Clang's new __builtin_dynamic_object_size can help detect more buffer overflows at runtime automatically. clang.llvm.org/docs/LanguageE
Conversation
Note that I believe the allocation function needs to have the alloc_size attribute for this to work.
2
2
Replying to
Yeah, it needs the attribute and the call to it will need to be close in proximity for checks to be inserted. It essentially removes the arbitrary restriction of __builtin_object_size being defined as always returning a constant which is for performance and compile-time errors.
1
1
3
Using the existing intrinsic, a call like malloc(sizeof(T)) can have checks inserted based on it, but a call like malloc(N) where N is not a compile-time constant known to the compiler cannot, even though the checks would be functionally the same just based on the expression N.
1
1
2
A _FORTIFY_SOURCE implementation can use it just by dropping in the new intrinsic to where they perform runtime checks. They could leave the existing intrinsic for compile-time checks or use __builtin_constant_p. Manual compile-time errors don't work with Clang anyway right now.
1
1
1
Clang will always lower __builtin_constant_p before inlining, so it never makes use of compile-time fast paths which is part of what was solved by the pass_object_size approach. That feature will need to be extended with support for this too. Google moved to using that in Bionic.
1
1
I provided some related context in twitter.com/DanielMicay/st. There was existing interest in this feature elsewhere so it's nice to see Apple get an implementation landed in Clang. I had actually used the same naming they chose for a different, related feature that I'll rename now.
Quote Tweet
twitter.com/yabbadabbadrew
It's nice to see this feature get implemented. I'll need to change the naming of my existing __dynamic_object_size function once I reimplement that for Android Oreo based on the new hardened malloc implementation to disambiguate.
github.com/AndroidHardeni
Show this thread