On Mon, Sep 26, 2016 at 09:34:15AM -0600, Jeff Law wrote:
> On 09/26/2016 09:20 AM, Florian Weimer wrote:
> >* Jeff Law:
> >
> >>On 09/25/2016 03:46 AM, Bernd Edlinger wrote:
> >>>Hi Martin,
> >>>
> >>>in the past I have seen (and fixed) code like
> >>>
> >>>sprintf(buf, "%s %d", buf, x);
> >>>
> >>>that may possibly work by chance, but usually
> >>>produces undefined results.
> >>>
> >>>Do you see a way to enhance the warning for cases
> >>>where the output buffer overlaps an input buffer?
> >
> >>ISTM you really need strong PTA analysis here to nail down the
> >>pointers to a single object, then you can query their ranges and look
> >>for overlap.
> >
> >We could detect this at run time in glibc with reasonable cost, I
> >think. We should probably introduce new symbol versions if we do
> >that, to avoid breaking existing applications needlessly.
> Probably not a bad idea. memstomp doesn't catch it for sprintf & friends --
> it was deemed too painful to detect :-)
Well, the _chk* printf entrypoints already kind of handle it, you end up
with "" being copied instead of the original string, so lots of broken
programs were already fixed.
Detecting it in the compiler at least for the easy cases wouldn't be that
hard.
Jakub
