[PATCH] buffer overflow checking for string functions

Rob Shearman robertshearman at gmail.com
Fri Sep 5 16:44:50 CDT 2008

2008/9/5 Francois Gouget <fgouget at free.fr>:
> I have a few other concerns here:
>  * Why do we need a macro here? I thought it was so that
>   __builtin_object_size() could do its work, but the strcpy() functions
>   above in the patch have no associated macro and they call
>   __builtin_object_size() on their parameter which would seem to be
>   poinless. So I must be misunderstanding something here.
>  * It's customary to add some extra parenthesing in such macros:
>      (src),(srclen),__builtin_object_size((src),0),
>  * The macro itself can cause trouble in some cases. In Winelib
>   code it can cause naming collisions with user functions (especially
>   with class methods, though it may not be very likely here), which
>   would especially be an issue with strcpy*(). Maybe it should be
>   protected by something like a WINE_NO_OVERFLOW_CHECK macro?
>  * The macro can also cause trouble in case its parameters have
>   side-effects, like x++ or similar (though the __builtin_object_size()
>   mentions returning -1 in case or side-effects). This could impact
>   Wine too.

I also have some questions:
* Is there any runtime overhead of using __builtin_object_size and/or
the __alloc_size__ attribute?
* If not and it's a compile time only thing, why can't these buffer
overruns be detected at compile time instead of runtime (which
obviously depends on test coverage)?

Rob Shearman

More information about the wine-devel mailing list