On Thu, Dec 22 2022, Todd C. Miller <mill...@openbsd.org> wrote: > On Thu, 22 Dec 2022 02:08:42 +0100, Jeremie Courreges-Anglas wrote: > >> https://github.com/jcourreges/openbsd-src/commit/4862df383ccb8a8e03d5c11b4f >> b739b6a3a5a7c7 >> >> Sadly making the size available in the declaration doesn't seem to be >> clang any smarter (yet?). clang won't warn about passing the address of >> array[10] to a function which access array[15] or so. >> >> I don't care much about the direction we end up using, but specifying >> the size in the declaration isn't insane. We seldom pass a pointers to >> a buffer without an accompanying buffer length. > > My objection to adding sizes to the prototype and function declaration > is that it encourages things like: > > int foo(char buf[2048]) > { > ... > snprintf(buf, sizeof(buf), "See spot run, run spot run..."); > } > > But of course, sizeof(buf) is really sizeof(char *). The compiler > will warn when you do this so perhaps it is not such a big problem. > It still feels like a footgun to me.
-Wsizeof-pointer-memaccess should indeed help here. -- jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF DDCC 0DFA 74AE 1524 E7EE
