https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70090
Bug ID: 70090
Summary: add non-constant variant of __builtin_object_size for
_FORTIFY_SOURCE and -fsanitize=object-size
Product: gcc
Version: unknown
Status: UNCONFIRMED
Severity: enhancement
Priority: P3
Component: c
Assignee: unassigned at gcc dot gnu.org
Reporter: danielmicay at gmail dot com
Target Milestone: ---
The __builtin_object_size intrinsic is primarily used for _FORTIFY_SOURCE,
where it's used for both the compile-time and runtime checks. However,
_FORTIFY_SOURCE would be better served by a more flexible intrinsic able to
return a runtime value when possible.
For example, consider this code:
void *p = malloc(n);
if (!p) {
return 1;
}
memset(p, 0, m);
It would be straightforward to catch cases where m > n by replacing
__builtin_object_size with a new __builtin_runtime_object_size intrinsic taking
advantage of the alloc_size attribute for runtime values. It would still return
a constant sentinel when the value is unknown. The fortified functions would
use __builtin_constant_p and perform the runtime check if the value is not
constant, falling through to the old code with the compile-time checks and fast
paths when it's constant. This would make _FORTIFY_SOURCE significantly more
useful for dynamic allocations by covering simple cases where the memory is
used right away.
The same code could also be used to improve -fsanitize=object-size.
