Edit report at https://bugs.php.net/bug.php?id=53583&edit=1
ID: 53583
Updated by: s...@php.net
Reported by: crrodriguez at opensuse dot org
Summary: [PATCH] add support for compiler "alloc_size"
attribute
Status: Assigned
-Type: Security
+Type: Feature/Change Request
Package: Scripting Engine problem
Operating System: All
PHP Version: 5.3SVN-2010-12-20 (SVN)
Assigned To: dmitry
Block user comment: N
Private report: Y
Previous Comments:
------------------------------------------------------------------------
[2010-12-20 19:19:27] crrodriguez at opensuse dot org
Description:
------------
The attached patch Introduces support for GCC alloc_size attribute, very useful
to catch buffer overflows at compile time.
Test script:
---------------
PHP_FUNCTION(verybuggy) {
[...]
char *p;
p = emalloc(6);
strcpy(p,"cdcdccdscdscscsdcscddsc");
[...]
}
Expected result:
----------------
#make
buggy.c:N:N:
/usr/include/bits/string3.h:107:3: warning: call to __builtin___strcpy_chk will
always overflow destination buffer
Actual result:
--------------
No warning at all, dangerous code goes unnoticed.
------------------------------------------------------------------------
--
Edit this bug report at https://bugs.php.net/bug.php?id=53583&edit=1
