Re: [PATCH] string: Check for "nonstring" attribute on strscpy() arguments

From: Miguel Ojeda
Date: Tue Aug 06 2024 - 06:47:12 EST


On Mon, Aug 5, 2024 at 11:43 PM Kees Cook <kees@xxxxxxxxxx> wrote:
>
> +/* Determine if an attribute has been applied to a variable. */
> +#if __has_builtin(__builtin_has_attribute)
> +#define __annotated(var, attr) __builtin_has_attribute(var, attr)
> +#else
> +#define __annotated(var, attr) (false)
> +#endif

`__annotated` is obviously best-effort given this definition, and we
do similar things elsewhere, and it has a double-underscore. However,
I wonder if this being a "query" (vs. something like an attribute) may
imply that it has a greater risk of someone thinking it will always
reply with the right answer... (if e.g. they copy-paste another use).
Perhaps there is a more explicit name to let users recall that.

Anyway, it looks sensible to me: more compile-time checking seldomly
hurts (apart from complexity in these definitions :). So:

Reviewed-by: Miguel Ojeda <ojeda@xxxxxxxxxx>

I also introduced a mistake on purpose and I got the expected build error, so:

Tested-by: Miguel Ojeda <ojeda@xxxxxxxxxx>

Cheers,
Miguel