Open kees opened 1 year ago
The matching GCC bug is: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=108894
This appears to actually be covered by -fsanitize=object-size
, though it doesn't appear to have a warning mode. It is trap-only.
From what I can grok, you want the sanitizer to generate a check for a dynamically allocated array access when the alloc_size
attribute is used (via malloc
)? I don't think such a check is dependent upon the __builtin_{dynamic_}object_size
builtins. A fixed sized array is "easy" because the size is part of its type.
It might be "hackable" to add the alloc_size
to the array so that it's available. (Though as I mentioned privately, that information might be lost if the array is passed outside of a function...maybe...) This is similar to the element_count
hack I wrote (https://reviews.llvm.org/D148381).
Would the above be sufficient for your needs?
I wasn't able to replicate a trap with -fsanitize=object-size
.
While
-fsanitize-bounds
is able to perform run-time bounds checking on fixed-size arrays (i.e. when__builtin_object_size(x, 1)
does not returnSIZE_MAX
), it does not perform bounds checking when__builtin_dynamic_object_size(x, 1)
is available.For example, the attached program produces no bounds-checker warnings for the "dynamic size" case: