https://gcc.gnu.org/bugzilla/show_bug.cgi?id=112284
Bug ID: 112284 Summary: Implement -fsanitize=function for mismatched function pointer types Product: gcc Version: 14.0 Status: UNCONFIRMED Severity: normal Priority: P3 Component: sanitizer Assignee: unassigned at gcc dot gnu.org Reporter: sjames at gcc dot gnu.org CC: dodji at gcc dot gnu.org, dvyukov at gcc dot gnu.org, fweimer at redhat dot com, i at maskray dot me, jakub at gcc dot gnu.org, kcc at gcc dot gnu.org, kees at outflux dot net, marxin at gcc dot gnu.org Target Milestone: --- A lot more attention is being paid to function pointer type correctness now, both for CFI-style mitigations, and as we look to tighten up the strictness of the compiler. Another angle to this is runtime checking for the pointer type vs the function signature, which LLVM implements as -fsanitize=function (LLVM recently started supporting -fsanitize=function for C in https://reviews.llvm.org/D148827). I'll just use maskray's example here [0] to show it in action: ``` $ echo 'void f() {} int main() { ((void (*)(int))f)(42); }' > a.cc $ clang++ -g1 -fsanitize=function a.cc -o a.out $ ./a.out a.cc:1:26: runtime error: call to function f() through pointer to incorrect function type 'void (*)(int)' /home/sam/a.cc:1: note: f() defined here #0 0x559372095f09 in main /home/sam/a.cc:1:26 #1 0x7f8ece24a346 (/usr/lib64/libc.so.6+0x24346) #2 0x7f8ece24a408 in __libc_start_main (/usr/lib64/libc.so.6+0x24408) #3 0x55937206c4c4 in _start (/home/sam/a.out+0x194c4) ``` [0] http://maskray.me/blog/2022-12-18-control-flow-integrity#fsanitizefunction