From 54ae6d81c94364c1e13a5b8baef52b9e3475fedd Mon Sep 17 00:00:00 2001 From: Paul Eggert Date: Sat, 8 Apr 2023 13:51:26 -0700 Subject: manual: update AddressSanitizer discussion MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * manual/string.texi (Truncating Strings): Update obsolescent reference and use the more-generic term “AddressSanitizer”. Mention fortification, too. -fcheck-pointer-bounds is no longer supported. --- manual/string.texi | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) (limited to 'manual') diff --git a/manual/string.texi b/manual/string.texi index 57b804c..ad57265 100644 --- a/manual/string.texi +++ b/manual/string.texi @@ -1088,11 +1088,10 @@ name, a truncated name can identify the wrong user. Although some buffer overruns can be prevented by manually replacing calls to copying functions with calls to truncation functions, there -are often easier and safer automatic techniques that cause buffer -overruns to reliably terminate a program, such as GCC's -@option{-fcheck-pointer-bounds} and @option{-fsanitize=address} -options. @xref{Debugging Options,, Options for Debugging Your Program -or GCC, gcc, Using GCC}. Because truncation functions can mask +are often easier and safer automatic techniques, such as fortification +(@pxref{Source Fortification}) and AddressSanitizer +(@pxref{Instrumentation Options,, Program Instrumentation Options, gcc, Using GCC}). +Because truncation functions can mask application bugs that would otherwise be caught by the automatic techniques, these functions should be used only when the application's underlying logic requires truncation. -- cgit v1.1