https://gcc.gnu.org/bugzilla/show_bug.cgi?id=112284
Bug ID: 112284
Summary: Implement -fsanitize=function for mismatched function
pointer types
Product: gcc
Version: 14.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: sanitizer
Assignee: unassigned at gcc dot gnu.org
Reporter: sjames at gcc dot gnu.org
CC: dodji at gcc dot gnu.org, dvyukov at gcc dot gnu.org,
fweimer at redhat dot com, i at maskray dot me, jakub at
gcc dot gnu.org,
kcc at gcc dot gnu.org, kees at outflux dot net, marxin at
gcc dot gnu.org
Target Milestone: ---
A lot more attention is being paid to function pointer type correctness now,
both for CFI-style mitigations, and as we look to tighten up the strictness of
the compiler.
Another angle to this is runtime checking for the pointer type vs the function
signature, which LLVM implements as -fsanitize=function (LLVM recently started
supporting -fsanitize=function for C in https://reviews.llvm.org/D148827).
I'll just use maskray's example here [0] to show it in action:
```
$ echo 'void f() {} int main() { ((void (*)(int))f)(42); }' > a.cc
$ clang++ -g1 -fsanitize=function a.cc -o a.out
$ ./a.out
a.cc:1:26: runtime error: call to function f() through pointer to incorrect
function type 'void (*)(int)'
/home/sam/a.cc:1: note: f() defined here
#0 0x559372095f09 in main /home/sam/a.cc:1:26
#1 0x7f8ece24a346 (/usr/lib64/libc.so.6+0x24346)
#2 0x7f8ece24a408 in __libc_start_main (/usr/lib64/libc.so.6+0x24408)
#3 0x55937206c4c4 in _start (/home/sam/a.out+0x194c4)
```
[0] http://maskray.me/blog/2022-12-18-control-flow-integrity#fsanitizefunction
