about summary refs log tree commit diff
path: root/stdio-common
diff options
context:
space:
mode:
authorMartin Sebor <msebor@redhat.com>2021-05-06 10:56:25 -0600
committerMartin Sebor <msebor@redhat.com>2021-05-06 11:01:05 -0600
commit26492c0a14966c32c43cd6ca1d0dca5e62c6cfef (patch)
tree1d2aceda8438c17113e02f86f2c8c31d58ac7f79 /stdio-common
parent3f0808ef4c872afeade0e323c024ac59ec90fc2b (diff)
downloadglibc-26492c0a14966c32c43cd6ca1d0dca5e62c6cfef.tar.gz
glibc-26492c0a14966c32c43cd6ca1d0dca5e62c6cfef.tar.xz
glibc-26492c0a14966c32c43cd6ca1d0dca5e62c6cfef.zip
Annotate additional APIs with GCC attribute access.
This change continues the improvements to compile-time out of bounds
checking by decorating more APIs with either attribute access, or by
explicitly providing the array bound in APIs such as tmpnam() that
expect arrays of some minimum size as arguments.  (The latter feature
is new in GCC 11.)

The only effects of the attribute and/or the array bound is to check
and diagnose calls to the functions that fail to provide a sufficient
number of elements, and the definitions of the functions that access
elements outside the specified bounds.  (There is no interplay with
_FORTIFY_SOURCE here yet.)

Tested with GCC 7 through 11 on x86_64-linux.
Diffstat (limited to 'stdio-common')
-rw-r--r--stdio-common/tmpnam.c2
-rw-r--r--stdio-common/tmpnam_r.c2
2 files changed, 2 insertions, 2 deletions
diff --git a/stdio-common/tmpnam.c b/stdio-common/tmpnam.c
index a5621c2aa5..701ec95606 100644
--- a/stdio-common/tmpnam.c
+++ b/stdio-common/tmpnam.c
@@ -24,7 +24,7 @@ static char tmpnam_buffer[L_tmpnam];
 
    This function is *not* thread safe!  */
 char *
-tmpnam (char *s)
+tmpnam (char s[L_tmpnam])
 {
   /* By using two buffers we manage to be thread safe in the case
      where S != NULL.  */
diff --git a/stdio-common/tmpnam_r.c b/stdio-common/tmpnam_r.c
index 3fd20308be..1af0aa82da 100644
--- a/stdio-common/tmpnam_r.c
+++ b/stdio-common/tmpnam_r.c
@@ -20,7 +20,7 @@
 /* Generate a unique filename in P_tmpdir.  If S is NULL return NULL.
    This makes this function thread safe.  */
 char *
-tmpnam_r (char *s)
+tmpnam_r (char s[L_tmpnam])
 {
   if (s == NULL)
     return NULL;