GCC 14 -fanalyzer improvements for buffer overflows and more -- David Malcolm

For anyone interested in the top source of memory safety issues, out-of-bounds accesses... GCC 14 will be able to catch more cases, and even show them with some colorful retro ASCII art:

Improvements to static analysis in the GCC 14 compiler

by David Malcolm

It does require some source code annotation, but also delivers safety value in return.

From the article:

So for GCC 14, I've added the ability for the analyzer to emit text-based diagrams visualizing the spatial relationships in a predicted buffer overflow. ... [For example,] this diagram shows the destination buffer populated by the content from the strcpy call, and thus the existing terminating NUL byte used for the start of the strcat call. For non-ASCII strings ... it can show the UTF-8 representation of the characters ...

... [Another improvement] is that the analyzer now simulates APIs that scan a buffer expecting a null terminator byte, and will complain about code paths where a pointer to a buffer that isn't properly terminated is passed to such an API.

Plus more, such as:

The analyzer has a form of "taint analysis", which tracks attacker-controlled inputs, places where they are sanitized, and places where they are used without sanitization. In previous GCC releases this was too buggy to enable by default, with lots of false positives, so I hid it behind an extra command-line argument. I've fixed many bugs with this, so for GCC 14 I've enabled this by default when -fanalyzer is selected. This also enables these 6 taint-based warnings:

Add a Comment

Comments are closed.

Comments (0)

There are currently no comments on this entry.