On Thu, Aug 25, 2016 at 11:27 PM, Josh Poimboeuf <jpoim...@redhat.com> wrote: > On Thu, Aug 25, 2016 at 10:14:36PM -0400, Kees Cook wrote: >> Okay, right. __builtin_object_size() is totally fine, I absolutely >> misspoke: it's the resolution of const value ranges. I wouldn't expect >> gcc to warn here, though, since "copy + 1" isn't a const value... > > Look at the code again :-) > > __copy_to_user_overflow(), which does the "provably correct" warning, is > "called" when the copy size is non-const (and the object size is const). > So "copy + 1" being non-const is consistent with the warning.
Right, yes. Man, this is hard to read. All the names are the same. ;) So this will trigger when the object size is known but the copy length is non-const? When I played with re-enabling this in the past, I didn't hit very many false positives. I sent a bunch of patches a few months back for legitimate problems that this warning pointed out, so I'm a bit cautious to just entirely drop it. -Kees -- Kees Cook Nexus Security
