From 025d57f037ad13eb479818b677ef4be4d97b639c Mon Sep 17 00:00:00 2001 From: Martin Sebor Date: Fri, 10 Nov 2017 16:35:26 +0000 Subject: PR c/81117 - Improve buffer overflow checking in strncpy gcc/ChangeLog: PR c/81117 * builtins.c (compute_objsize): Handle arrays that compute_builtin_object_size likes to fail for. Make extern. * builtins.h (compute_objsize): Declare. (check_strncpy_sizes): New function. (expand_builtin_strncpy): Call check_strncpy_sizes. * gimple-fold.c (gimple_fold_builtin_strncpy): Implement -Wstringop-truncation. (gimple_fold_builtin_strncat): Same. * gimple.c (gimple_build_call_from_tree): Set call location. * tree-ssa-strlen.c (strlen_to_stridx): New global variable. (maybe_diag_bound_equal_length, is_strlen_related_p): New functions. (handle_builtin_stxncpy, handle_builtin_strncat): Same. (handle_builtin_strlen): Use strlen_to_stridx. (strlen_optimize_stmt): Handle flavors of strncat, strncpy, and stpncpy. Use strlen_to_stridx. (pass_strlen::execute): Release strlen_to_stridx. * doc/invoke.texi (-Wsizeof-pointer-memaccess): Document enhancement. (-Wstringop-truncation): Document new option. gcc/ada/ChangeLog: PR c/81117 * ada/adadecode.c (__gnat_decode): Use memcpy instead of strncpy. * ada/argv.c (__gnat_fill_arg, __gnat_fill_env): Same. gcc/c-family/ChangeLog: PR c/81117 * c-common.c (catenate_strings): Use memcpy instead of strncpy. * c-warn.c (sizeof_pointer_memaccess_warning): Handle arrays. * c.opt (-Wstringop-truncation): New option. gcc/fortran/ChangeLog: PR c/81117 * gcc/fortran/decl.c (build_sym): Use strcpy instead of strncpy. gcc/objc/ChangeLog: PR c/81117 * objc-encoding.c (encode_type): Use memcpy instead of strncpy. gcc/testsuite/ChangeLog: PR c/81117 * c-c++-common/Wsizeof-pointer-memaccess3.c: New test. * c-c++-common/Wstringop-overflow.c: Same. * c-c++-common/Wstringop-truncation.c: Same. * c-c++-common/Wsizeof-pointer-memaccess2.c: Adjust. * c-c++-common/attr-nonstring-2.c: New test. * g++.dg/torture/Wsizeof-pointer-memaccess1.C: Adjust. * g++.dg/torture/Wsizeof-pointer-memaccess2.C: Same. * gcc.dg/torture/pr63554.c: Same. * gcc.dg/Walloca-1.c: Disable macro tracking. From-SVN: r254630 --- gcc/c-family/ChangeLog | 7 +++++++ gcc/c-family/c-common.c | 6 +++--- gcc/c-family/c-warn.c | 24 ++++++++++++++++++++++-- gcc/c-family/c.opt | 4 ++++ 4 files changed, 36 insertions(+), 5 deletions(-) (limited to 'gcc/c-family') diff --git a/gcc/c-family/ChangeLog b/gcc/c-family/ChangeLog index 373db2d..7e47cb8 100644 --- a/gcc/c-family/ChangeLog +++ b/gcc/c-family/ChangeLog @@ -1,3 +1,10 @@ +2017-11-10 Martin Sebor + + PR c/81117 + * c-common.c (catenate_strings): Use memcpy instead of strncpy. + * c-warn.c (sizeof_pointer_memaccess_warning): Handle arrays. + * c.opt (-Wstringop-truncation): New option. + 2017-11-06 Martin Liska PR middle-end/82404 diff --git a/gcc/c-family/c-common.c b/gcc/c-family/c-common.c index 24077c7..a76fae7 100644 --- a/gcc/c-family/c-common.c +++ b/gcc/c-family/c-common.c @@ -5890,10 +5890,10 @@ check_builtin_function_arguments (location_t loc, vec arg_loc, static char * catenate_strings (const char *lhs, const char *rhs_start, int rhs_size) { - const int lhs_size = strlen (lhs); + const size_t lhs_size = strlen (lhs); char *result = XNEWVEC (char, lhs_size + rhs_size); - strncpy (result, lhs, lhs_size); - strncpy (result + lhs_size, rhs_start, rhs_size); + memcpy (result, lhs, lhs_size); + memcpy (result + lhs_size, rhs_start, rhs_size); return result; } diff --git a/gcc/c-family/c-warn.c b/gcc/c-family/c-warn.c index 09ef685..6cfded9 100644 --- a/gcc/c-family/c-warn.c +++ b/gcc/c-family/c-warn.c @@ -693,7 +693,8 @@ sizeof_pointer_memaccess_warning (location_t *sizeof_arg_loc, tree callee, || vec_safe_length (params) <= 1) return; - switch (DECL_FUNCTION_CODE (callee)) + enum built_in_function fncode = DECL_FUNCTION_CODE (callee); + switch (fncode) { case BUILT_IN_STRNCMP: case BUILT_IN_STRNCASECMP: @@ -775,8 +776,27 @@ sizeof_pointer_memaccess_warning (location_t *sizeof_arg_loc, tree callee, type = TYPE_P (sizeof_arg[idx]) ? sizeof_arg[idx] : TREE_TYPE (sizeof_arg[idx]); + if (!POINTER_TYPE_P (type)) - return; + { + /* The argument type may be an array. Diagnose bounded string + copy functions that specify the bound in terms of the source + argument rather than the destination. */ + if (strop && !cmp && fncode != BUILT_IN_STRNDUP && src) + { + tem = tree_strip_nop_conversions (src); + if (TREE_CODE (tem) == ADDR_EXPR) + tem = TREE_OPERAND (tem, 0); + if (operand_equal_p (tem, sizeof_arg[idx], OEP_ADDRESS_OF)) + warning_at (sizeof_arg_loc[idx], OPT_Wsizeof_pointer_memaccess, + "argument to % in %qD call is the same " + "expression as the source; did you mean to use " + "the size of the destination?", + callee); + } + + return; + } if (dest && (tem = tree_strip_nop_conversions (dest)) diff --git a/gcc/c-family/c.opt b/gcc/c-family/c.opt index 9ab31f0..479ae63 100644 --- a/gcc/c-family/c.opt +++ b/gcc/c-family/c.opt @@ -744,6 +744,10 @@ C ObjC C++ ObjC++ Joined RejectNegative UInteger Var(warn_stringop_overflow) Ini Under the control of Object Size type, warn about buffer overflow in string manipulation functions like memcpy and strcpy. +Wstringop-truncation +C ObjC C++ ObjC++ Var(warn_stringop_truncation) Warning Init (1) LangEnabledBy(C ObjC C++ ObjC++, Wall) +Warn about truncation in string manipulation functions like strncat and strncpy. + Wsuggest-attribute=format C ObjC C++ ObjC++ Var(warn_suggest_attribute_format) Warning Warn about functions which might be candidates for format attributes. -- cgit v1.1