Clang's new __builtin_dynamic_object_size can help detect more buffer overflows at runtime automatically. clang.llvm.org/docs/LanguageE
Conversation
Note that I believe the allocation function needs to have the alloc_size attribute for this to work.
2
2
Replying to
Yeah, it needs the attribute and the call to it will need to be close in proximity for checks to be inserted. It essentially removes the arbitrary restriction of __builtin_object_size being defined as always returning a constant which is for performance and compile-time errors.
Using the existing intrinsic, a call like malloc(sizeof(T)) can have checks inserted based on it, but a call like malloc(N) where N is not a compile-time constant known to the compiler cannot, even though the checks would be functionally the same just based on the expression N.
1
1
2
A _FORTIFY_SOURCE implementation can use it just by dropping in the new intrinsic to where they perform runtime checks. They could leave the existing intrinsic for compile-time checks or use __builtin_constant_p. Manual compile-time errors don't work with Clang anyway right now.
1
1
1
Show replies