diff mbox

[Doc] Add caveat to __builtin_object_size

Message ID 4FCC730D.4000803@redhat.com
State New
Headers show

Commit Message

Florian Weimer June 4, 2012, 8:34 a.m. UTC 
On 06/04/2012 10:23 AM, Jakub Jelinek wrote:
> On Mon, Jun 04, 2012 at 10:15:35AM +0200, Florian Weimer wrote:
>> --- gcc/doc/extend.texi	(revision 187951)
>> +++ gcc/doc/extend.texi	(working copy)
>> @@ -7376,8 +7376,15 @@
>>   @findex __builtin___vfprintf_chk
>>
>>   GCC implements a limited buffer overflow protection mechanism
>> -that can prevent some buffer overflow attacks.
>> +that can prevent some buffer overflow attacks.  GNU libc uses it
>> +in the implementation of the @code{_FORTIFY_SOURCE} functionality.
>>
>> +This protection mechanism is only a last resort.  As a programmer, you
>> +must not rely on its presence, but use explicit buffer length checks
>> +to avoid buffer overflows.  GCC may not be able to determine buffer
>> +sizes accurately, and the accuracy depends on compiler version and
>> +optimization level (currently, at least @option{-O2} is required).
>
> That isn't true, at -O1 or -Os it should work just fine too, and
> to some extent on the compiler side even at -O0.

Fold needs to run.  Without it, __builtin_object_size constantly returns 
(size_t)-1.  The documentation doesn't say which optimization level 
enables fold, so I have to guess.  -O0 apparently doesn't.

> So I'd just replace optimization level.*\. with compiler options.

Okay.  What about this?
diff mbox

Patch

Index: gcc/doc/extend.texi
===================================================================
--- gcc/doc/extend.texi	(revision 187951)
+++ gcc/doc/extend.texi	(working copy)
@@ -7376,8 +7376,15 @@ 
 @findex __builtin___vfprintf_chk
 
 GCC implements a limited buffer overflow protection mechanism
-that can prevent some buffer overflow attacks.
+that can prevent some buffer overflow attacks.  GNU libc uses it
+in the implementation of the @code{_FORTIFY_SOURCE} functionality.
 
+This protection mechanism is only a last resort.  As a programmer, you
+must not rely on its presence, but use explicit buffer length checks
+to avoid buffer overflows.  GCC may not be able to determine buffer
+sizes accurately, and the accuracy depends on compiler version and
+options.
+
 @deftypefn {Built-in Function} {size_t} __builtin_object_size (void * @var{ptr}, int @var{type})
 is a built-in construct that returns a constant number of bytes from
 @var{ptr} to the end of the object @var{ptr} pointer points to