On 09/26/2016 09:20 AM, Florian Weimer wrote:
* Jeff Law:
On 09/25/2016 03:46 AM, Bernd Edlinger wrote:
Hi Martin,
in the past I have seen (and fixed) code like
sprintf(buf, "%s %d", buf, x);
that may possibly work by chance, but usually
produces undefined results.
Do you see a way to enhance the warning for cases
where the output buffer overlaps an input buffer?
ISTM you really need strong PTA analysis here to nail down the
pointers to a single object, then you can query their ranges and look
for overlap.
We could detect this at run time in glibc with reasonable cost, I
think. We should probably introduce new symbol versions if we do
that, to avoid breaking existing applications needlessly.
Probably not a bad idea. memstomp doesn't catch it for sprintf &
friends -- it was deemed too painful to detect :-)
Or we could make this well-defined because it is such a useful
extension.
That just encourages developers to write non-portable code. I'd rather
see this kind of thing halt the program in its tracks before wandering
into the realm of undefined or implementation defined behavior.
jeff
