Re: [RFC 0/7] eliminate snprintf with overlapping src and dst
From: Kees Cook
Date: Tue Mar 08 2016 - 18:07:33 EST
On Tue, Mar 8, 2016 at 12:40 PM, Rasmus Villemoes
<linux@xxxxxxxxxxxxxxxxxx> wrote:
> Doing snprintf(buf, len, "%s...", buf, ...) for appending to a buffer
> currently works, but it is somewhat fragile, and any other overlap
> between source and destination buffers would be a definite bug. This
> is an attempt at eliminating the relatively few occurences of this
> pattern in the kernel.
Can we add a gcc plugin to detect these and refuse to compile when
they're found?
-Kees
--
Kees Cook
Chrome OS & Brillo Security