summary refs log tree commit diff
diff options
context:
space:
mode:
-rw-r--r--io/bits/poll2.h27
-rw-r--r--libio/bits/stdio2.h106
-rw-r--r--misc/sys/cdefs.h47
-rw-r--r--posix/bits/unistd.h174
-rw-r--r--socket/bits/socket2.h34
-rw-r--r--stdlib/bits/stdlib.h57
-rw-r--r--wcsmbs/bits/wchar2.h219
7 files changed, 226 insertions, 438 deletions
diff --git a/io/bits/poll2.h b/io/bits/poll2.h
index be74d020f2..91cdcaf66a 100644
--- a/io/bits/poll2.h
+++ b/io/bits/poll2.h
@@ -36,16 +36,9 @@ extern int __REDIRECT (__poll_chk_warn, (struct pollfd *__fds, nfds_t __nfds,
 __fortify_function __fortified_attr_access (__write_only__, 1, 2) int
 poll (struct pollfd *__fds, nfds_t __nfds, int __timeout)
 {
-  if (__glibc_objsize (__fds) != (__SIZE_TYPE__) -1)
-    {
-      if (! __builtin_constant_p (__nfds))
-	return __poll_chk (__fds, __nfds, __timeout, __glibc_objsize (__fds));
-      else if (__glibc_objsize (__fds) / sizeof (*__fds) < __nfds)
-	return __poll_chk_warn (__fds, __nfds, __timeout,
-				__glibc_objsize (__fds));
-    }
-
-  return __poll_alias (__fds, __nfds, __timeout);
+  return __glibc_fortify (poll, __nfds, sizeof (*__fds),
+			  __glibc_objsize (__fds),
+			  __fds, __nfds, __timeout);
 }
 
 
@@ -68,17 +61,9 @@ __fortify_function __fortified_attr_access (__write_only__, 1, 2) int
 ppoll (struct pollfd *__fds, nfds_t __nfds, const struct timespec *__timeout,
        const __sigset_t *__ss)
 {
-  if (__glibc_objsize (__fds) != (__SIZE_TYPE__) -1)
-    {
-      if (! __builtin_constant_p (__nfds))
-	return __ppoll_chk (__fds, __nfds, __timeout, __ss,
-			    __glibc_objsize (__fds));
-      else if (__glibc_objsize (__fds) / sizeof (*__fds) < __nfds)
-	return __ppoll_chk_warn (__fds, __nfds, __timeout, __ss,
-				 __glibc_objsize (__fds));
-    }
-
-  return __ppoll_alias (__fds, __nfds, __timeout, __ss);
+  return __glibc_fortify (ppoll, __nfds, sizeof (*__fds),
+			  __glibc_objsize (__fds),
+			  __fds, __nfds, __timeout, __ss);
 }
 #endif
 
diff --git a/libio/bits/stdio2.h b/libio/bits/stdio2.h
index 4f016a5638..40ff16b01b 100644
--- a/libio/bits/stdio2.h
+++ b/libio/bits/stdio2.h
@@ -261,15 +261,12 @@ extern char *__REDIRECT (__fgets_chk_warn,
 __fortify_function __wur __fortified_attr_access (__write_only__, 1, 2) char *
 fgets (char *__restrict __s, int __n, FILE *__restrict __stream)
 {
-  if (__glibc_objsize (__s) != (size_t) -1)
-    {
-      if (!__builtin_constant_p (__n) || __n <= 0)
-	return __fgets_chk (__s, __glibc_objsize (__s), __n, __stream);
-
-      if ((size_t) __n > __glibc_objsize (__s))
-	return __fgets_chk_warn (__s, __glibc_objsize (__s), __n, __stream);
-    }
-  return __fgets_alias (__s, __n, __stream);
+  size_t sz = __glibc_objsize (__s);
+  if (__glibc_safe_or_unknown_len (__n, sizeof (char), sz))
+    return __fgets_alias (__s, __n, __stream);
+  if (__glibc_unsafe_len (__n, sizeof (char), sz))
+    return __fgets_chk_warn (__s, sz, __n, __stream);
+  return __fgets_chk (__s, sz, __n, __stream);
 }
 
 extern size_t __fread_chk (void *__restrict __ptr, size_t __ptrlen,
@@ -291,19 +288,12 @@ __fortify_function __wur size_t
 fread (void *__restrict __ptr, size_t __size, size_t __n,
        FILE *__restrict __stream)
 {
-  if (__glibc_objsize0 (__ptr) != (size_t) -1)
-    {
-      if (!__builtin_constant_p (__size)
-	  || !__builtin_constant_p (__n)
-	  || (__size | __n) >= (((size_t) 1) << (8 * sizeof (size_t) / 2)))
-	return __fread_chk (__ptr, __glibc_objsize0 (__ptr), __size, __n,
-			    __stream);
-
-      if (__size * __n > __glibc_objsize0 (__ptr))
-	return __fread_chk_warn (__ptr, __glibc_objsize0 (__ptr), __size, __n,
-				 __stream);
-    }
-  return __fread_alias (__ptr, __size, __n, __stream);
+  size_t sz = __glibc_objsize0 (__ptr);
+  if (__glibc_safe_or_unknown_len (__n, __size, sz))
+    return __fread_alias (__ptr, __size, __n, __stream);
+  if (__glibc_unsafe_len (__n, __size, sz))
+    return __fread_chk_warn (__ptr, sz, __size, __n, __stream);
+  return __fread_chk (__ptr, sz, __size, __n, __stream);
 }
 
 #ifdef __USE_GNU
@@ -323,17 +313,12 @@ extern char *__REDIRECT (__fgets_unlocked_chk_warn,
 __fortify_function __wur __fortified_attr_access (__write_only__, 1, 2) char *
 fgets_unlocked (char *__restrict __s, int __n, FILE *__restrict __stream)
 {
-  if (__glibc_objsize (__s) != (size_t) -1)
-    {
-      if (!__builtin_constant_p (__n) || __n <= 0)
-	return __fgets_unlocked_chk (__s, __glibc_objsize (__s), __n,
-				     __stream);
-
-      if ((size_t) __n > __glibc_objsize (__s))
-	return __fgets_unlocked_chk_warn (__s, __glibc_objsize (__s), __n,
-					  __stream);
-    }
-  return __fgets_unlocked_alias (__s, __n, __stream);
+  size_t sz = __glibc_objsize (__s);
+  if (__glibc_safe_or_unknown_len (__n, sizeof (char), sz))
+    return __fgets_unlocked_alias (__s, __n, __stream);
+  if (__glibc_unsafe_len (__n, sizeof (char), sz))
+    return __fgets_unlocked_chk_warn (__s, sz, __n, __stream);
+  return __fgets_unlocked_chk (__s, sz, __n, __stream);
 }
 #endif
 
@@ -358,41 +343,36 @@ __fortify_function __wur size_t
 fread_unlocked (void *__restrict __ptr, size_t __size, size_t __n,
 		FILE *__restrict __stream)
 {
-  if (__glibc_objsize0 (__ptr) != (size_t) -1)
+  size_t sz = __glibc_objsize0 (__ptr);
+  if (__glibc_safe_or_unknown_len (__n, __size, sz))
     {
-      if (!__builtin_constant_p (__size)
-	  || !__builtin_constant_p (__n)
-	  || (__size | __n) >= (((size_t) 1) << (8 * sizeof (size_t) / 2)))
-	return __fread_unlocked_chk (__ptr, __glibc_objsize0 (__ptr), __size,
-				     __n, __stream);
-
-      if (__size * __n > __glibc_objsize0 (__ptr))
-	return __fread_unlocked_chk_warn (__ptr, __glibc_objsize0 (__ptr),
-					  __size, __n, __stream);
-    }
-
 # ifdef __USE_EXTERN_INLINES
-  if (__builtin_constant_p (__size)
-      && __builtin_constant_p (__n)
-      && (__size | __n) < (((size_t) 1) << (8 * sizeof (size_t) / 2))
-      && __size * __n <= 8)
-    {
-      size_t __cnt = __size * __n;
-      char *__cptr = (char *) __ptr;
-      if (__cnt == 0)
-	return 0;
-
-      for (; __cnt > 0; --__cnt)
+      if (__builtin_constant_p (__size)
+	  && __builtin_constant_p (__n)
+	  && (__size | __n) < (((size_t) 1) << (8 * sizeof (size_t) / 2))
+	  && __size * __n <= 8)
 	{
-	  int __c = getc_unlocked (__stream);
-	  if (__c == EOF)
-	    break;
-	  *__cptr++ = __c;
+	  size_t __cnt = __size * __n;
+	  char *__cptr = (char *) __ptr;
+	  if (__cnt == 0)
+	    return 0;
+
+	  for (; __cnt > 0; --__cnt)
+	    {
+	      int __c = getc_unlocked (__stream);
+	      if (__c == EOF)
+		break;
+	      *__cptr++ = __c;
+	    }
+	  return (__cptr - (char *) __ptr) / __size;
 	}
-      return (__cptr - (char *) __ptr) / __size;
-    }
 # endif
-  return __fread_unlocked_alias (__ptr, __size, __n, __stream);
+      return __fread_unlocked_alias (__ptr, __size, __n, __stream);
+    }
+  if (__glibc_unsafe_len (__n, __size, sz))
+    return __fread_unlocked_chk_warn (__ptr, sz, __size, __n, __stream);
+  return __fread_unlocked_chk (__ptr, sz, __size, __n, __stream);
+
 }
 #endif
 
diff --git a/misc/sys/cdefs.h b/misc/sys/cdefs.h
index f6ab95ab81..c353d2ec4d 100644
--- a/misc/sys/cdefs.h
+++ b/misc/sys/cdefs.h
@@ -150,6 +150,53 @@
 # define __glibc_objsize(__o) __bos (__o)
 #endif
 
+/* Compile time conditions to choose between the regular, _chk and _chk_warn
+   variants.  These conditions should get evaluated to constant and optimized
+   away.  */
+
+#define __glibc_safe_len_cond(__l, __s, __osz) ((__l) <= (__osz) / (__s))
+#define __glibc_unsigned_or_positive(__l) \
+  ((__typeof (__l)) 0 < (__typeof (__l)) -1				      \
+   || (__builtin_constant_p (__l) && (__l) > 0))
+
+/* Length is known to be safe at compile time if the __L * __S <= __OBJSZ
+   condition can be folded to a constant and if it is true.  The -1 check is
+   redundant because since it implies that __glibc_safe_len_cond is true.  */
+#define __glibc_safe_or_unknown_len(__l, __s, __osz) \
+  (__glibc_unsigned_or_positive (__l)					      \
+   && __builtin_constant_p (__glibc_safe_len_cond ((__SIZE_TYPE__) (__l),     \
+						   __s, __osz))		      \
+   && __glibc_safe_len_cond ((__SIZE_TYPE__) (__l), __s, __osz))
+
+/* Conversely, we know at compile time that the length is safe if the
+   __L * __S <= __OBJSZ condition can be folded to a constant and if it is
+   false.  */
+#define __glibc_unsafe_len(__l, __s, __osz) \
+  (__glibc_unsigned_or_positive (__l)					      \
+   && __builtin_constant_p (__glibc_safe_len_cond ((__SIZE_TYPE__) (__l),     \
+						   __s, __osz))		      \
+   && !__glibc_safe_len_cond ((__SIZE_TYPE__) (__l), __s, __osz))
+
+/* Fortify function f.  __f_alias, __f_chk and __f_chk_warn must be
+   declared.  */
+
+#define __glibc_fortify(f, __l, __s, __osz, ...) \
+  (__glibc_safe_or_unknown_len (__l, __s, __osz)			      \
+   ? __ ## f ## _alias (__VA_ARGS__)					      \
+   : (__glibc_unsafe_len (__l, __s, __osz)				      \
+      ? __ ## f ## _chk_warn (__VA_ARGS__, __osz)			      \
+      : __ ## f ## _chk (__VA_ARGS__, __osz)))			      \
+
+/* Fortify function f, where object size argument passed to f is the number of
+   elements and not total size.  */
+
+#define __glibc_fortify_n(f, __l, __s, __osz, ...) \
+  (__glibc_safe_or_unknown_len (__l, __s, __osz)			      \
+   ? __ ## f ## _alias (__VA_ARGS__)					      \
+   : (__glibc_unsafe_len (__l, __s, __osz)				      \
+      ? __ ## f ## _chk_warn (__VA_ARGS__, (__osz) / (__s))		      \
+      : __ ## f ## _chk (__VA_ARGS__, (__osz) / (__s))))		      \
+
 #if __GNUC_PREREQ (4,3)
 # define __warnattr(msg) __attribute__((__warning__ (msg)))
 # define __errordecl(name, msg) \
diff --git a/posix/bits/unistd.h b/posix/bits/unistd.h
index 622adeb2b2..697dcbbf7b 100644
--- a/posix/bits/unistd.h
+++ b/posix/bits/unistd.h
@@ -35,16 +35,9 @@ extern ssize_t __REDIRECT (__read_chk_warn,
 __fortify_function __wur ssize_t
 read (int __fd, void *__buf, size_t __nbytes)
 {
-  if (__glibc_objsize0 (__buf) != (size_t) -1)
-    {
-      if (!__builtin_constant_p (__nbytes))
-	return __read_chk (__fd, __buf, __nbytes, __glibc_objsize0 (__buf));
-
-      if (__nbytes > __glibc_objsize0 (__buf))
-	return __read_chk_warn (__fd, __buf, __nbytes,
-				__glibc_objsize0 (__buf));
-    }
-  return __read_alias (__fd, __buf, __nbytes);
+  return __glibc_fortify (read, __nbytes, sizeof (char),
+			  __glibc_objsize0 (__buf),
+			  __fd, __buf, __nbytes);
 }
 
 #ifdef __USE_UNIX98
@@ -78,34 +71,17 @@ extern ssize_t __REDIRECT (__pread64_chk_warn,
 __fortify_function __wur ssize_t
 pread (int __fd, void *__buf, size_t __nbytes, __off_t __offset)
 {
-  if (__glibc_objsize0 (__buf) != (size_t) -1)
-    {
-      if (!__builtin_constant_p (__nbytes))
-	return __pread_chk (__fd, __buf, __nbytes, __offset,
-			    __glibc_objsize0 (__buf));
-
-      if ( __nbytes > __glibc_objsize0 (__buf))
-	return __pread_chk_warn (__fd, __buf, __nbytes, __offset,
-				 __glibc_objsize0 (__buf));
-    }
-  return __pread_alias (__fd, __buf, __nbytes, __offset);
+  return __glibc_fortify (pread, __nbytes, sizeof (char),
+			  __glibc_objsize0 (__buf),
+			  __fd, __buf, __nbytes, __offset);
 }
 # else
 __fortify_function __wur ssize_t
 pread (int __fd, void *__buf, size_t __nbytes, __off64_t __offset)
 {
-  if (__glibc_objsize0 (__buf) != (size_t) -1)
-    {
-      if (!__builtin_constant_p (__nbytes))
-	return __pread64_chk (__fd, __buf, __nbytes, __offset,
-			      __glibc_objsize0 (__buf));
-
-      if ( __nbytes > __glibc_objsize0 (__buf))
-	return __pread64_chk_warn (__fd, __buf, __nbytes, __offset,
-				   __glibc_objsize0 (__buf));
-    }
-
-  return __pread64_alias (__fd, __buf, __nbytes, __offset);
+  return __glibc_fortify (pread64, __nbytes, sizeof (char),
+			  __glibc_objsize0 (__buf),
+			  __fd, __buf, __nbytes, __offset);
 }
 # endif
 
@@ -113,18 +89,9 @@ pread (int __fd, void *__buf, size_t __nbytes, __off64_t __offset)
 __fortify_function __wur ssize_t
 pread64 (int __fd, void *__buf, size_t __nbytes, __off64_t __offset)
 {
-  if (__glibc_objsize0 (__buf) != (size_t) -1)
-    {
-      if (!__builtin_constant_p (__nbytes))
-	return __pread64_chk (__fd, __buf, __nbytes, __offset,
-			      __glibc_objsize0 (__buf));
-
-      if ( __nbytes > __glibc_objsize0 (__buf))
-	return __pread64_chk_warn (__fd, __buf, __nbytes, __offset,
-				   __glibc_objsize0 (__buf));
-    }
-
-  return __pread64_alias (__fd, __buf, __nbytes, __offset);
+  return __glibc_fortify (pread64, __nbytes, sizeof (char),
+			  __glibc_objsize0 (__buf),
+			  __fd, __buf, __nbytes, __offset);
 }
 # endif
 #endif
@@ -149,16 +116,9 @@ __fortify_function __nonnull ((1, 2)) __wur ssize_t
 __NTH (readlink (const char *__restrict __path, char *__restrict __buf,
 		 size_t __len))
 {
-  if (__glibc_objsize (__buf) != (size_t) -1)
-    {
-      if (!__builtin_constant_p (__len))
-	return __readlink_chk (__path, __buf, __len, __glibc_objsize (__buf));
-
-      if ( __len > __glibc_objsize (__buf))
-	return __readlink_chk_warn (__path, __buf, __len,
-				    __glibc_objsize (__buf));
-    }
-  return __readlink_alias (__path, __buf, __len);
+  return __glibc_fortify (readlink, __len, sizeof (char),
+			  __glibc_objsize (__buf),
+			  __path, __buf, __len);
 }
 #endif
 
@@ -184,17 +144,9 @@ __fortify_function __nonnull ((2, 3)) __wur ssize_t
 __NTH (readlinkat (int __fd, const char *__restrict __path,
 		   char *__restrict __buf, size_t __len))
 {
-  if (__glibc_objsize (__buf) != (size_t) -1)
-    {
-      if (!__builtin_constant_p (__len))
-	return __readlinkat_chk (__fd, __path, __buf, __len,
-				 __glibc_objsize (__buf));
-
-      if (__len > __glibc_objsize (__buf))
-	return __readlinkat_chk_warn (__fd, __path, __buf, __len,
-				      __glibc_objsize (__buf));
-    }
-  return __readlinkat_alias (__fd, __path, __buf, __len);
+  return __glibc_fortify (readlinkat, __len, sizeof (char),
+			  __glibc_objsize (__buf),
+			  __fd, __path, __buf, __len);
 }
 #endif
 
@@ -211,15 +163,9 @@ extern char *__REDIRECT_NTH (__getcwd_chk_warn,
 __fortify_function __wur char *
 __NTH (getcwd (char *__buf, size_t __size))
 {
-  if (__glibc_objsize (__buf) != (size_t) -1)
-    {
-      if (!__builtin_constant_p (__size))
-	return __getcwd_chk (__buf, __size, __glibc_objsize (__buf));
-
-      if (__size > __glibc_objsize (__buf))
-	return __getcwd_chk_warn (__buf, __size, __glibc_objsize (__buf));
-    }
-  return __getcwd_alias (__buf, __size);
+  return __glibc_fortify (getcwd, __size, sizeof (char),
+			  __glibc_objsize (__buf),
+			  __buf, __size);
 }
 
 #if defined __USE_MISC || defined __USE_XOPEN_EXTENDED
@@ -253,16 +199,9 @@ extern size_t __REDIRECT_NTH (__confstr_chk_warn,
 __fortify_function size_t
 __NTH (confstr (int __name, char *__buf, size_t __len))
 {
-  if (__glibc_objsize (__buf) != (size_t) -1)
-    {
-      if (!__builtin_constant_p (__len))
-	return __confstr_chk (__name, __buf, __len, __glibc_objsize (__buf));
-
-      if (__glibc_objsize (__buf) < __len)
-	return __confstr_chk_warn (__name, __buf, __len,
-				   __glibc_objsize (__buf));
-    }
-  return __confstr_alias (__name, __buf, __len);
+  return __glibc_fortify (confstr, __len, sizeof (char),
+			  __glibc_objsize (__buf),
+			  __name, __buf, __len);
 }
 
 
@@ -279,15 +218,9 @@ extern int __REDIRECT_NTH (__getgroups_chk_warn,
 __fortify_function int
 __NTH (getgroups (int __size, __gid_t __list[]))
 {
-  if (__glibc_objsize (__list) != (size_t) -1)
-    {
-      if (!__builtin_constant_p (__size) || __size < 0)
-	return __getgroups_chk (__size, __list, __glibc_objsize (__list));
-
-      if (__size * sizeof (__gid_t) > __glibc_objsize (__list))
-	return __getgroups_chk_warn (__size, __list, __glibc_objsize (__list));
-    }
-  return __getgroups_alias (__size, __list);
+  return __glibc_fortify (getgroups, __size, sizeof (__gid_t),
+			  __glibc_objsize (__list),
+			  __size, __list);
 }
 
 
@@ -306,17 +239,9 @@ extern int __REDIRECT_NTH (__ttyname_r_chk_warn,
 __fortify_function int
 __NTH (ttyname_r (int __fd, char *__buf, size_t __buflen))
 {
-  if (__glibc_objsize (__buf) != (size_t) -1)
-    {
-      if (!__builtin_constant_p (__buflen))
-	return __ttyname_r_chk (__fd, __buf, __buflen,
-				__glibc_objsize (__buf));
-
-      if (__buflen > __glibc_objsize (__buf))
-	return __ttyname_r_chk_warn (__fd, __buf, __buflen,
-				     __glibc_objsize (__buf));
-    }
-  return __ttyname_r_alias (__fd, __buf, __buflen);
+  return __glibc_fortify (ttyname_r, __buflen, sizeof (char),
+			  __glibc_objsize (__buf),
+			  __fd, __buf, __buflen);
 }
 
 
@@ -334,16 +259,9 @@ extern int __REDIRECT (__getlogin_r_chk_warn,
 __fortify_function int
 getlogin_r (char *__buf, size_t __buflen)
 {
-  if (__glibc_objsize (__buf) != (size_t) -1)
-    {
-      if (!__builtin_constant_p (__buflen))
-	return __getlogin_r_chk (__buf, __buflen, __glibc_objsize (__buf));
-
-      if (__buflen > __glibc_objsize (__buf))
-	return __getlogin_r_chk_warn (__buf, __buflen,
-				      __glibc_objsize (__buf));
-    }
-  return __getlogin_r_alias (__buf, __buflen);
+  return __glibc_fortify (getlogin_r, __buflen, sizeof (char),
+			  __glibc_objsize (__buf),
+			  __buf, __buflen);
 }
 #endif
 
@@ -363,16 +281,9 @@ extern int __REDIRECT_NTH (__gethostname_chk_warn,
 __fortify_function int
 __NTH (gethostname (char *__buf, size_t __buflen))
 {
-  if (__glibc_objsize (__buf) != (size_t) -1)
-    {
-      if (!__builtin_constant_p (__buflen))
-	return __gethostname_chk (__buf, __buflen, __glibc_objsize (__buf));
-
-      if (__buflen > __glibc_objsize (__buf))
-	return __gethostname_chk_warn (__buf, __buflen,
-				       __glibc_objsize (__buf));
-    }
-  return __gethostname_alias (__buf, __buflen);
+  return __glibc_fortify (gethostname, __buflen, sizeof (char),
+			  __glibc_objsize (__buf),
+			  __buf, __buflen);
 }
 #endif
 
@@ -394,15 +305,8 @@ extern int __REDIRECT_NTH (__getdomainname_chk_warn,
 __fortify_function int
 __NTH (getdomainname (char *__buf, size_t __buflen))
 {
-  if (__glibc_objsize (__buf) != (size_t) -1)
-    {
-      if (!__builtin_constant_p (__buflen))
-	return __getdomainname_chk (__buf, __buflen, __glibc_objsize (__buf));
-
-      if (__buflen > __glibc_objsize (__buf))
-	return __getdomainname_chk_warn (__buf, __buflen,
-					 __glibc_objsize (__buf));
-    }
-  return __getdomainname_alias (__buf, __buflen);
+  return __glibc_fortify (getdomainname, __buflen, sizeof (char),
+			  __glibc_objsize (__buf),
+			  __buf, __buflen);
 }
 #endif
diff --git a/socket/bits/socket2.h b/socket/bits/socket2.h
index 9c8ac69624..b28cde55f3 100644
--- a/socket/bits/socket2.h
+++ b/socket/bits/socket2.h
@@ -33,17 +33,12 @@ extern ssize_t __REDIRECT (__recv_chk_warn,
 __fortify_function ssize_t
 recv (int __fd, void *__buf, size_t __n, int __flags)
 {
-  if (__glibc_objsize0 (__buf) != (size_t) -1)
-    {
-      if (!__builtin_constant_p (__n))
-	return __recv_chk (__fd, __buf, __n, __glibc_objsize0 (__buf),
-			   __flags);
-
-      if (__n > __glibc_objsize0 (__buf))
-	return __recv_chk_warn (__fd, __buf, __n, __glibc_objsize0 (__buf),
-				__flags);
-    }
-  return __recv_alias (__fd, __buf, __n, __flags);
+  size_t sz = __glibc_objsize0 (__buf);
+  if (__glibc_safe_or_unknown_len (__n, sizeof (char), sz))
+    return __recv_alias (__fd, __buf, __n, __flags);
+  if (__glibc_unsafe_len (__n, sizeof (char), sz))
+    return __recv_chk_warn (__fd, __buf, __n, sz, __flags);
+  return __recv_chk (__fd, __buf, __n, sz, __flags);
 }
 
 extern ssize_t __recvfrom_chk (int __fd, void *__restrict __buf, size_t __n,
@@ -66,14 +61,11 @@ __fortify_function ssize_t
 recvfrom (int __fd, void *__restrict __buf, size_t __n, int __flags,
 	  __SOCKADDR_ARG __addr, socklen_t *__restrict __addr_len)
 {
-  if (__glibc_objsize0 (__buf) != (size_t) -1)
-    {
-      if (!__builtin_constant_p (__n))
-	return __recvfrom_chk (__fd, __buf, __n, __glibc_objsize0 (__buf),
-			       __flags, __addr, __addr_len);
-      if (__n > __glibc_objsize0 (__buf))
-	return __recvfrom_chk_warn (__fd, __buf, __n, __glibc_objsize0 (__buf),
-				    __flags, __addr, __addr_len);
-    }
-  return __recvfrom_alias (__fd, __buf, __n, __flags, __addr, __addr_len);
+  size_t sz = __glibc_objsize0 (__buf);
+  if (__glibc_safe_or_unknown_len (__n, sizeof (char), sz))
+    return __recvfrom_alias (__fd, __buf, __n, __flags, __addr, __addr_len);
+  if (__glibc_unsafe_len (__n, sizeof (char), sz))
+    return __recvfrom_chk_warn (__fd, __buf, __n, sz, __flags, __addr,
+				__addr_len);
+  return __recvfrom_chk (__fd, __buf, __n, sz, __flags, __addr, __addr_len);
 }
diff --git a/stdlib/bits/stdlib.h b/stdlib/bits/stdlib.h
index eae31b38f0..067115eeca 100644
--- a/stdlib/bits/stdlib.h
+++ b/stdlib/bits/stdlib.h
@@ -36,17 +36,16 @@ extern char *__REDIRECT_NTH (__realpath_chk_warn,
 __fortify_function __wur char *
 __NTH (realpath (const char *__restrict __name, char *__restrict __resolved))
 {
-  if (__glibc_objsize (__resolved) != (size_t) -1)
-    {
+  size_t sz = __glibc_objsize (__resolved);
+
+  if (sz == (size_t) -1)
+    return __realpath_alias (__name, __resolved);
+
 #if defined _LIBC_LIMITS_H_ && defined PATH_MAX
-      if (__glibc_objsize (__resolved) < PATH_MAX)
-	return __realpath_chk_warn (__name, __resolved,
-				    __glibc_objsize (__resolved));
+  if (__glibc_unsafe_len (sz, sizeof (char), PATH_MAX))
+    return __realpath_chk_warn (__name, __resolved, sz);
 #endif
-      return __realpath_chk (__name, __resolved, __glibc_objsize (__resolved));
-    }
-
-  return __realpath_alias (__name, __resolved);
+  return __realpath_chk (__name, __resolved, sz);
 }
 
 
@@ -65,16 +64,9 @@ extern int __REDIRECT_NTH (__ptsname_r_chk_warn,
 __fortify_function int
 __NTH (ptsname_r (int __fd, char *__buf, size_t __buflen))
 {
-  if (__glibc_objsize (__buf) != (size_t) -1)
-    {
-      if (!__builtin_constant_p (__buflen))
-	return __ptsname_r_chk (__fd, __buf, __buflen,
-				__glibc_objsize (__buf));
-      if (__buflen > __glibc_objsize (__buf))
-	return __ptsname_r_chk_warn (__fd, __buf, __buflen,
-				     __glibc_objsize (__buf));
-    }
-  return __ptsname_r_alias (__fd, __buf, __buflen);
+  return __glibc_fortify (ptsname_r, __buflen, sizeof (char),
+			  __glibc_objsize (__buf),
+			  __fd, __buf, __buflen);
 }
 
 
@@ -120,18 +112,9 @@ __fortify_function size_t
 __NTH (mbstowcs (wchar_t *__restrict __dst, const char *__restrict __src,
 		 size_t __len))
 {
-  if (__glibc_objsize (__dst) != (size_t) -1)
-    {
-      if (!__builtin_constant_p (__len))
-	return __mbstowcs_chk (__dst, __src, __len,
-			       __glibc_objsize (__dst) / sizeof (wchar_t));
-
-      if (__len > __glibc_objsize (__dst) / sizeof (wchar_t))
-	return __mbstowcs_chk_warn (__dst, __src, __len,
-				    (__glibc_objsize (__dst)
-				     / sizeof (wchar_t)));
-    }
-  return __mbstowcs_alias (__dst, __src, __len);
+  return __glibc_fortify_n (mbstowcs, __len, sizeof (wchar_t),
+			    __glibc_objsize (__dst),
+			    __dst, __src, __len);
 }
 
 
@@ -154,13 +137,7 @@ __fortify_function size_t
 __NTH (wcstombs (char *__restrict __dst, const wchar_t *__restrict __src,
 		 size_t __len))
 {
-  if (__glibc_objsize (__dst) != (size_t) -1)
-    {
-      if (!__builtin_constant_p (__len))
-	return __wcstombs_chk (__dst, __src, __len, __glibc_objsize (__dst));
-      if (__len > __glibc_objsize (__dst))
-	return __wcstombs_chk_warn (__dst, __src, __len,
-				    __glibc_objsize (__dst));
-    }
-  return __wcstombs_alias (__dst, __src, __len);
+  return __glibc_fortify (wcstombs, __len, sizeof (char),
+			  __glibc_objsize (__dst),
+			  __dst, __src, __len);
 }
diff --git a/wcsmbs/bits/wchar2.h b/wcsmbs/bits/wchar2.h
index ea2518dc72..26012ef936 100644
--- a/wcsmbs/bits/wchar2.h
+++ b/wcsmbs/bits/wchar2.h
@@ -39,17 +39,9 @@ __fortify_function wchar_t *
 __NTH (wmemcpy (wchar_t *__restrict __s1, const wchar_t *__restrict __s2,
 		size_t __n))
 {
-  if (__glibc_objsize0 (__s1) != (size_t) -1)
-    {
-      if (!__builtin_constant_p (__n))
-	return __wmemcpy_chk (__s1, __s2, __n,
-			      __glibc_objsize0 (__s1) / sizeof (wchar_t));
-
-      if (__n > __glibc_objsize0 (__s1) / sizeof (wchar_t))
-	return __wmemcpy_chk_warn (__s1, __s2, __n,
-				   __glibc_objsize0 (__s1) / sizeof (wchar_t));
-    }
-  return __wmemcpy_alias (__s1, __s2, __n);
+  return __glibc_fortify_n (wmemcpy, __n, sizeof (wchar_t),
+			    __glibc_objsize0 (__s1),
+			    __s1, __s2, __n);
 }
 
 
@@ -67,18 +59,9 @@ extern wchar_t *__REDIRECT_NTH (__wmemmove_chk_warn,
 __fortify_function wchar_t *
 __NTH (wmemmove (wchar_t *__s1, const wchar_t *__s2, size_t __n))
 {
-  if (__glibc_objsize0 (__s1) != (size_t) -1)
-    {
-      if (!__builtin_constant_p (__n))
-	return __wmemmove_chk (__s1, __s2, __n,
-			       __glibc_objsize0 (__s1) / sizeof (wchar_t));
-
-      if (__n > __glibc_objsize0 (__s1) / sizeof (wchar_t))
-	return __wmemmove_chk_warn (__s1, __s2, __n,
-				    (__glibc_objsize0 (__s1)
-				     / sizeof (wchar_t)));
-    }
-  return __wmemmove_alias (__s1, __s2, __n);
+  return __glibc_fortify_n (wmemmove, __n, sizeof (wchar_t),
+			    __glibc_objsize0 (__s1),
+			    __s1, __s2, __n);
 }
 
 
@@ -101,18 +84,9 @@ __fortify_function wchar_t *
 __NTH (wmempcpy (wchar_t *__restrict __s1, const wchar_t *__restrict __s2,
 		 size_t __n))
 {
-  if (__glibc_objsize0 (__s1) != (size_t) -1)
-    {
-      if (!__builtin_constant_p (__n))
-	return __wmempcpy_chk (__s1, __s2, __n,
-			       __glibc_objsize0 (__s1) / sizeof (wchar_t));
-
-      if (__n > __glibc_objsize0 (__s1) / sizeof (wchar_t))
-	return __wmempcpy_chk_warn (__s1, __s2, __n,
-				    (__glibc_objsize0 (__s1)
-				     / sizeof (wchar_t)));
-    }
-  return __wmempcpy_alias (__s1, __s2, __n);
+  return __glibc_fortify_n (wmempcpy, __n, sizeof (wchar_t),
+			    __glibc_objsize0 (__s1),
+			    __s1, __s2, __n);
 }
 #endif
 
@@ -130,17 +104,9 @@ extern wchar_t *__REDIRECT_NTH (__wmemset_chk_warn,
 __fortify_function wchar_t *
 __NTH (wmemset (wchar_t *__s, wchar_t __c, size_t __n))
 {
-  if (__glibc_objsize0 (__s) != (size_t) -1)
-    {
-      if (!__builtin_constant_p (__n))
-	return __wmemset_chk (__s, __c, __n,
-			      __glibc_objsize0 (__s) / sizeof (wchar_t));
-
-      if (__n > __glibc_objsize0 (__s) / sizeof (wchar_t))
-	return __wmemset_chk_warn (__s, __c, __n,
-				   __glibc_objsize0 (__s) / sizeof (wchar_t));
-    }
-  return __wmemset_alias (__s, __c, __n);
+  return __glibc_fortify_n (wmemset, __n, sizeof (wchar_t),
+			    __glibc_objsize0 (__s),
+			    __s, __c, __n);
 }
 
 
@@ -154,9 +120,9 @@ extern wchar_t *__REDIRECT_NTH (__wcscpy_alias,
 __fortify_function wchar_t *
 __NTH (wcscpy (wchar_t *__restrict __dest, const wchar_t *__restrict __src))
 {
-  if (__glibc_objsize (__dest) != (size_t) -1)
-    return __wcscpy_chk (__dest, __src,
-			 __glibc_objsize (__dest) / sizeof (wchar_t));
+  size_t sz = __glibc_objsize (__dest);
+  if (sz != (size_t) -1)
+    return __wcscpy_chk (__dest, __src, sz / sizeof (wchar_t));
   return __wcscpy_alias (__dest, __src);
 }
 
@@ -171,9 +137,9 @@ extern wchar_t *__REDIRECT_NTH (__wcpcpy_alias,
 __fortify_function wchar_t *
 __NTH (wcpcpy (wchar_t *__restrict __dest, const wchar_t *__restrict __src))
 {
-  if (__glibc_objsize (__dest) != (size_t) -1)
-    return __wcpcpy_chk (__dest, __src,
-			 __glibc_objsize (__dest) / sizeof (wchar_t));
+  size_t sz = __glibc_objsize (__dest);
+  if (sz != (size_t) -1)
+    return __wcpcpy_chk (__dest, __src, sz / sizeof (wchar_t));
   return __wcpcpy_alias (__dest, __src);
 }
 
@@ -196,17 +162,9 @@ __fortify_function wchar_t *
 __NTH (wcsncpy (wchar_t *__restrict __dest, const wchar_t *__restrict __src,
 		size_t __n))
 {
-  if (__glibc_objsize (__dest) != (size_t) -1)
-    {
-      if (!__builtin_constant_p (__n))
-	return __wcsncpy_chk (__dest, __src, __n,
-			      __glibc_objsize (__dest) / sizeof (wchar_t));
-      if (__n > __glibc_objsize (__dest) / sizeof (wchar_t))
-	return __wcsncpy_chk_warn (__dest, __src, __n,
-				   (__glibc_objsize (__dest)
-				    / sizeof (wchar_t)));
-    }
-  return __wcsncpy_alias (__dest, __src, __n);
+  return __glibc_fortify_n (wcsncpy, __n, sizeof (wchar_t),
+			    __glibc_objsize (__dest),
+			    __dest, __src, __n);
 }
 
 
@@ -228,17 +186,9 @@ __fortify_function wchar_t *
 __NTH (wcpncpy (wchar_t *__restrict __dest, const wchar_t *__restrict __src,
 		size_t __n))
 {
-  if (__glibc_objsize (__dest) != (size_t) -1)
-    {
-      if (!__builtin_constant_p (__n))
-	return __wcpncpy_chk (__dest, __src, __n,
-			      __glibc_objsize (__dest) / sizeof (wchar_t));
-      if (__n > __glibc_objsize (__dest) / sizeof (wchar_t))
-	return __wcpncpy_chk_warn (__dest, __src, __n,
-				   (__glibc_objsize (__dest)
-				    / sizeof (wchar_t)));
-    }
-  return __wcpncpy_alias (__dest, __src, __n);
+  return __glibc_fortify_n (wcpncpy, __n, sizeof (wchar_t),
+			    __glibc_objsize (__dest),
+			    __dest, __src, __n);
 }
 
 
@@ -252,9 +202,9 @@ extern wchar_t *__REDIRECT_NTH (__wcscat_alias,
 __fortify_function wchar_t *
 __NTH (wcscat (wchar_t *__restrict __dest, const wchar_t *__restrict __src))
 {
-  if (__glibc_objsize (__dest) != (size_t) -1)
-    return __wcscat_chk (__dest, __src,
-			 __glibc_objsize (__dest) / sizeof (wchar_t));
+  size_t sz = __glibc_objsize (__dest);
+  if (sz != (size_t) -1)
+    return __wcscat_chk (__dest, __src, sz / sizeof (wchar_t));
   return __wcscat_alias (__dest, __src);
 }
 
@@ -271,9 +221,9 @@ __fortify_function wchar_t *
 __NTH (wcsncat (wchar_t *__restrict __dest, const wchar_t *__restrict __src,
 		size_t __n))
 {
-  if (__glibc_objsize (__dest) != (size_t) -1)
-    return __wcsncat_chk (__dest, __src, __n,
-			  __glibc_objsize (__dest) / sizeof (wchar_t));
+  size_t sz = __glibc_objsize (__dest);
+  if (sz != (size_t) -1)
+    return __wcsncat_chk (__dest, __src, __n, sz / sizeof (wchar_t));
   return __wcsncat_alias (__dest, __src, __n);
 }
 
@@ -293,10 +243,10 @@ __fortify_function int
 __NTH (swprintf (wchar_t *__restrict __s, size_t __n,
 		 const wchar_t *__restrict __fmt, ...))
 {
-  if (__glibc_objsize (__s) != (size_t) -1 || __USE_FORTIFY_LEVEL > 1)
+  size_t sz = __glibc_objsize (__s);
+  if (sz != (size_t) -1 || __USE_FORTIFY_LEVEL > 1)
     return __swprintf_chk (__s, __n, __USE_FORTIFY_LEVEL - 1,
-			   __glibc_objsize (__s) / sizeof (wchar_t),
-			   __fmt, __va_arg_pack ());
+			   sz / sizeof (wchar_t), __fmt, __va_arg_pack ());
   return __swprintf_alias (__s, __n, __fmt, __va_arg_pack ());
 }
 #elif !defined __cplusplus
@@ -323,10 +273,10 @@ __fortify_function int
 __NTH (vswprintf (wchar_t *__restrict __s, size_t __n,
 		  const wchar_t *__restrict __fmt, __gnuc_va_list __ap))
 {
-  if (__glibc_objsize (__s) != (size_t) -1 || __USE_FORTIFY_LEVEL > 1)
+  size_t sz = __glibc_objsize (__s);
+  if (sz != (size_t) -1 || __USE_FORTIFY_LEVEL > 1)
     return __vswprintf_chk (__s, __n,  __USE_FORTIFY_LEVEL - 1,
-			    __glibc_objsize (__s) / sizeof (wchar_t), __fmt,
-			    __ap);
+			    sz / sizeof (wchar_t), __fmt, __ap);
   return __vswprintf_alias (__s, __n, __fmt, __ap);
 }
 
@@ -392,18 +342,12 @@ extern wchar_t *__REDIRECT (__fgetws_chk_warn,
 __fortify_function __wur wchar_t *
 fgetws (wchar_t *__restrict __s, int __n, __FILE *__restrict __stream)
 {
-  if (__glibc_objsize (__s) != (size_t) -1)
-    {
-      if (!__builtin_constant_p (__n) || __n <= 0)
-	return __fgetws_chk (__s, __glibc_objsize (__s) / sizeof (wchar_t),
-			     __n, __stream);
-
-      if ((size_t) __n > __glibc_objsize (__s) / sizeof (wchar_t))
-	return __fgetws_chk_warn (__s,
-				  __glibc_objsize (__s) / sizeof (wchar_t),
-				  __n, __stream);
-    }
-  return __fgetws_alias (__s, __n, __stream);
+  size_t sz = __glibc_objsize (__s);
+  if (__glibc_safe_or_unknown_len (__n, sizeof (wchar_t), sz))
+    return __fgetws_alias (__s, __n, __stream);
+  if (__glibc_unsafe_len (__n, sizeof (wchar_t), sz))
+    return __fgetws_chk_warn (__s, sz / sizeof (wchar_t), __n, __stream);
+  return __fgetws_chk (__s, sz / sizeof (wchar_t), __n, __stream);
 }
 
 #ifdef __USE_GNU
@@ -424,20 +368,13 @@ extern wchar_t *__REDIRECT (__fgetws_unlocked_chk_warn,
 __fortify_function __wur wchar_t *
 fgetws_unlocked (wchar_t *__restrict __s, int __n, __FILE *__restrict __stream)
 {
-  if (__glibc_objsize (__s) != (size_t) -1)
-    {
-      if (!__builtin_constant_p (__n) || __n <= 0)
-	return __fgetws_unlocked_chk (__s,
-				      __glibc_objsize (__s) / sizeof (wchar_t),
-				      __n, __stream);
-
-      if ((size_t) __n > __glibc_objsize (__s) / sizeof (wchar_t))
-	return __fgetws_unlocked_chk_warn (__s,
-					   (__glibc_objsize (__s)
-					    / sizeof (wchar_t)),
-					   __n, __stream);
-    }
-  return __fgetws_unlocked_alias (__s, __n, __stream);
+  size_t sz = __glibc_objsize (__s);
+  if (__glibc_safe_or_unknown_len (__n, sizeof (wchar_t), sz))
+    return __fgetws_unlocked_alias (__s, __n, __stream);
+  if (__glibc_unsafe_len (__n, sizeof (wchar_t), sz))
+    return __fgetws_unlocked_chk_warn (__s, sz / sizeof (wchar_t), __n,
+				       __stream);
+  return __fgetws_unlocked_chk (__s, sz / sizeof (wchar_t), __n, __stream);
 }
 #endif
 
@@ -488,18 +425,9 @@ __fortify_function size_t
 __NTH (mbsrtowcs (wchar_t *__restrict __dst, const char **__restrict __src,
 		  size_t __len, mbstate_t *__restrict __ps))
 {
-  if (__glibc_objsize (__dst) != (size_t) -1)
-    {
-      if (!__builtin_constant_p (__len))
-	return __mbsrtowcs_chk (__dst, __src, __len, __ps,
-				__glibc_objsize (__dst) / sizeof (wchar_t));
-
-      if (__len > __glibc_objsize (__dst) / sizeof (wchar_t))
-	return __mbsrtowcs_chk_warn (__dst, __src, __len, __ps,
-				     (__glibc_objsize (__dst)
-				      / sizeof (wchar_t)));
-    }
-  return __mbsrtowcs_alias (__dst, __src, __len, __ps);
+  return __glibc_fortify_n (mbsrtowcs, __len, sizeof (wchar_t),
+			    __glibc_objsize (__dst),
+			    __dst, __src, __len, __ps);
 }
 
 
@@ -523,17 +451,9 @@ __fortify_function size_t
 __NTH (wcsrtombs (char *__restrict __dst, const wchar_t **__restrict __src,
 		  size_t __len, mbstate_t *__restrict __ps))
 {
-  if (__glibc_objsize (__dst) != (size_t) -1)
-    {
-      if (!__builtin_constant_p (__len))
-	return __wcsrtombs_chk (__dst, __src, __len, __ps,
-				__glibc_objsize (__dst));
-
-      if (__len > __glibc_objsize (__dst))
-	return __wcsrtombs_chk_warn (__dst, __src, __len, __ps,
-				     __glibc_objsize (__dst));
-    }
-  return __wcsrtombs_alias (__dst, __src, __len, __ps);
+  return __glibc_fortify (wcsrtombs, __len, sizeof (char),
+			  __glibc_objsize (__dst),
+			  __dst, __src, __len, __ps);
 }
 
 
@@ -559,18 +479,9 @@ __fortify_function size_t
 __NTH (mbsnrtowcs (wchar_t *__restrict __dst, const char **__restrict __src,
 		   size_t __nmc, size_t __len, mbstate_t *__restrict __ps))
 {
-  if (__glibc_objsize (__dst) != (size_t) -1)
-    {
-      if (!__builtin_constant_p (__len))
-	return __mbsnrtowcs_chk (__dst, __src, __nmc, __len, __ps,
-				 __glibc_objsize (__dst) / sizeof (wchar_t));
-
-      if (__len > __glibc_objsize (__dst) / sizeof (wchar_t))
-	return __mbsnrtowcs_chk_warn (__dst, __src, __nmc, __len, __ps,
-				      (__glibc_objsize (__dst)
-				       / sizeof (wchar_t)));
-    }
-  return __mbsnrtowcs_alias (__dst, __src, __nmc, __len, __ps);
+  return __glibc_fortify_n (mbsnrtowcs, __len, sizeof (wchar_t),
+			    __glibc_objsize (__dst),
+			    __dst, __src, __nmc, __len, __ps);
 }
 
 
@@ -596,16 +507,8 @@ __fortify_function size_t
 __NTH (wcsnrtombs (char *__restrict __dst, const wchar_t **__restrict __src,
 		   size_t __nwc, size_t __len, mbstate_t *__restrict __ps))
 {
-  if (__glibc_objsize (__dst) != (size_t) -1)
-    {
-      if (!__builtin_constant_p (__len))
-	return __wcsnrtombs_chk (__dst, __src, __nwc, __len, __ps,
-				 __glibc_objsize (__dst));
-
-      if (__len > __glibc_objsize (__dst))
-	return __wcsnrtombs_chk_warn (__dst, __src, __nwc, __len, __ps,
-				      __glibc_objsize (__dst));
-    }
-  return __wcsnrtombs_alias (__dst, __src, __nwc, __len, __ps);
+  return __glibc_fortify (wcsnrtombs, __len, sizeof (char),
+			  __glibc_objsize (__dst),
+			  __dst, __src, __nwc, __len, __ps);
 }
 #endif