On 08/06/2017 02:07 PM, Martin Sebor wrote:
> Part 2 of the series adds attribute nostring to annotate arrays
> of and pointers to char with that are intended to store sequences
> of characters that aren't necessarily valid (nul-terminated)
> strings.  In the subsequent patch the attribute is relied on to
> avoid diagnosing strcncpy calls that truncate strings and create
> such copies.  In the future I'd like to also use the attribute
> to diagnose when arrays or pointers with the attribute are passed
> to functions that expect nul-terminated strings (such as strlen
> or strcpy).
> Martin
> gcc-81117-2.diff
> PR c/81117 - Improve buffer overflow checking in strncpy
> gcc/ChangeLog:
>       PR c/81117
>       * builtin-attrs.def (attribute nonstring): New.
>       * doc/extend.texi (attribute nonstring): Document new attribute.
> gcc/c-family/ChangeLog:
>       PR c/81117
>       * c-attribs.c (c_common_attribute_table): Add nonstring entry.
>       (handle_nonstring_attribute): New function.
> gcc/testsuite/ChangeLog:
>       PR c/81117
>       * c-c++-common/attr-nonstring-1.c: New test.
> --- a/gcc/builtin-attrs.def
> +++ b/gcc/builtin-attrs.def
> @@ -93,6 +93,7 @@ DEF_ATTR_IDENT (ATTR_FORMAT, "format")
So all the attributes here are associated with functions I believe.
You're defining a variable attribute.  In fact, I'm not even sure that
variable attributes get a DEF_ATTR_<whatever>

> diff --git a/gcc/doc/extend.texi b/gcc/doc/extend.texi
> index b253ccc..1954ca5 100644
> --- a/gcc/doc/extend.texi
> +++ b/gcc/doc/extend.texi
> @@ -5835,6 +5835,30 @@ The @code{deprecated} attribute can also be used for 
> functions and
>  types (@pxref{Common Function Attributes},
>  @pxref{Common Type Attributes}).
> +@item nonstring (@var{nonstring})
> +@cindex @code{nonstring} variable attribute
> +The @code{nonstring} variable attribute specifies that an object or member
> +declaration with type array of @code{char} or pointer to @code{char} is
> +intended to store character arrays that do not necessarily contain
> +a terminating @code{NUL} character.  This is useful to avoid warnings
> +when such an array or pointer is used as an argument to a bounded string
> +manipulation function such as @code{strncpy}.  For example, without the
> +attribute, GCC will issue a warning for the call below because it may
> +truncate the copy without appending the terminating NUL character.  Using
> +the attribute makes it possible to suppress the warning.
[ ... ]
I think this is in the wrong section, I believe it belongs in the
"Variable Attributes" section.

Assuming you don't actually need the ATTR_NONSTRING, this patch is fine
with that hunk removed and the documentation moved into the right section.


Reply via email to