Am Montag, dem 15.07.2024 um 09:45 -0700 schrieb Kees Cook:
> On Mon, Jul 15, 2024 at 09:19:49AM +0200, Martin Uecker wrote:
> > The instrumentation is guarded by a new instrumentation flag -fvla-bounds,
> > but runtime overhead should generally be very low as most checks are
> > removed by the optimizer, e.g.
> >
> > void foo(int x, char (*buf)[x])
> > {
> > bar(x, buf);
> > }
> >
> > does not have any overhead with -O1 (we also might want to filter out
> > some obvious cases already in the FE). So I think this flag could be
> > a good addition to -fhardened after some testing. Maybe it could even
> > be activated by default.
>
> Just to clarify, but does any of this change the behavior of
> __builtin_object_size() or __builtin_dynamic_object_size() within
> functions that take array arguments?
>
> i.e. does this work now?
>
> void foo(int array[10])
> {
> global = __builtin_object_size(array, 1);
> }
>
> (Currently "global" will be set to SIZE_MAX, rather than 40.)
>
No, there are still two many missing pieces. The following
works already
int h(int n, int buf[n])
{
return __builtin_dynamic_object_size(buf, 1);
}
but this doesn't:
int h(int n, int (*buf)[n])
{
return __builtin_dynamic_object_size(buf, 1);
}
because there could be multiple buf[n] (the subobject
version of BDOS also does not, not sure whether it is
supposed to). But then also
int h(int n, int buf[1][n])
{
return __builtin_dynamic_object_size(buf, 1);
}
sadly doesn't work.
For the latter two my patch would ensure that the
size of the 'n' matches when a pointer is passed, which
if BDOS would work, would be useful. But we will get
there eventually....
Martin
