Contributed by jose on from the code-level-security dept.
From: Anil MadhavapeddyDate: Thu, 26 Jun 2003 12:30:06 -0600 (MDT) To: source-changes@cvs.openbsd.org Subject: CVS: cvs.openbsd.org: src CVSROOT: /cvs Module name: src Changes by: avsm@cvs.openbsd.org 2003/06/26 12:30:05 Modified files: gnu/egcs/gcc : c-common.c c-decl.c c-tree.h c-typeck.c fold-const.c toplev.c tree.h gnu/egcs/gcc/cp: call.c cp-tree.h decl2.c typeck.c Log message: Introduce a simple static checker for making sure that the bounds length passed to common functions such as strlcpy/strlcat match the real length of the buffer. It also checks to make sure that the bound length was not incorrectly derived from a sizeof(pointer) operation. Functions must be marked with the new attribute __bounded__, and warnings are turned on by -Wbounded. Specifying -Wformat also enables bounds checking for scanf(3) bounds to '%s' format variables. -Wall now turns on -Wbounded also. The checking is pretty limited right now to constant parameters, and the buffers must be statically declared, and not inside a record type. This simple checking still found hundreds of bugs around the ports tree though, and there have been no false positive warnings. 10x to niklas@, Richard Sharp and David Scott {rich,dave}@recoil.org for compiler advice. deraadt@ ok, miod@ tested on his collection of hardware You need to recompile gcc now if source upgrading in -current before doing a make world.
Various people have tested this and the tests have proven themselves. They're certainly liimted, but what they do they do well. Have a look at it, and even play with some non-OpenBSD code with it and learn how it works. Way to go, Anil!
(Comments are closed)
By Anonymous Coward () on
Comments
By Anil () avsm@ on mailto:avsm@
Comments
By Anonymous Coward () on
Comments
By Anil () avsm@ on mailto:avsm@
Also, only system libraries have been marked with __bounded__ so far - looking more closely at applications which define their own bounded functions (apache and bind would be quite likely) could pay dividends as well.
There's also the open point of doing more analysis (e.g. interval analysis), to find more bugs on more complicated, non-constant functions. If anyone's interested in trying to tackle some of these, feel free to get in touch.
By Anonymous Coward () on
By Ben Johnson () on
By Anonymous Coward () on
Any idea when this will be put back in ?
Comments
By Anonymous Coward () on