[Doc] Add caveat to __builtin_object_size

Message ID	4FCC6EA7.4060507@redhat.com
State	New
Headers	show Return-Path: <gcc-patches-return-320164-incoming=patchwork.ozlabs.org@gcc.gnu.org> Comment: DKIM? See http://www.dkim.org Comment: DomainKeys? See http://antispam.yahoo.com/domainkeys DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=default; d=gcc.gnu.org; h=Received:Received:X-SWARE-Spam-Status:X-Spam-Check-By:Received:Received:Received:Message-ID:Date:From:User-Agent:MIME-Version:To:Subject:Content-Type:X-IsSubscribed:Mailing-List:Precedence:List-Id:List-Unsubscribe:List-Archive:List-Post:List-Help:Sender:Delivered-To; b=Bav2L56rwUDwijYr8jhUKe/jI5ihAAGdyKPlSbrG5OIyd4ula8BgYJcQCdOn6j NHAZBuvTSlYZSQ5im4yyXJvxfYMPZrLzaeSKdgIUE/bcUFhAHqYVaGAWAitGjklW liX5DmtGtmfSAgUlkaUq7uQ2sjCj7sOccdsyDONrTaCJo=; Message-ID: <4FCC6EA7.4060507@redhat.com> Date: Mon, 04 Jun 2012 10:15:35 +0200 From: Florian Weimer <fweimer@redhat.com> User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:12.0) Gecko/20120430 Thunderbird/12.0.1 MIME-Version: 1.0 To: gcc-patches@gcc.gnu.org Subject: [Doc] Add caveat to __builtin_object_size Content-Type: multipart/mixed; boundary="------------000906090902060700070606" Mailing-List: contact gcc-patches-help@gcc.gnu.org; run by ezmlm Precedence: bulk Sender: gcc-patches-owner@gcc.gnu.org

Message ID

4FCC6EA7.4060507@redhat.com

State

New

Headers

Comment: DKIM? See http://www.dkim.org
Comment: DomainKeys? See http://antispam.yahoo.com/domainkeys
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=default; d=gcc.gnu.org;
	h=Received:Received:X-SWARE-Spam-Status:X-Spam-Check-By:Received:Received:Received:Message-ID:Date:From:User-Agent:MIME-Version:To:Subject:Content-Type:X-IsSubscribed:Mailing-List:Precedence:List-Id:List-Unsubscribe:List-Archive:List-Post:List-Help:Sender:Delivered-To;
	b=Bav2L56rwUDwijYr8jhUKe/jI5ihAAGdyKPlSbrG5OIyd4ula8BgYJcQCdOn6j
	NHAZBuvTSlYZSQ5im4yyXJvxfYMPZrLzaeSKdgIUE/bcUFhAHqYVaGAWAitGjklW
	liX5DmtGtmfSAgUlkaUq7uQ2sjCj7sOccdsyDONrTaCJo=;
Message-ID: <4FCC6EA7.4060507@redhat.com>
Date: Mon, 04 Jun 2012 10:15:35 +0200
From: Florian Weimer <fweimer@redhat.com>
User-Agent: Mozilla/5.0 (X11; Linux x86_64;
	rv:12.0) Gecko/20120430 Thunderbird/12.0.1
MIME-Version: 1.0
To: gcc-patches@gcc.gnu.org
Subject: [Doc] Add caveat to __builtin_object_size
Content-Type: multipart/mixed;
	boundary="------------000906090902060700070606"
Mailing-List: contact gcc-patches-help@gcc.gnu.org; run by ezmlm
Precedence: bulk
Sender: gcc-patches-owner@gcc.gnu.org

Commit Message

Florian Weimer June 4, 2012, 8:15 a.m. UTC

This patch adds a cross-reference to GNU libc and _FORTIFY_SOURCE (which 
needs to be documented there) and mentions the optimization level 
requirements.

Okay for trunk?

2012-06-04  Florian Weimer  <fweimer@redhat.com>

	* doc/extend.texi (Object Size Checking): Mention
          _FORTIFY_SOURCE, add caveat.

Comments

Jakub Jelinek June 4, 2012, 8:23 a.m. UTC | #1

On Mon, Jun 04, 2012 at 10:15:35AM +0200, Florian Weimer wrote:
> --- gcc/doc/extend.texi	(revision 187951)
> +++ gcc/doc/extend.texi	(working copy)
> @@ -7376,8 +7376,15 @@
>  @findex __builtin___vfprintf_chk
>  
>  GCC implements a limited buffer overflow protection mechanism
> -that can prevent some buffer overflow attacks.
> +that can prevent some buffer overflow attacks.  GNU libc uses it
> +in the implementation of the @code{_FORTIFY_SOURCE} functionality.
>  
> +This protection mechanism is only a last resort.  As a programmer, you
> +must not rely on its presence, but use explicit buffer length checks
> +to avoid buffer overflows.  GCC may not be able to determine buffer
> +sizes accurately, and the accuracy depends on compiler version and
> +optimization level (currently, at least @option{-O2} is required).

That isn't true, at -O1 or -Os it should work just fine too, and
to some extent on the compiler side even at -O0.
So I'd just replace optimization level.*\. with compiler options.

	Jakub

Index: gcc/doc/extend.texi
===================================================================
--- gcc/doc/extend.texi	(revision 187951)
+++ gcc/doc/extend.texi	(working copy)
@@ -7376,8 +7376,15 @@ 
 @findex __builtin___vfprintf_chk
 
 GCC implements a limited buffer overflow protection mechanism
-that can prevent some buffer overflow attacks.
+that can prevent some buffer overflow attacks.  GNU libc uses it
+in the implementation of the @code{_FORTIFY_SOURCE} functionality.
 
+This protection mechanism is only a last resort.  As a programmer, you
+must not rely on its presence, but use explicit buffer length checks
+to avoid buffer overflows.  GCC may not be able to determine buffer
+sizes accurately, and the accuracy depends on compiler version and
+optimization level (currently, at least @option{-O2} is required).
+
 @deftypefn {Built-in Function} {size_t} __builtin_object_size (void * @var{ptr}, int @var{type})
 is a built-in construct that returns a constant number of bytes from
 @var{ptr} to the end of the object @var{ptr} pointer points to

[Doc] Add caveat to __builtin_object_size

Commit Message

Comments

Patch