Jun 15, 2024 · Xr0 Team
We have local-constant size buffers with constant index accesses working for one-dimensional arrays. We’re taking a slight detour to implement multi-dimensional arrays.
Xr0 can now detect out-of-bounds accesses for the case of one-dimensional arrays and pointers. Some examples of this:
Xr0 rightly rejects p[1] = 1; since p is pointing at the memory location of
i. The code does not allocate memory beyond i, and accessing p[1].
void
foo()
{
int i; int *p;
p = &i;
p[1] = 1;
}
foo.x:8:10: undefined indirection: out of bounds (foo)
Xr0 rightly rejects the assignment p[2] = 3;. The heap location pointed to by
p has a size of 2, so the access p[2] is out of bounds.
#include <stdlib.h>
void
bar()
{
int *p;
p = malloc(2);
p[0] = 5;
p[1] = 4;
p[2] = 3;
}
bar.x:10:10: undefined indirection: out of bounds (bar)
Xr0 rightly rejects the assignment arr[3] = 5; to the stack allocated array.
The array arr has a size 3, so the access arr[3] is out of bounds.
void
baz()
{
char arr[3];
arr[2] = 7;
arr[3] = 5;
}
bar.x:6:10: undefined indirection: out of bounds (baz)
As mentioned, we’re taking a slight detour from the buffer out-of-bounds problem to implement multi-dimensional arrays ([#61]). The idea is that this will help us write more interesting tests for the bounds checking down the line. Our goal is to finish this by the 22nd.
Subscribe via email.