![]() One of the improvements is that the analyzer now simulates APIs that scan a buffer expecting a null terminator byte, and will complain about code paths where a pointer to a buffer that isn't properly terminated is passed to such an API. I've put some work into better tracking C string operations in GCC 14's analyzer. ![]() This demonstrates that the overflow happens partway through the メ character (U+30E1). Figure 2: Visualizing non-ASCII strings in GCC 14. It can show the UTF-8 representation of the characters (Figure 2). This diagram shows the destination buffer populated by the content from the strcpy call, and thus the existing terminating NUL byte used for the start of the strcat call.įor non-ASCII strings such as this: #include Figure 1: Visualizing buffer overflows in GCC 14. For the above example (which you can try here in Compiler Explorer) it emits the diagram shown in Figure 1. So for GCC 14, I've added the ability for the analyzer to emit text-based diagrams visualizing the spatial relationships in a predicted buffer overflow. I've been unhappy with the readability of these messages: it describes some aspects of the problem, but it's hard for the user to grasp exactly what the analyzer is "thinking." :7:3: note: valid subscripts for 'buf' are '' to '' :7:3: note: write of 3 bytes to beyond the end of 'buf' | | (2) out-of-bounds write from byte 10 till byte 12 but 'buf' ends at byte 10 :7:3: warning: stack-based buffer overflow The analyzer emits this message: : In function 'test': Obviously I'm kidding with the title here, but for GCC 14 I've implemented a new warning: -Wanalyzer-infinite-loop that's able to detect some simple cases of infinite loops.įor example, consider the following C code: void test (int m, int n) This article summarizes what's new with -fanalyzer in GCC 14, which I hope will be officially released sometime in April 2024. It performs "symbolic execution" of C source code-effectively simulating the behavior of the code along the various possible paths of execution through it. ![]() I work at Red Hat on GCC, the GNU Compiler Collection. For the last five releases of GCC, I've been working on -fanalyzer, a static analysis pass that tries to identify various problems at compile-time, rather than at runtime. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |