On 12/14/2017 12:04 PM, Jeff Law wrote:
On 12/14/2017 11:55 AM, Jakub Jelinek wrote:
On Thu, Dec 14, 2017 at 11:51:26AM -0700, Martin Sebor wrote:
Well, it would be nice to get sanitizers diagnose this at runtime. If we
know the array length at compile time, simply compare after the strlen
call the result and fail if it returns something above it. Or replace
the strlen call with strnlen for the compile time known size and add
instrumentation if strnlen returns the second argument.
Sure, that sounds like a useful enhancement. I'll look into
adding it as a follow-on patch unless you feel that it needs
to be part of the same package.
The problem is if we'll need changes to libubsan for that (which we'll
likely do), then those need to be upstreamed, and e.g. my attempts
to upstream simple patch to diagnose noreturn function returns is suspended
upstream because clang doesn't have that support (and I have no interest
in adding to to clang).
In theory we could have some GCC only file in there, but then we'd be ABI
incompatible with them.
So defer the sanitization side until Clang catches up?
I've committed the patch as is in r255790. If I have some spare
cycles I'll see if the instrumentation is possible without changing
libubsan.
Martin
