I'm still looking for a review of the patch below, first posted
on 10/28 and last updated/pinged last Wednesday:
https://gcc.gnu.org/ml/gcc-patches/2016-11/msg00896.html
Thanks
On 11/09/2016 03:49 PM, Martin Sebor wrote:
The attached minor update to the patch also resolves bug 77784 that
points out that -Wformat-length issues a warning also issued during
the expansion of some of the __builtin___sprintf_chk intrinsics.
Martin
On 11/04/2016 02:16 PM, Martin Sebor wrote:
Attached is an update to the patch that takes into consideration
the feedback I got. It goes back to adding just one option,
-Wstringop-overflow, as in the original, while keeping the Object
Size type as an argument. It uses type-1 as the default setting
for string functions (strcpy et al.) and, unconditionally, type-0
for raw memory functions (memcpy, etc.)
I retested Binutils 2.27 and the Linux kernel again with this patch
and also added Glibc, and it doesn't complain about anything (both
Binutils and the kernel also build cleanly with an unpatched GCC
with_FORTIFY_SOURCE=2 or its rough equivalent for the kernel).
The emit-rtl.c warning (bug 78174) has also been suppressed by
the change to bos type-0 for memcpy.
While the patch doesn't trigger any false positives (AFAIK) it is
subject to a fair number of false negatives due to the limitations
of the tree-object-size pass, and due to transformations done by
other passes that prevent it from detecting some otherwise obvious
overflows. Although unfortunate, I believe the warnings that are
emitted are useful as the first line of defense in software that
doesn't use _FORTIFY_SOURCE (such as GCC itself). And this can
of course be improved if some of the limitations are removed over
time.
Martin
