php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Request #53583 [PATCH] add support for compiler "alloc_size" attribute
Submitted: 2010-12-20 19:19 UTC Modified: 2012-06-02 02:08 UTC
From: crrodriguez at opensuse dot org Assigned: nlopess (profile)
Status: Closed Package: Scripting Engine problem
PHP Version: 5.3SVN-2010-12-20 (SVN) OS: All
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: crrodriguez at opensuse dot org
New email:
PHP Version: OS:

 

 [2010-12-20 19:19 UTC] crrodriguez at opensuse dot org 
Description:
------------
The attached patch Introduces support for GCC alloc_size attribute, very useful 
to catch buffer overflows at compile time.





Test script:
---------------
PHP_FUNCTION(verybuggy) {
[...]

char *p;
p = emalloc(6);
strcpy(p,"cdcdccdscdscscsdcscddsc");
[...]
}

Expected result:
----------------
#make

buggy.c:N:N:
/usr/include/bits/string3.h:107:3: warning: call to __builtin___strcpy_chk will 
always overflow destination buffer


Actual result:
--------------
No warning at all, dangerous code goes unnoticed.

Patches

5_3 (last revision 2010-12-20 18:22 UTC by crrodriguez at opensuse dot org)

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2011-02-21 15:43 UTC] johannes@php.net
-Status: Open +Status: Assigned -Assigned To: +Assigned To: dmitry
 [2011-12-27 09:19 UTC] stas@php.net
-Type: Security +Type: Feature/Change Request
 [2012-06-02 02:08 UTC] nlopess@php.net 
I commited a similar patch already.
 [2012-06-02 02:08 UTC] nlopess@php.net
-Status: Assigned +Status: Closed -Assigned To: dmitry +Assigned To: nlopess
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Tue Jul 01 14:01:37 2025 UTC