On Tue, Oct 23, 2012 at 03:11:29PM +0200, Dodji Seketeli wrote:
> + /* (src, n) style memops. */
> + case BUILT_IN_STRNDUP:
> + source0 = gimple_call_arg (call, 0);
> + len = gimple_call_arg (call, 1);
> + break;
I think you can't instrument strndup either, the length is just a limit
there, it can copy fewer characters than that if strlen (source0) is
shorter. libasan intercepts strndup I think.
> + /* (src, x, n) style memops. */
> + case BUILT_IN_MEMCHR:
> + source0 = gimple_call_arg (call, 0);
> + len = gimple_call_arg (call, 2);
And similarly for memchr, you could call
p = malloc (4096);
p[4095] = 1;
x = memchr (p, 1, 8192);
and it shouldn't read anything past the end of the
allocated area.
Jakub
