On Thu, Sep 20, 2018 at 10:22 AM, Miguel Ojeda <miguel.ojeda.sandonis@xxxxxxxxx> wrote: > From the GCC manual: > > nonstring > > The nonstring variable attribute specifies that an object or member > declaration with type array of char, signed char, or unsigned char, > or pointer to such a type is intended to store character arrays that > do not necessarily contain a terminating NUL. This is useful in detecting > uses of such arrays or pointers with functions that expect NUL-terminated > strings, and to avoid warnings when such an array or pointer is used as > an argument to a bounded string manipulation function such as strncpy. > > https://gcc.gnu.org/onlinedocs/gcc/Common-Variable-Attributes.html > > This attribute can be used for documentation purposes (i.e. replacing > comments), but it is most helpful when the following warnings are enabled: > > -Wstringop-overflow > > Warn for calls to string manipulation functions such as memcpy and > strcpy that are determined to overflow the destination buffer. > > [...] > > -Wstringop-truncation > > Warn for calls to bounded string manipulation functions such as > strncat, strncpy, and stpncpy that may either truncate the copied > string or leave the destination unchanged. > > [...] > > In situations where a character array is intended to store a sequence > of bytes with no terminating NUL such an array may be annotated with > attribute nonstring to avoid this warning. Such arrays, however, > are not suitable arguments to functions that expect NUL-terminated > strings. To help detect accidental misuses of such arrays GCC issues > warnings unless it can prove that the use is safe. > > https://gcc.gnu.org/onlinedocs/gcc/Warning-Options.html > > Signed-off-by: Miguel Ojeda <miguel.ojeda.sandonis@xxxxxxxxx> Reviewed-by: Kees Cook <keescook@xxxxxxxxxxxx> -Kees -- Kees Cook Pixel Security
