On Thu, Nov 05, 2020 at 08:20:20AM -0700, Martin Sebor via Gcc-patches wrote:
> compute_objsize() and the objsz pass are completely independent.
> The pass is also quite limited in that it doesn't make use of
> ranges. That limitation was also the main reason for introducing
> the compute_objsize() function.
>
> I'd love to see the objsize pass and compute_objsize() integrated
> and exposed under an interface similar to range_query, with
> the information available anywhere, and on demand. I might tackle
As I said multiple times, that would be a serious security hazard.
_FORTIFY_SOURCE protects against some UBs in the programs, and ranges
are computed on the assumption that UB doesn't happen in the program,
so relying on the ranges etc. in there is highly undesirable.
Jakub
