suppose I have many appearances of strcpy,strcat & memcpy in our project (a very big one!) . How can I easily detect all the places I have an overlap between source and destination pointers.
I know that valgrind can do it but not all cases can be detected at runtime while vilgrind is running (there are many possible flows).
does someone know if gcc hardening can offer a solution for this problem? or maybe other idea besides wrapping those functions and check it by myself?
You can write a wrapper to check them dynamically.
void *memcpy_check(void *dest, const void *src, size_t n)
{
// Code to examine whether dest and src overlap.
// If overlap, abort() or report error.
memcpy(dest, src, n);
}
#define memcpy memcpy_check
Warning that never include any system headers after the line #define. All the needed system headers should be #included before these codes.
It's impossible to check statically because compiler doesn't know the run-time value of these pointers.
Even checking at runtime is only going to tell you that the tests you have run s far do not produce overlapping strings.
An alternative approach would be not to worry about it, and simply change every memcpy to memmove, and every strcpy(d,s) to memmove(d,s,strlen(s)+1) (which can of course be put in an inline function). In most cases the performance difference would be negligible. This should take you a whole 5 minutes with perl which will be a considerably more productive use of time than instrumenting the lot or understanding every call.
