From patchwork Mon Sep 18 21:26:49 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Martin Uecker X-Patchwork-Id: 141580 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:612c:172:b0:3f2:4152:657d with SMTP id h50csp2963630vqi; Mon, 18 Sep 2023 14:28:10 -0700 (PDT) X-Google-Smtp-Source: AGHT+IF8USCjuIL1BXzQScD9HSUTQdfGBpadoITHoe45vEdxGUDtInpEHzF0TjW2cIqYX9lc7+Pc X-Received: by 2002:aa7:d3d4:0:b0:51d:9399:4707 with SMTP id o20-20020aa7d3d4000000b0051d93994707mr7313699edr.26.1695072489970; Mon, 18 Sep 2023 14:28:09 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1695072489; cv=none; d=google.com; s=arc-20160816; b=Ni+j09aOAQm/N+zpWvwhpA/N/0R5WX0BfJFH8Vz71b5q3JIOWGENkgvYldlfNEGhvD W1GM42e3yRQ5c9bfpXGfCVB3l0NAmD7ywfLM2gV/BcwmoUBVoXhemIvRHtYM+RbbMRbJ WNzBHiMx0/VG8rcV1NS8MLd2iwn3qv2jNqVvbq0IOSOFum1zMMRtXzZXhMYKe4/ZKHs1 ogFM0YcxmDDtCErnoqDXn9NiY7rRUA1pWy7MLhZR9eTKfvvQbxkylYalCfp0Y6CMk2z7 Bwqv3mPDp4n3TNfC9Iq10y8jGOtl5WSsutcB7p+P+9iBl5KxjxIpEKCm9ui0ZA9URDJS 1BSA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:reply-to:from:list-subscribe:list-help:list-post :list-archive:list-unsubscribe:list-id:precedence:mime-version :user-agent:content-transfer-encoding:date:cc:to:subject:message-id :dmarc-filter:delivered-to:dkim-signature:dkim-filter; bh=hTebELcYwqE3006Mw7x4uF8lkHavaNJIpJOAz+d0pKs=; fh=LIC7hquJdodsoNosKkF6E7I2MQ8yREmMmqLfzxx0xYA=; b=g8fYGqlBT5P1wGSYRmknccVUVD3yKeEbgP0tN7OoKFrBGw1yMpcKt+FcF3SOZe2U0e BQQIR3WZm8c44W8qgtQ1/6RG8kmB+GqF+g8wDIIxj9aVe9YUzmS4vrBPy3HZjIhnhQ4e PqsL93C99abayk5VxneIOibBCDcyqeUs5BRdihGsAJixZf3GahKSzdc8ZpOX1PdekWWA JqX3l1YjuYl7syR20h/tQ1F32isV3KrmaFvv5oUoZ2mRahwuXfVHsN4usMzJaAhWPaOO b/SnQd0D9/891hUicx/nTBnGygXI7UTjKa+aOTZdXq6l9juSG4m84ZPryFvHQcyvBZbi kEFg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gcc.gnu.org header.s=default header.b=lXdP65v9; spf=pass (google.com: domain of gcc-patches-bounces+ouuuleilei=gmail.com@gcc.gnu.org designates 2620:52:3:1:0:246e:9693:128c as permitted sender) smtp.mailfrom="gcc-patches-bounces+ouuuleilei=gmail.com@gcc.gnu.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=gnu.org Received: from server2.sourceware.org (server2.sourceware.org. [2620:52:3:1:0:246e:9693:128c]) by mx.google.com with ESMTPS id i17-20020a50fc11000000b00522282c8c31si9203799edr.649.2023.09.18.14.28.09 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 18 Sep 2023 14:28:09 -0700 (PDT) Received-SPF: pass (google.com: domain of gcc-patches-bounces+ouuuleilei=gmail.com@gcc.gnu.org designates 2620:52:3:1:0:246e:9693:128c as permitted sender) client-ip=2620:52:3:1:0:246e:9693:128c; Authentication-Results: mx.google.com; dkim=pass header.i=@gcc.gnu.org header.s=default header.b=lXdP65v9; spf=pass (google.com: domain of gcc-patches-bounces+ouuuleilei=gmail.com@gcc.gnu.org designates 2620:52:3:1:0:246e:9693:128c as permitted sender) smtp.mailfrom="gcc-patches-bounces+ouuuleilei=gmail.com@gcc.gnu.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=gnu.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 216A03857341 for ; Mon, 18 Sep 2023 21:27:52 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 216A03857341 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gcc.gnu.org; s=default; t=1695072472; bh=hTebELcYwqE3006Mw7x4uF8lkHavaNJIpJOAz+d0pKs=; h=Subject:To:Cc:Date:List-Id:List-Unsubscribe:List-Archive: List-Post:List-Help:List-Subscribe:From:Reply-To:From; b=lXdP65v9B08Me+D1tBaVJPvRX8D8X19hLo2NAhxpcQrw9aGgEL+jG2gBu5VeTSh17 XurCWTzv3DF09pDzdTgouUju3PzNhVlaq3WewQgG3D1f6NZZe4uYz+EmJqvLAI562Z Gc1kHrt23pRNtR7B30Y2qL4PWElN8RlTs5VlzOG0= X-Original-To: gcc-patches@gcc.gnu.org Delivered-To: gcc-patches@gcc.gnu.org Received: from mailrelay.tugraz.at (mailrelay.tugraz.at [129.27.2.202]) by sourceware.org (Postfix) with ESMTPS id 17D4F3858D32 for ; Mon, 18 Sep 2023 21:27:04 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 17D4F3858D32 Received: from vra-171-103.tugraz.at (vra-171-103.tugraz.at [129.27.171.103]) by mailrelay.tugraz.at (Postfix) with ESMTPSA id 4RqHtL0MpSz3wR8; Mon, 18 Sep 2023 23:26:49 +0200 (CEST) Message-ID: Subject: [C PATCH, v2] Add Walloc-size to warn about insufficient size in allocations [PR71219] To: gcc-patches@gcc.gnu.org Cc: Joseph Myers , Marek Polacek Date: Mon, 18 Sep 2023 23:26:49 +0200 User-Agent: Evolution 3.46.4-2 MIME-Version: 1.0 X-TUG-Backscatter-control: G/VXY7/6zeyuAY/PU2/0qw X-Spam-Scanner: SpamAssassin 3.003001 X-Spam-Score-relay: -1.9 X-Scanned-By: MIMEDefang 2.74 on 129.27.10.117 X-Spam-Status: No, score=-12.0 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0, RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, SPF_HELO_NONE, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: gcc-patches@gcc.gnu.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Gcc-patches mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-Patchwork-Original-From: Martin Uecker via Gcc-patches From: Martin Uecker Reply-To: Martin Uecker Errors-To: gcc-patches-bounces+ouuuleilei=gmail.com@gcc.gnu.org Sender: "Gcc-patches" X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1777412330896399950 X-GMAIL-MSGID: 1777412330896399950 Compared to the previous version I changed the name of the warning to "Walloc-size" which matches "Wanalyzer-allocation-size" but is still in line with the other -Walloc-something warnings we have. I also added it to Wextra. I found PR71219 that requests the warning and points out that  it is recommended by the C secure coding guidelines and added the PR to the commit log (although the version with cast is not diagnosed so far.) I did not have time to implement the extensions suggested on the list, i.e. warn when the size is not a multiple of the size of the type and warn for if the size is not suitable for a flexible array member. (this is also a bit more complicated than it seems) Bootstrapped and regression tested on x86_64. Martin Add option Walloc-size that warns about allocations that have insufficient storage for the target type of the pointer the storage is assigned to. PR c/71219 gcc: * doc/invoke.texi: Document -Walloc-size option. gcc/c-family: * c.opt (Walloc-size): New option. gcc/c: * c-typeck.cc (convert_for_assignment): Add warning. gcc/testsuite: * gcc.dg/Walloc-size-1.c: New test. --- gcc/c-family/c.opt | 4 ++++ gcc/c/c-typeck.cc | 27 +++++++++++++++++++++ gcc/doc/invoke.texi | 10 ++++++++ gcc/testsuite/gcc.dg/Walloc-size-1.c | 36 ++++++++++++++++++++++++++++ 4 files changed, 77 insertions(+) create mode 100644 gcc/testsuite/gcc.dg/Walloc-size-1.c diff --git a/gcc/c-family/c.opt b/gcc/c-family/c.opt index 7348ad42ee0..9ba08a1fb6d 100644 --- a/gcc/c-family/c.opt +++ b/gcc/c-family/c.opt @@ -319,6 +319,10 @@ Walloca C ObjC C++ ObjC++ Var(warn_alloca) Warning Warn on any use of alloca. +Walloc-size +C ObjC Var(warn_alloc_size) Warning +Warn when allocating insufficient storage for the target type of the assigned pointer. + Walloc-size-larger-than= C ObjC C++ LTO ObjC++ Var(warn_alloc_size_limit) Joined Host_Wide_Int ByteSize Warning Init(HOST_WIDE_INT_MAX) -Walloc-size-larger-than= Warn for calls to allocation functions that diff --git a/gcc/c/c-typeck.cc b/gcc/c/c-typeck.cc index e2bfd2caf85..c759c6245ed 100644 --- a/gcc/c/c-typeck.cc +++ b/gcc/c/c-typeck.cc @@ -7384,6 +7384,33 @@ convert_for_assignment (location_t location, location_t expr_loc, tree type, "request for implicit conversion " "from %qT to %qT not permitted in C++", rhstype, type); + /* Warn of new allocations that are not big enough for the target + type. */ + tree fndecl; + if (warn_alloc_size + && TREE_CODE (rhs) == CALL_EXPR + && (fndecl = get_callee_fndecl (rhs)) != NULL_TREE + && DECL_IS_MALLOC (fndecl)) + { + tree fntype = TREE_TYPE (fndecl); + tree fntypeattrs = TYPE_ATTRIBUTES (fntype); + tree alloc_size = lookup_attribute ("alloc_size", fntypeattrs); + if (alloc_size) + { + tree args = TREE_VALUE (alloc_size); + int idx = TREE_INT_CST_LOW (TREE_VALUE (args)) - 1; + /* For calloc only use the second argument. */ + if (TREE_CHAIN (args)) + idx = TREE_INT_CST_LOW (TREE_VALUE (TREE_CHAIN (args))) - 1; + tree arg = CALL_EXPR_ARG (rhs, idx); + if (TREE_CODE (arg) == INTEGER_CST + && tree_int_cst_lt (arg, TYPE_SIZE_UNIT (ttl))) + warning_at (location, OPT_Walloc_size, "allocation of " + "insufficient size %qE for type %qT with " + "size %qE", arg, ttl, TYPE_SIZE_UNIT (ttl)); + } + } + /* See if the pointers point to incompatible address spaces. */ asl = TYPE_ADDR_SPACE (ttl); asr = TYPE_ADDR_SPACE (ttr); diff --git a/gcc/doc/invoke.texi b/gcc/doc/invoke.texi index 33befee7d6b..a4fbcf5e1b5 100644 --- a/gcc/doc/invoke.texi +++ b/gcc/doc/invoke.texi @@ -8086,6 +8086,16 @@ always leads to a call to another @code{cold} function such as wrappers of C++ @code{throw} or fatal error reporting functions leading to @code{abort}. @end table +@opindex Wno-alloc-size +@opindex Walloc-size +@item -Walloc-size +Warn about calls to allocation functions decorated with attribute +@code{alloc_size} that specify insufficient size for the target type of +the pointer the result is assigned to, including those to the built-in +forms of the functions @code{aligned_alloc}, @code{alloca}, +@code{calloc}, +@code{malloc}, and @code{realloc}. + @opindex Wno-alloc-zero @opindex Walloc-zero @item -Walloc-zero diff --git a/gcc/testsuite/gcc.dg/Walloc-size-1.c b/gcc/testsuite/gcc.dg/Walloc-size-1.c new file mode 100644 index 00000000000..61806f58192 --- /dev/null +++ b/gcc/testsuite/gcc.dg/Walloc-size-1.c @@ -0,0 +1,36 @@ +/* Tests the warnings for insufficient allocation size. + { dg-do compile } + { dg-options "-Walloc-size" } + * */ +#include +#include + +struct b { int x[10]; }; + +void fo0(void) +{ + struct b *p = malloc(sizeof *p); +} + +void fo1(void) +{ + struct b *p = malloc(sizeof p); /* { dg-warning "allocation of insufficient size" } */ +} + +void fo2(void) +{ + struct b *p = alloca(sizeof p); /* { dg-warning "allocation of insufficient size" } */ +} + +void fo3(void) +{ + struct b *p = calloc(1, sizeof p); /* { dg-warning "allocation of insufficient size" } */ +} + +void g(struct b* p); + +void fo4(void) +{ + g(malloc(4)); /* { dg-warning "allocation of insufficient size" } */ +} +