On 08/13/2018 03:28 PM, Martin Sebor wrote:
> The attached changes implement the detection of past-the-end reads
> by the sprintf family of functions due to unterminated arguments to
> %s directives.
>
> gcc-86552-4.diff
>
>
> PR tree-optimization/86552 - missing warning for reading past the end of
> non-string arrays
>
> gcc/ChangeLog:
>
> * gimple-ssa-sprintf.c (struct fmtresult): Add new member and
> initialize it.
> (get_string_length): Detect unterminated arrays.
> (format_string): Same.
> (format_directive): Warn about unterminated arrays.
>
> gcc/testsuite/ChangeLog:
>
> * gcc.dg/warn-sprintf-no-nul.c: New test.
Largely the same state as #2 and #3.
I am getting a failure from the test though. It looks like the sprintf
code is turning an offending sprintf call into a strcpy call and we end
up getting a warning from both.
> @@ -2988,6 +3002,18 @@ format_directive (const sprintf_dom_walker::call_info
> &info,
> fmtres.range.min, fmtres.range.max);
> }
>
> + if (!warned && fmtres.nonstr)
> + {
> + warned = fmtwarn (dirloc, argloc, NULL, info.warnopt (),
> + "%<%.*s%> directive argument is not a nul-terminated "
> + "string",
> + dirlen,
> + target_to_host (hostdir, sizeof hostdir, dir.beg));
> + if (warned && DECL_P (fmtres.nonstr))
> + inform (DECL_SOURCE_LOCATION (fmtres.nonstr),
> + "referenced argument declared here");
> + }
> +
ISTM that returning false from this point should address the issue.
Essentially preventing the sprintf->strcpy transformation if the
directive argument is not NUL terminated.
I'll own this just like #2 and #3.
jeff
