On Thu, Dec 14, 2017 at 11:51:26AM -0700, Martin Sebor wrote: > > Well, it would be nice to get sanitizers diagnose this at runtime. If we > > know the array length at compile time, simply compare after the strlen > > call the result and fail if it returns something above it. Or replace > > the strlen call with strnlen for the compile time known size and add > > instrumentation if strnlen returns the second argument. > > Sure, that sounds like a useful enhancement. I'll look into > adding it as a follow-on patch unless you feel that it needs > to be part of the same package.
The problem is if we'll need changes to libubsan for that (which we'll likely do), then those need to be upstreamed, and e.g. my attempts to upstream simple patch to diagnose noreturn function returns is suspended upstream because clang doesn't have that support (and I have no interest in adding to to clang). In theory we could have some GCC only file in there, but then we'd be ABI incompatible with them. Jakub