OpenBSD manual page server

Manual Page Search Parameters

GCC-LOCAL(1) General Commands Manual GCC-LOCAL(1)

gcc-locallocal modifications to gcc

OpenBSD uses derivatives of gcc(1) versions 3.3.6 or 4.2.1, depending on machine architecture. In all cases, the software comes with specific modifications for OpenBSD:

The __bounded__ attribute is used to type-check functions whose parameters pass fixed-length buffers and their sizes. The syntax for normal buffers is:

__attribute__ ((__bounded__ ( __buffer__, buffer, length )))

where buffer contains the parameter number (starting from 1) of the pointer to the buffer, and length contains the parameter number of the buffer length argument.

gcc will emit a warning if the length argument is a constant larger than the actual size of the buffer. If the buffer is not a statically declared array of fixed length, no warnings will be generated. Refer to memcpy(3) for an example of a function with this check.

For checking strings, just use __string__ instead of __buffer__:

__attribute__ ((__bounded__ ( __string__, buffer, length )))

In addition to the checks described above, this also tests if the length argument was wrongly derived from a (void *) operation. strlcpy(3) is a good example of a string function with this check.

If a function needs string checking like __string__ but operates on element counts rather than buffer sizes, use __wcstring__:

__attribute__ ((__bounded__ ( __wcstring__, buffer, count )))

An example of a string function with this check is wcslcpy(3).

Some functions specify the length as two arguments: the number of elements and the size of each element. In this case, use the __size__ attribute:

__attribute__ ((__bounded__ ( __size__, buffer, nmemb, size )))

where buffer contains the parameter number of the pointer to the buffer, nmemb contains the parameter number of the number of members, and size has the parameter number of the size of each element. The type checks performed by __size__ are the same as the __buffer__ attribute. See fread(3) for an example of this type of function.

If a function accepts a buffer parameter and specifies that it has to be of a minimum length, the __minbytes__ attribute can be used:

__attribute__ ((__bounded__ ( __minbytes__, buffer, minsize )))

where buffer contains the parameter number of the pointer to the buffer, and minsize specifies the minimum number of bytes that the buffer should be. ctime_r(3) is an example of this type of function.

If -Wbounded is specified with -Wformat, additional checks are performed on sscanf(3) format strings. The ‘%s’ fields are checked for incorrect bound lengths by checking the size of the buffer associated with the format argument.

gcc(1)

http://www.research.ibm.com/trl/projects/security/ssp/

The -Wbounded flag only works with statically allocated fixed-size buffers. Since it is applied at compile-time, dynamically allocated memory buffers and non-constant arguments are ignored.

October 18, 2014 OpenBSD-5.7