php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Request #53583 [PATCH] add support for compiler "alloc_size" attribute
Submitted: 2010-12-20 19:19 UTC Modified: 2012-06-02 02:08 UTC
From: crrodriguez at opensuse dot org Assigned: nlopess (profile)
Status: Closed Package: Scripting Engine problem
PHP Version: 5.3SVN-2010-12-20 (SVN) OS: All
Private report: No CVE-ID: None
View Developer Edit
 [2010-12-20 19:19 UTC] crrodriguez at opensuse dot org 
Description:
------------
The attached patch Introduces support for GCC alloc_size attribute, very useful 
to catch buffer overflows at compile time.





Test script:
---------------
PHP_FUNCTION(verybuggy) {
[...]

char *p;
p = emalloc(6);
strcpy(p,"cdcdccdscdscscsdcscddsc");
[...]
}

Expected result:
----------------
#make

buggy.c:N:N:
/usr/include/bits/string3.h:107:3: warning: call to __builtin___strcpy_chk will 
always overflow destination buffer


Actual result:
--------------
No warning at all, dangerous code goes unnoticed.

Patches

5_3 (last revision 2010-12-20 18:22 UTC by crrodriguez at opensuse dot org)

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2011-02-21 15:43 UTC] johannes@php.net
-Status: Open +Status: Assigned -Assigned To: +Assigned To: dmitry
 [2011-12-27 09:19 UTC] stas@php.net
-Type: Security +Type: Feature/Change Request
 [2012-06-02 02:08 UTC] nlopess@php.net 
I commited a similar patch already.
 [2012-06-02 02:08 UTC] nlopess@php.net
-Status: Assigned +Status: Closed -Assigned To: dmitry +Assigned To: nlopess
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Wed Jul 16 22:01:34 2025 UTC