[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PATCH] inttostr.h: add compile-time buffer overrun checks
From: |
Jim Meyering |
Subject: |
[PATCH] inttostr.h: add compile-time buffer overrun checks |
Date: |
Sat, 16 Oct 2010 17:33:30 +0200 |
Following up on this,
http://thread.gmane.org/gmane.comp.gnu.coreutils.bugs/21348/focus=21349
Here's a complete patch:
>From a099f49dedfea850ef78fa5e987b95edd5ebc58d Mon Sep 17 00:00:00 2001
From: Jim Meyering <address@hidden>
Date: Thu, 14 Oct 2010 11:38:14 +0200
Subject: [PATCH] inttostr.h: add compile-time buffer overrun checks
* lib/inttostr.h: Add a wrapper for each function that can detect
use of an undersized buffer.
Now that there are #define's, make this header idempotent.
---
ChangeLog | 7 +++++++
lib/inttostr.h | 45 +++++++++++++++++++++++++++++++++++++++++++++
2 files changed, 52 insertions(+), 0 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index 42d0fef..6707c6e 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,10 @@
+2010-10-16 Jim Meyering <address@hidden>
+
+ inttostr.h: add compile-time buffer overrun checks
+ * lib/inttostr.h: Add a wrapper for each function that can detect
+ use of an undersized buffer.
+ Now that there are #define's, make this header idempotent.
+
2010-10-15 Bruno Haible <address@hidden>
tests: Make them compile with TinyCC.
diff --git a/lib/inttostr.h b/lib/inttostr.h
index 4f74968..9c1e41b 100644
--- a/lib/inttostr.h
+++ b/lib/inttostr.h
@@ -17,10 +17,14 @@
/* Written by Paul Eggert */
+#ifndef _GL_INTTOSTR_H
+# define _GL_INTTOSTR_H
+
#include <stdint.h>
#include <sys/types.h>
#include "intprops.h"
+#include "verify.h"
#ifndef __GNUC_PREREQ
# if defined __GNUC__ && defined __GNUC_MINOR__
@@ -44,3 +48,44 @@ char *inttostr (int, char *)
__attribute_warn_unused_result__;
char *offtostr (off_t, char *) __attribute_warn_unused_result__;
char *uinttostr (unsigned int, char *) __attribute_warn_unused_result__;
char *umaxtostr (uintmax_t, char *) __attribute_warn_unused_result__;
+
+#ifndef inttype
+
+/* When it is possible to determine at compile-time (given an S for which
+ sizeof (S) is different from sizeof (void *)), ensure that each use of
+ one of these functions provides a buffer that is known to be large enough.
+ This won't save you if you mistakenly declare char S[4] (on a 32-bit system)
+ or char S[8] (on others), but will induce compile failure on a 32-bit system
+ if you mistakenly declare these:
+ size_t v; char S[INT_BUFSIZE_BOUND (v)];
+ and then try to use umaxtostr (n, S).
+ It fails because INT_BUFSIZE_BOUND(size_t) is too small to hold the
+ largest uintmax_t value on 32-bit systems. */
+
+# define imaxtostr(n, s) \
+ ((void) verify_true (sizeof (s) == sizeof (void *) \
+ || INT_BUFSIZE_BOUND (intmax_t) <= sizeof (s)), \
+ (imaxtostr) (n, s))
+
+# define inttostr(n, s) \
+ ((void) verify_true (sizeof (s) == sizeof (void *) \
+ || INT_BUFSIZE_BOUND (int) <= sizeof (s)), \
+ (inttostr) (n, s))
+
+# define offtostr(n, s) \
+ ((void) verify_true (sizeof (s) == sizeof (void *) \
+ || INT_BUFSIZE_BOUND (off_t) <= sizeof (s)), \
+ (offtostr) (n, s))
+
+# define uinttostr(n, s) \
+ ((void) verify_true (sizeof (s) == sizeof (void *) \
+ || INT_BUFSIZE_BOUND (unsigned int) <= sizeof (s)), \
+ (uinttostr) (n, s))
+
+# define umaxtostr(n, s) \
+ ((void) verify_true (sizeof (s) == sizeof (void *) \
+ || INT_BUFSIZE_BOUND (uintmax_t) <= sizeof (s)), \
+ (umaxtostr) (n, s))
+#endif
+
+#endif
--
1.7.3.1.526.g2ee4
- [PATCH] inttostr.h: add compile-time buffer overrun checks,
Jim Meyering <=
- Re: [PATCH] inttostr.h: add compile-time buffer overrun checks, Bruno Haible, 2010/10/16
- Re: [PATCH] inttostr.h: add compile-time buffer overrun checks, Jim Meyering, 2010/10/17
- Re: [PATCH] inttostr.h: add compile-time buffer overrun checks, Bruno Haible, 2010/10/17
- Re: [PATCH] inttostr.h: add compile-time buffer overrun checks, Jim Meyering, 2010/10/17
- Re: [PATCH] inttostr.h: add compile-time buffer overrun checks, Bruno Haible, 2010/10/17
- Re: [PATCH] inttostr.h: add compile-time buffer overrun checks, Pádraig Brady, 2010/10/18
- Re: [PATCH] inttostr.h: add compile-time buffer overrun checks, Paolo Bonzini, 2010/10/18
- Re: [PATCH] inttostr.h: add compile-time buffer overrun checks, Bruno Haible, 2010/10/18
- Re: [PATCH] inttostr.h: add compile-time buffer overrun checks, Paul Eggert, 2010/10/18
- Re: [PATCH] inttostr.h: add compile-time buffer overrun checks, Ben Pfaff, 2010/10/18