On Fri, Aug 17, 2012 at 11:22 AM, Florian Weimer <fwei...@redhat.com> wrote:
> In some real-world code, I noticed a curious pattern: using the unsafe
> string functions on function parameter arguments. This leads to
> gets()-style unsafe APIs.
>
> I've looked at how to implement a warning for this, and came up with the
> attached patch. Do you think this makes sense?
>
> 1 #include <string.h>
> 2
> 3 const char *data (void);
> 4
> 5 void test (char *target)
> 6 {
> 7 strcpy(target, data ());
> 8 }
> 9
> 10
> 11 void test_2 (char *target)
> 12 {
> 13 char *p = target;
> 14 strcpy(p, data ());
> 15 }
> 16
>
> /tmp/t.c: In function ‘test’:
> /tmp/t.c:7:9: warning: potentially unbound write to function parameter
> ‘target’ [-Wunbound-parameter-write]
> strcpy(target, data ());
> ^
> /tmp/t.c: In function ‘test_2’:
> /tmp/t.c:14:9: warning: potentially unbound write to function parameter
> ‘target’ [-Wunbound-parameter-write]
> strcpy(p, data ());
> ^
>
> Obviously, the warning and its name need adjusting, and more functions need
> to be covered. But I want to check first if you think the warning makes
> sense at all, and if I've found the right place to implement it (this
> approach seems to require optimization, alas).
>
> --
> Florian Weimer / Red Hat Product Security Team
Hmm, I think it help a little bit if you could expand on where exactly
the danger the patch is trying to prevent is, and where what
does "unbound parameter" refer to or mean? (I don't know what
an unbound parameter is)
-- Gaby
