On 12/14/2017 11:55 AM, Jakub Jelinek wrote: > On Thu, Dec 14, 2017 at 11:51:26AM -0700, Martin Sebor wrote: >>> Well, it would be nice to get sanitizers diagnose this at runtime. If we >>> know the array length at compile time, simply compare after the strlen >>> call the result and fail if it returns something above it. Or replace >>> the strlen call with strnlen for the compile time known size and add >>> instrumentation if strnlen returns the second argument. >> >> Sure, that sounds like a useful enhancement. I'll look into >> adding it as a follow-on patch unless you feel that it needs >> to be part of the same package. > > The problem is if we'll need changes to libubsan for that (which we'll > likely do), then those need to be upstreamed, and e.g. my attempts > to upstream simple patch to diagnose noreturn function returns is suspended > upstream because clang doesn't have that support (and I have no interest > in adding to to clang). > > In theory we could have some GCC only file in there, but then we'd be ABI > incompatible with them. So defer the sanitization side until Clang catches up?
jeff
