gcc bounds checking
jakub at redhat.com
Thu Jul 22 21:34:39 UTC 2010
On Thu, Jul 22, 2010 at 03:12:46PM -0600, Orion Poplawski wrote:
> Looks, looks like gcc can do certain compile time bounds checking (probably
> for ages but I'm slow) and emits warnings like:
> In function 'strcpy',
> inlined from 'New_psimage_Ctrl' at psimage.c:357:9:
> /usr/include/bits/string3.h:107:3: warning: call to __builtin___strcpy_chk
> will always overflow destination buffer
> Unfortunately, it's only a warning and as a typically lazy packager who
> packages software with lots of compiler warnings, I missed this until it
> caused a runtime fortify error check.
> So, perhaps the gcc folks can say why this isn't an error?
Because the undefined behavior happens only when you call that, so the
compiler must not reject it.
It could be in code that is never reached (the compiler will do some DCE,
but it can't prove in all cases the code is unreachable).
So it is an error at runtime, and a warning at compile time (the latter only
if every time that stmt is executed there will be runtime failure).
> And perhaps would could grep though all of the build logs for this one?
Sure, grepping for these in build.log and informing the user (if not
blacklisted) is desirable. There have been discussions about this several
times in the past, I thought something like that has been implemented
already. There are cases where you want to allow it in build.log (e.g.
when building glibc it shows up and is supposed to show up during glibc
testing when it tests -D_FORTIFY_SOURCE support).
More information about the devel