks way too similar to -Walloca-larger-than; at first I was confused as to why you were adding the same flag again until I spotted the one letter difference. Maybe come up with a name that looks more distinct? Just something to bikeshed about.
