|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
Patches5_3 (last revision 2010-12-20 18:22 UTC by crrodriguez at opensuse dot org)Pull RequestsHistoryAllCommentsChangesGit/SVN commits
[2011-02-21 15:43 UTC] johannes@php.net
-Status: Open
+Status: Assigned
-Assigned To:
+Assigned To: dmitry
[2011-12-27 09:19 UTC] stas@php.net
-Type: Security
+Type: Feature/Change Request
[2012-06-02 02:08 UTC] nlopess@php.net
[2012-06-02 02:08 UTC] nlopess@php.net
-Status: Assigned
+Status: Closed
-Assigned To: dmitry
+Assigned To: nlopess
|
|||||||||||||||||||||||||||
Copyright © 2001-2024 The PHP GroupAll rights reserved. |
Last updated: Thu Apr 25 02:01:30 2024 UTC |
Description: ------------ The attached patch Introduces support for GCC alloc_size attribute, very useful to catch buffer overflows at compile time. Test script: --------------- PHP_FUNCTION(verybuggy) { [...] char *p; p = emalloc(6); strcpy(p,"cdcdccdscdscscsdcscddsc"); [...] } Expected result: ---------------- #make buggy.c:N:N: /usr/include/bits/string3.h:107:3: warning: call to __builtin___strcpy_chk will always overflow destination buffer Actual result: -------------- No warning at all, dangerous code goes unnoticed.