OpenBSD Journal
Home : : Add Story : : Archives : : About : : Create Account : : Login :
Simple static bounds checker in 3.3-current
Contributed by jose on Fri Jun 27 11:48:00 2003 (GMT)
from the code-level-security dept.

Yet another anonymous writes:

From: Anil Madhavapeddy

Date: Thu, 26 Jun 2003 12:30:06 -0600 (MDT)
Subject: CVS: src

CVSROOT:        /cvs
Module name:    src
Changes by:    2003/06/26 12:30:05

Modified files:
        gnu/egcs/gcc   : c-common.c c-decl.c c-tree.h c-typeck.c
                         fold-const.c toplev.c tree.h
        gnu/egcs/gcc/cp: call.c cp-tree.h decl2.c typeck.c

Log message:
Introduce a simple static checker for making sure that the bounds
length passed to common functions such as strlcpy/strlcat match the
real length of the buffer.  It also checks to make sure that the bound
length was not incorrectly derived from a sizeof(pointer) operation.

Functions must be marked with the new attribute __bounded__, and warnings
are turned on by -Wbounded.  Specifying -Wformat also enables bounds
checking for scanf(3) bounds to '%s' format variables. -Wall now turns
on -Wbounded also.

The checking is pretty limited right now to constant parameters, and the
buffers must be statically declared, and not inside a record type.  This
simple checking still found hundreds of bugs around the ports tree though,
and there have been no false positive warnings.

10x to niklas@, Richard Sharp and David Scott {rich,dave} for
compiler advice.  deraadt@ ok, miod@ tested on his collection of hardware

You need to recompile gcc now if source upgrading in -current before
doing a make world.

Various people have tested this and the tests have proven themselves. They're certainly liimted, but what they do they do well. Have a look at it, and even play with some non-OpenBSD code with it and learn how it works. Way to go, Anil!


<< Distributed port scanning using OpenBSD's packet filter | Reply | Flattened | Expanded | Jacek strikes back >>

Threshold: Help

Related Links
more by jose

  For the benefit of all ..... (mod 0/8)
by Anonymous Coward on Fri Jun 27 12:46:00 2003 (GMT)
  So are these modifications something that can be fed back to the GNU compiler people?
  [ Show thread ] [ Reply to this comment ] [ Mod Up ] [ Mod Down ]

  great work (mod -4/10)
by Anonymous Coward on Fri Jun 27 14:26:00 2003 (GMT)
  As a software developer this kind of feature is very useful - great work, and thanks for the effort!
  [ Show thread ] [ Reply to this comment ] [ Mod Up ] [ Mod Down ]

  Cool! (mod 3/11)
by Ben Johnson on Fri Jun 27 15:43:00 2003 (GMT)
  I like it - it understandale, is easy to use, and has a lot of benifits. Thanks for making this!

  [ Show thread ] [ Reply to this comment ] [ Mod Up ] [ Mod Down ]

  No Subject Given (mod -1/9)
by Anonymous Coward on Sat Jun 28 22:46:00 2003 (GMT)
  Looks like the /usr/include portion was backed out.
Any idea when this will be put back in ?
  [ Show thread ] [ Reply to this comment ] [ Mod Up ] [ Mod Down ]

  Re: Simple static bounds checker in 3.3-current (mod 0/0)
by mxffiles ( on Tue Feb 7 08:30:48 2017 (GMT)
  This is a very good post which I really enjoy reading. It is not every day that I have the possibility to see something like this. Software mxf Software mxf converter free download to convert HD camcorder files. ts converter convert ts video files to avi, mp4, wmv, mov mts to avi mp4 mov mkv iMovie, FCP/FCE with mts converter, so to convert mts files for your PC and mobiles. mod converter and convert tod files just free download mod video converter. m2ts
  [ Show thread ] [ Reply to this comment ] [ Mod Up ] [ Mod Down ]
      johncarter2038 (0/0) by on Wed Feb 22 10:53:35 2017 (GMT)

[ Home | Add Story | Archives | Polls | About ]

Copyright © 2004-2008 Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to April 2nd 2004 as well as images and HTML templates were copied from the fabulous original with Jose's and Jim's kind permission. Some icons from used with permission from Kathleen. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. Search engine is ht://Dig. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]