Hi,
I am working on extending “counted_by” attribute to pointers inside a structure
per our previous discussion.
I need advice on the following question:
Should -fsantize=bounds support array reference that was referenced through a
pointer that has counted_by attribute?
For the following small example:
#include <stdlib.h>
struct annotated {
int b;
int *c __attribute__ ((counted_by (b)));
} *p_array_annotated;
void __attribute__((__noinline__)) setup (int annotated_count)
{
p_array_annotated
= (struct annotated *)malloc (sizeof (struct annotated));
p_array_annotated->c = (int *) malloc (annotated_count * sizeof (int));
p_array_annotated->b = annotated_count;
return;
}
int main(int argc, char *argv[])
{
setup (10);
p_array_annotated->c[11] = 2;
return 0;
}
Should ubsan add instrumentation to the above reference p_array_annoated->c[11]
inside routine “main”?
From my understanding, ubsan does not add bound checking for any pointer
reference now, however, when the “counted_by” attribute is attached to a
pointer field inside a structure, the “bound” information for this pointer is
known, should we enhance the ubsan to instrument such reference?
If Yes, then should we add the following limitation to the end user:
When the counted_by attribute is attached to a pointer field, the
-fsantize=bounds only work for such reference when the pointer is NOT casted to
another type other than the original target type?
Thanks for any comments and suggestions.
Qing
