diff options
| -rw-r--r-- | io/bits/poll2.h | 27 | ||||
| -rw-r--r-- | libio/bits/stdio2.h | 106 | ||||
| -rw-r--r-- | misc/sys/cdefs.h | 47 | ||||
| -rw-r--r-- | posix/bits/unistd.h | 174 | ||||
| -rw-r--r-- | socket/bits/socket2.h | 34 | ||||
| -rw-r--r-- | stdlib/bits/stdlib.h | 57 | ||||
| -rw-r--r-- | wcsmbs/bits/wchar2.h | 219 |
7 files changed, 226 insertions, 438 deletions
diff --git a/io/bits/poll2.h b/io/bits/poll2.h index be74d020f2..91cdcaf66a 100644 --- a/io/bits/poll2.h +++ b/io/bits/poll2.h @@ -36,16 +36,9 @@ extern int __REDIRECT (__poll_chk_warn, (struct pollfd *__fds, nfds_t __nfds, __fortify_function __fortified_attr_access (__write_only__, 1, 2) int poll (struct pollfd *__fds, nfds_t __nfds, int __timeout) { - if (__glibc_objsize (__fds) != (__SIZE_TYPE__) -1) - { - if (! __builtin_constant_p (__nfds)) - return __poll_chk (__fds, __nfds, __timeout, __glibc_objsize (__fds)); - else if (__glibc_objsize (__fds) / sizeof (*__fds) < __nfds) - return __poll_chk_warn (__fds, __nfds, __timeout, - __glibc_objsize (__fds)); - } - - return __poll_alias (__fds, __nfds, __timeout); + return __glibc_fortify (poll, __nfds, sizeof (*__fds), + __glibc_objsize (__fds), + __fds, __nfds, __timeout); } @@ -68,17 +61,9 @@ __fortify_function __fortified_attr_access (__write_only__, 1, 2) int ppoll (struct pollfd *__fds, nfds_t __nfds, const struct timespec *__timeout, const __sigset_t *__ss) { - if (__glibc_objsize (__fds) != (__SIZE_TYPE__) -1) - { - if (! __builtin_constant_p (__nfds)) - return __ppoll_chk (__fds, __nfds, __timeout, __ss, - __glibc_objsize (__fds)); - else if (__glibc_objsize (__fds) / sizeof (*__fds) < __nfds) - return __ppoll_chk_warn (__fds, __nfds, __timeout, __ss, - __glibc_objsize (__fds)); - } - - return __ppoll_alias (__fds, __nfds, __timeout, __ss); + return __glibc_fortify (ppoll, __nfds, sizeof (*__fds), + __glibc_objsize (__fds), + __fds, __nfds, __timeout, __ss); } #endif diff --git a/libio/bits/stdio2.h b/libio/bits/stdio2.h index 4f016a5638..40ff16b01b 100644 --- a/libio/bits/stdio2.h +++ b/libio/bits/stdio2.h @@ -261,15 +261,12 @@ extern char *__REDIRECT (__fgets_chk_warn, __fortify_function __wur __fortified_attr_access (__write_only__, 1, 2) char * fgets (char *__restrict __s, int __n, FILE *__restrict __stream) { - if (__glibc_objsize (__s) != (size_t) -1) - { - if (!__builtin_constant_p (__n) || __n <= 0) - return __fgets_chk (__s, __glibc_objsize (__s), __n, __stream); - - if ((size_t) __n > __glibc_objsize (__s)) - return __fgets_chk_warn (__s, __glibc_objsize (__s), __n, __stream); - } - return __fgets_alias (__s, __n, __stream); + size_t sz = __glibc_objsize (__s); + if (__glibc_safe_or_unknown_len (__n, sizeof (char), sz)) + return __fgets_alias (__s, __n, __stream); + if (__glibc_unsafe_len (__n, sizeof (char), sz)) + return __fgets_chk_warn (__s, sz, __n, __stream); + return __fgets_chk (__s, sz, __n, __stream); } extern size_t __fread_chk (void *__restrict __ptr, size_t __ptrlen, @@ -291,19 +288,12 @@ __fortify_function __wur size_t fread (void *__restrict __ptr, size_t __size, size_t __n, FILE *__restrict __stream) { - if (__glibc_objsize0 (__ptr) != (size_t) -1) - { - if (!__builtin_constant_p (__size) - || !__builtin_constant_p (__n) - || (__size | __n) >= (((size_t) 1) << (8 * sizeof (size_t) / 2))) - return __fread_chk (__ptr, __glibc_objsize0 (__ptr), __size, __n, - __stream); - - if (__size * __n > __glibc_objsize0 (__ptr)) - return __fread_chk_warn (__ptr, __glibc_objsize0 (__ptr), __size, __n, - __stream); - } - return __fread_alias (__ptr, __size, __n, __stream); + size_t sz = __glibc_objsize0 (__ptr); + if (__glibc_safe_or_unknown_len (__n, __size, sz)) + return __fread_alias (__ptr, __size, __n, __stream); + if (__glibc_unsafe_len (__n, __size, sz)) + return __fread_chk_warn (__ptr, sz, __size, __n, __stream); + return __fread_chk (__ptr, sz, __size, __n, __stream); } #ifdef __USE_GNU @@ -323,17 +313,12 @@ extern char *__REDIRECT (__fgets_unlocked_chk_warn, __fortify_function __wur __fortified_attr_access (__write_only__, 1, 2) char * fgets_unlocked (char *__restrict __s, int __n, FILE *__restrict __stream) { - if (__glibc_objsize (__s) != (size_t) -1) - { - if (!__builtin_constant_p (__n) || __n <= 0) - return __fgets_unlocked_chk (__s, __glibc_objsize (__s), __n, - __stream); - - if ((size_t) __n > __glibc_objsize (__s)) - return __fgets_unlocked_chk_warn (__s, __glibc_objsize (__s), __n, - __stream); - } - return __fgets_unlocked_alias (__s, __n, __stream); + size_t sz = __glibc_objsize (__s); + if (__glibc_safe_or_unknown_len (__n, sizeof (char), sz)) + return __fgets_unlocked_alias (__s, __n, __stream); + if (__glibc_unsafe_len (__n, sizeof (char), sz)) + return __fgets_unlocked_chk_warn (__s, sz, __n, __stream); + return __fgets_unlocked_chk (__s, sz, __n, __stream); } #endif @@ -358,41 +343,36 @@ __fortify_function __wur size_t fread_unlocked (void *__restrict __ptr, size_t __size, size_t __n, FILE *__restrict __stream) { - if (__glibc_objsize0 (__ptr) != (size_t) -1) + size_t sz = __glibc_objsize0 (__ptr); + if (__glibc_safe_or_unknown_len (__n, __size, sz)) { - if (!__builtin_constant_p (__size) - || !__builtin_constant_p (__n) - || (__size | __n) >= (((size_t) 1) << (8 * sizeof (size_t) / 2))) - return __fread_unlocked_chk (__ptr, __glibc_objsize0 (__ptr), __size, - __n, __stream); - - if (__size * __n > __glibc_objsize0 (__ptr)) - return __fread_unlocked_chk_warn (__ptr, __glibc_objsize0 (__ptr), - __size, __n, __stream); - } - # ifdef __USE_EXTERN_INLINES - if (__builtin_constant_p (__size) - && __builtin_constant_p (__n) - && (__size | __n) < (((size_t) 1) << (8 * sizeof (size_t) / 2)) - && __size * __n <= 8) - { - size_t __cnt = __size * __n; - char *__cptr = (char *) __ptr; - if (__cnt == 0) - return 0; - - for (; __cnt > 0; --__cnt) + if (__builtin_constant_p (__size) + && __builtin_constant_p (__n) + && (__size | __n) < (((size_t) 1) << (8 * sizeof (size_t) / 2)) + && __size * __n <= 8) { - int __c = getc_unlocked (__stream); - if (__c == EOF) - break; - *__cptr++ = __c; + size_t __cnt = __size * __n; + char *__cptr = (char *) __ptr; + if (__cnt == 0) + return 0; + + for (; __cnt > 0; --__cnt) + { + int __c = getc_unlocked (__stream); + if (__c == EOF) + break; + *__cptr++ = __c; + } + return (__cptr - (char *) __ptr) / __size; } - return (__cptr - (char *) __ptr) / __size; - } # endif - return __fread_unlocked_alias (__ptr, __size, __n, __stream); + return __fread_unlocked_alias (__ptr, __size, __n, __stream); + } + if (__glibc_unsafe_len (__n, __size, sz)) + return __fread_unlocked_chk_warn (__ptr, sz, __size, __n, __stream); + return __fread_unlocked_chk (__ptr, sz, __size, __n, __stream); + } #endif diff --git a/misc/sys/cdefs.h b/misc/sys/cdefs.h index f6ab95ab81..c353d2ec4d 100644 --- a/misc/sys/cdefs.h +++ b/misc/sys/cdefs.h @@ -150,6 +150,53 @@ # define __glibc_objsize(__o) __bos (__o) #endif +/* Compile time conditions to choose between the regular, _chk and _chk_warn + variants. These conditions should get evaluated to constant and optimized + away. */ + +#define __glibc_safe_len_cond(__l, __s, __osz) ((__l) <= (__osz) / (__s)) +#define __glibc_unsigned_or_positive(__l) \ + ((__typeof (__l)) 0 < (__typeof (__l)) -1 \ + || (__builtin_constant_p (__l) && (__l) > 0)) + +/* Length is known to be safe at compile time if the __L * __S <= __OBJSZ + condition can be folded to a constant and if it is true. The -1 check is + redundant because since it implies that __glibc_safe_len_cond is true. */ +#define __glibc_safe_or_unknown_len(__l, __s, __osz) \ + (__glibc_unsigned_or_positive (__l) \ + && __builtin_constant_p (__glibc_safe_len_cond ((__SIZE_TYPE__) (__l), \ + __s, __osz)) \ + && __glibc_safe_len_cond ((__SIZE_TYPE__) (__l), __s, __osz)) + +/* Conversely, we know at compile time that the length is safe if the + __L * __S <= __OBJSZ condition can be folded to a constant and if it is + false. */ +#define __glibc_unsafe_len(__l, __s, __osz) \ + (__glibc_unsigned_or_positive (__l) \ + && __builtin_constant_p (__glibc_safe_len_cond ((__SIZE_TYPE__) (__l), \ + __s, __osz)) \ + && !__glibc_safe_len_cond ((__SIZE_TYPE__) (__l), __s, __osz)) + +/* Fortify function f. __f_alias, __f_chk and __f_chk_warn must be + declared. */ + +#define __glibc_fortify(f, __l, __s, __osz, ...) \ + (__glibc_safe_or_unknown_len (__l, __s, __osz) \ + ? __ ## f ## _alias (__VA_ARGS__) \ + : (__glibc_unsafe_len (__l, __s, __osz) \ + ? __ ## f ## _chk_warn (__VA_ARGS__, __osz) \ + : __ ## f ## _chk (__VA_ARGS__, __osz))) \ + +/* Fortify function f, where object size argument passed to f is the number of + elements and not total size. */ + +#define __glibc_fortify_n(f, __l, __s, __osz, ...) \ + (__glibc_safe_or_unknown_len (__l, __s, __osz) \ + ? __ ## f ## _alias (__VA_ARGS__) \ + : (__glibc_unsafe_len (__l, __s, __osz) \ + ? __ ## f ## _chk_warn (__VA_ARGS__, (__osz) / (__s)) \ + : __ ## f ## _chk (__VA_ARGS__, (__osz) / (__s)))) \ + #if __GNUC_PREREQ (4,3) # define __warnattr(msg) __attribute__((__warning__ (msg))) # define __errordecl(name, msg) \ diff --git a/posix/bits/unistd.h b/posix/bits/unistd.h index 622adeb2b2..697dcbbf7b 100644 --- a/posix/bits/unistd.h +++ b/posix/bits/unistd.h @@ -35,16 +35,9 @@ extern ssize_t __REDIRECT (__read_chk_warn, __fortify_function __wur ssize_t read (int __fd, void *__buf, size_t __nbytes) { - if (__glibc_objsize0 (__buf) != (size_t) -1) - { - if (!__builtin_constant_p (__nbytes)) - return __read_chk (__fd, __buf, __nbytes, __glibc_objsize0 (__buf)); - - if (__nbytes > __glibc_objsize0 (__buf)) - return __read_chk_warn (__fd, __buf, __nbytes, - __glibc_objsize0 (__buf)); - } - return __read_alias (__fd, __buf, __nbytes); + return __glibc_fortify (read, __nbytes, sizeof (char), + __glibc_objsize0 (__buf), + __fd, __buf, __nbytes); } #ifdef __USE_UNIX98 @@ -78,34 +71,17 @@ extern ssize_t __REDIRECT (__pread64_chk_warn, __fortify_function __wur ssize_t pread (int __fd, void *__buf, size_t __nbytes, __off_t __offset) { - if (__glibc_objsize0 (__buf) != (size_t) -1) - { - if (!__builtin_constant_p (__nbytes)) - return __pread_chk (__fd, __buf, __nbytes, __offset, - __glibc_objsize0 (__buf)); - - if ( __nbytes > __glibc_objsize0 (__buf)) - return __pread_chk_warn (__fd, __buf, __nbytes, __offset, - __glibc_objsize0 (__buf)); - } - return __pread_alias (__fd, __buf, __nbytes, __offset); + return __glibc_fortify (pread, __nbytes, sizeof (char), + __glibc_objsize0 (__buf), + __fd, __buf, __nbytes, __offset); } # else __fortify_function __wur ssize_t pread (int __fd, void *__buf, size_t __nbytes, __off64_t __offset) { - if (__glibc_objsize0 (__buf) != (size_t) -1) - { - if (!__builtin_constant_p (__nbytes)) - return __pread64_chk (__fd, __buf, __nbytes, __offset, - __glibc_objsize0 (__buf)); - - if ( __nbytes > __glibc_objsize0 (__buf)) - return __pread64_chk_warn (__fd, __buf, __nbytes, __offset, - __glibc_objsize0 (__buf)); - } - - return __pread64_alias (__fd, __buf, __nbytes, __offset); + return __glibc_fortify (pread64, __nbytes, sizeof (char), + __glibc_objsize0 (__buf), + __fd, __buf, __nbytes, __offset); } # endif @@ -113,18 +89,9 @@ pread (int __fd, void *__buf, size_t __nbytes, __off64_t __offset) __fortify_function __wur ssize_t pread64 (int __fd, void *__buf, size_t __nbytes, __off64_t __offset) { - if (__glibc_objsize0 (__buf) != (size_t) -1) - { - if (!__builtin_constant_p (__nbytes)) - return __pread64_chk (__fd, __buf, __nbytes, __offset, - __glibc_objsize0 (__buf)); - - if ( __nbytes > __glibc_objsize0 (__buf)) - return __pread64_chk_warn (__fd, __buf, __nbytes, __offset, - __glibc_objsize0 (__buf)); - } - - return __pread64_alias (__fd, __buf, __nbytes, __offset); + return __glibc_fortify (pread64, __nbytes, sizeof (char), + __glibc_objsize0 (__buf), + __fd, __buf, __nbytes, __offset); } # endif #endif @@ -149,16 +116,9 @@ __fortify_function __nonnull ((1, 2)) __wur ssize_t __NTH (readlink (const char *__restrict __path, char *__restrict __buf, size_t __len)) { - if (__glibc_objsize (__buf) != (size_t) -1) - { - if (!__builtin_constant_p (__len)) - return __readlink_chk (__path, __buf, __len, __glibc_objsize (__buf)); - - if ( __len > __glibc_objsize (__buf)) - return __readlink_chk_warn (__path, __buf, __len, - __glibc_objsize (__buf)); - } - return __readlink_alias (__path, __buf, __len); + return __glibc_fortify (readlink, __len, sizeof (char), + __glibc_objsize (__buf), + __path, __buf, __len); } #endif @@ -184,17 +144,9 @@ __fortify_function __nonnull ((2, 3)) __wur ssize_t __NTH (readlinkat (int __fd, const char *__restrict __path, char *__restrict __buf, size_t __len)) { - if (__glibc_objsize (__buf) != (size_t) -1) - { - if (!__builtin_constant_p (__len)) - return __readlinkat_chk (__fd, __path, __buf, __len, - __glibc_objsize (__buf)); - - if (__len > __glibc_objsize (__buf)) - return __readlinkat_chk_warn (__fd, __path, __buf, __len, - __glibc_objsize (__buf)); - } - return __readlinkat_alias (__fd, __path, __buf, __len); + return __glibc_fortify (readlinkat, __len, sizeof (char), + __glibc_objsize (__buf), + __fd, __path, __buf, __len); } #endif @@ -211,15 +163,9 @@ extern char *__REDIRECT_NTH (__getcwd_chk_warn, __fortify_function __wur char * __NTH (getcwd (char *__buf, size_t __size)) { - if (__glibc_objsize (__buf) != (size_t) -1) - { - if (!__builtin_constant_p (__size)) - return __getcwd_chk (__buf, __size, __glibc_objsize (__buf)); - - if (__size > __glibc_objsize (__buf)) - return __getcwd_chk_warn (__buf, __size, __glibc_objsize (__buf)); - } - return __getcwd_alias (__buf, __size); + return __glibc_fortify (getcwd, __size, sizeof (char), + __glibc_objsize (__buf), + __buf, __size); } #if defined __USE_MISC || defined __USE_XOPEN_EXTENDED @@ -253,16 +199,9 @@ extern size_t __REDIRECT_NTH (__confstr_chk_warn, __fortify_function size_t __NTH (confstr (int __name, char *__buf, size_t __len)) { - if (__glibc_objsize (__buf) != (size_t) -1) - { - if (!__builtin_constant_p (__len)) - return __confstr_chk (__name, __buf, __len, __glibc_objsize (__buf)); - - if (__glibc_objsize (__buf) < __len) - return __confstr_chk_warn (__name, __buf, __len, - __glibc_objsize (__buf)); - } - return __confstr_alias (__name, __buf, __len); + return __glibc_fortify (confstr, __len, sizeof (char), + __glibc_objsize (__buf), + __name, __buf, __len); } @@ -279,15 +218,9 @@ extern int __REDIRECT_NTH (__getgroups_chk_warn, __fortify_function int __NTH (getgroups (int __size, __gid_t __list[])) { - if (__glibc_objsize (__list) != (size_t) -1) - { - if (!__builtin_constant_p (__size) || __size < 0) - return __getgroups_chk (__size, __list, __glibc_objsize (__list)); - - if (__size * sizeof (__gid_t) > __glibc_objsize (__list)) - return __getgroups_chk_warn (__size, __list, __glibc_objsize (__list)); - } - return __getgroups_alias (__size, __list); + return __glibc_fortify (getgroups, __size, sizeof (__gid_t), + __glibc_objsize (__list), + __size, __list); } @@ -306,17 +239,9 @@ extern int __REDIRECT_NTH (__ttyname_r_chk_warn, __fortify_function int __NTH (ttyname_r (int __fd, char *__buf, size_t __buflen)) { - if (__glibc_objsize (__buf) != (size_t) -1) - { - if (!__builtin_constant_p (__buflen)) - return __ttyname_r_chk (__fd, __buf, __buflen, - __glibc_objsize (__buf)); - - if (__buflen > __glibc_objsize (__buf)) - return __ttyname_r_chk_warn (__fd, __buf, __buflen, - __glibc_objsize (__buf)); - } - return __ttyname_r_alias (__fd, __buf, __buflen); + return __glibc_fortify (ttyname_r, __buflen, sizeof (char), + __glibc_objsize (__buf), + __fd, __buf, __buflen); } @@ -334,16 +259,9 @@ extern int __REDIRECT (__getlogin_r_chk_warn, __fortify_function int getlogin_r (char *__buf, size_t __buflen) { - if (__glibc_objsize (__buf) != (size_t) -1) - { - if (!__builtin_constant_p (__buflen)) - return __getlogin_r_chk (__buf, __buflen, __glibc_objsize (__buf)); - - if (__buflen > __glibc_objsize (__buf)) - return __getlogin_r_chk_warn (__buf, __buflen, - __glibc_objsize (__buf)); - } - return __getlogin_r_alias (__buf, __buflen); + return __glibc_fortify (getlogin_r, __buflen, sizeof (char), + __glibc_objsize (__buf), + __buf, __buflen); } #endif @@ -363,16 +281,9 @@ extern int __REDIRECT_NTH (__gethostname_chk_warn, __fortify_function int __NTH (gethostname (char *__buf, size_t __buflen)) { - if (__glibc_objsize (__buf) != (size_t) -1) - { - if (!__builtin_constant_p (__buflen)) - return __gethostname_chk (__buf, __buflen, __glibc_objsize (__buf)); - - if (__buflen > __glibc_objsize (__buf)) - return __gethostname_chk_warn (__buf, __buflen, - __glibc_objsize (__buf)); - } - return __gethostname_alias (__buf, __buflen); + return __glibc_fortify (gethostname, __buflen, sizeof (char), + __glibc_objsize (__buf), + __buf, __buflen); } #endif @@ -394,15 +305,8 @@ extern int __REDIRECT_NTH (__getdomainname_chk_warn, __fortify_function int __NTH (getdomainname (char *__buf, size_t __buflen)) { - if (__glibc_objsize (__buf) != (size_t) -1) - { - if (!__builtin_constant_p (__buflen)) - return __getdomainname_chk (__buf, __buflen, __glibc_objsize (__buf)); - - if (__buflen > __glibc_objsize (__buf)) - return __getdomainname_chk_warn (__buf, __buflen, - __glibc_objsize (__buf)); - } - return __getdomainname_alias (__buf, __buflen); + return __glibc_fortify (getdomainname, __buflen, sizeof (char), + __glibc_objsize (__buf), + __buf, __buflen); } #endif diff --git a/socket/bits/socket2.h b/socket/bits/socket2.h index 9c8ac69624..b28cde55f3 100644 --- a/socket/bits/socket2.h +++ b/socket/bits/socket2.h @@ -33,17 +33,12 @@ extern ssize_t __REDIRECT (__recv_chk_warn, __fortify_function ssize_t recv (int __fd, void *__buf, size_t __n, int __flags) { - if (__glibc_objsize0 (__buf) != (size_t) -1) - { - if (!__builtin_constant_p (__n)) - return __recv_chk (__fd, __buf, __n, __glibc_objsize0 (__buf), - __flags); - - if (__n > __glibc_objsize0 (__buf)) - return __recv_chk_warn (__fd, __buf, __n, __glibc_objsize0 (__buf), - __flags); - } - return __recv_alias (__fd, __buf, __n, __flags); + size_t sz = __glibc_objsize0 (__buf); + if (__glibc_safe_or_unknown_len (__n, sizeof (char), sz)) + return __recv_alias (__fd, __buf, __n, __flags); + if (__glibc_unsafe_len (__n, sizeof (char), sz)) + return __recv_chk_warn (__fd, __buf, __n, sz, __flags); + return __recv_chk (__fd, __buf, __n, sz, __flags); } extern ssize_t __recvfrom_chk (int __fd, void *__restrict __buf, size_t __n, @@ -66,14 +61,11 @@ __fortify_function ssize_t recvfrom (int __fd, void *__restrict __buf, size_t __n, int __flags, __SOCKADDR_ARG __addr, socklen_t *__restrict __addr_len) { - if (__glibc_objsize0 (__buf) != (size_t) -1) - { - if (!__builtin_constant_p (__n)) - return __recvfrom_chk (__fd, __buf, __n, __glibc_objsize0 (__buf), - __flags, __addr, __addr_len); - if (__n > __glibc_objsize0 (__buf)) - return __recvfrom_chk_warn (__fd, __buf, __n, __glibc_objsize0 (__buf), - __flags, __addr, __addr_len); - } - return __recvfrom_alias (__fd, __buf, __n, __flags, __addr, __addr_len); + size_t sz = __glibc_objsize0 (__buf); + if (__glibc_safe_or_unknown_len (__n, sizeof (char), sz)) + return __recvfrom_alias (__fd, __buf, __n, __flags, __addr, __addr_len); + if (__glibc_unsafe_len (__n, sizeof (char), sz)) + return __recvfrom_chk_warn (__fd, __buf, __n, sz, __flags, __addr, + __addr_len); + return __recvfrom_chk (__fd, __buf, __n, sz, __flags, __addr, __addr_len); } diff --git a/stdlib/bits/stdlib.h b/stdlib/bits/stdlib.h index eae31b38f0..067115eeca 100644 --- a/stdlib/bits/stdlib.h +++ b/stdlib/bits/stdlib.h @@ -36,17 +36,16 @@ extern char *__REDIRECT_NTH (__realpath_chk_warn, __fortify_function __wur char * __NTH (realpath (const char *__restrict __name, char *__restrict __resolved)) { - if (__glibc_objsize (__resolved) != (size_t) -1) - { + size_t sz = __glibc_objsize (__resolved); + + if (sz == (size_t) -1) + return __realpath_alias (__name, __resolved); + #if defined _LIBC_LIMITS_H_ && defined PATH_MAX - if (__glibc_objsize (__resolved) < PATH_MAX) - return __realpath_chk_warn (__name, __resolved, - __glibc_objsize (__resolved)); + if (__glibc_unsafe_len (sz, sizeof (char), PATH_MAX)) + return __realpath_chk_warn (__name, __resolved, sz); #endif - return __realpath_chk (__name, __resolved, __glibc_objsize (__resolved)); - } - - return __realpath_alias (__name, __resolved); + return __realpath_chk (__name, __resolved, sz); } @@ -65,16 +64,9 @@ extern int __REDIRECT_NTH (__ptsname_r_chk_warn, __fortify_function int __NTH (ptsname_r (int __fd, char *__buf, size_t __buflen)) { - if (__glibc_objsize (__buf) != (size_t) -1) - { - if (!__builtin_constant_p (__buflen)) - return __ptsname_r_chk (__fd, __buf, __buflen, - __glibc_objsize (__buf)); - if (__buflen > __glibc_objsize (__buf)) - return __ptsname_r_chk_warn (__fd, __buf, __buflen, - __glibc_objsize (__buf)); - } - return __ptsname_r_alias (__fd, __buf, __buflen); + return __glibc_fortify (ptsname_r, __buflen, sizeof (char), + __glibc_objsize (__buf), + __fd, __buf, __buflen); } @@ -120,18 +112,9 @@ __fortify_function size_t __NTH (mbstowcs (wchar_t *__restrict __dst, const char *__restrict __src, size_t __len)) { - if (__glibc_objsize (__dst) != (size_t) -1) - { - if (!__builtin_constant_p (__len)) - return __mbstowcs_chk (__dst, __src, __len, - __glibc_objsize (__dst) / sizeof (wchar_t)); - - if (__len > __glibc_objsize (__dst) / sizeof (wchar_t)) - return __mbstowcs_chk_warn (__dst, __src, __len, - (__glibc_objsize (__dst) - / sizeof (wchar_t))); - } - return __mbstowcs_alias (__dst, __src, __len); + return __glibc_fortify_n (mbstowcs, __len, sizeof (wchar_t), + __glibc_objsize (__dst), + __dst, __src, __len); } @@ -154,13 +137,7 @@ __fortify_function size_t __NTH (wcstombs (char *__restrict __dst, const wchar_t *__restrict __src, size_t __len)) { - if (__glibc_objsize (__dst) != (size_t) -1) - { - if (!__builtin_constant_p (__len)) - return __wcstombs_chk (__dst, __src, __len, __glibc_objsize (__dst)); - if (__len > __glibc_objsize (__dst)) - return __wcstombs_chk_warn (__dst, __src, __len, - __glibc_objsize (__dst)); - } - return __wcstombs_alias (__dst, __src, __len); + return __glibc_fortify (wcstombs, __len, sizeof (char), + __glibc_objsize (__dst), + __dst, __src, __len); } diff --git a/wcsmbs/bits/wchar2.h b/wcsmbs/bits/wchar2.h index ea2518dc72..26012ef936 100644 --- a/wcsmbs/bits/wchar2.h +++ b/wcsmbs/bits/wchar2.h @@ -39,17 +39,9 @@ __fortify_function wchar_t * __NTH (wmemcpy (wchar_t *__restrict __s1, const wchar_t *__restrict __s2, size_t __n)) { - if (__glibc_objsize0 (__s1) != (size_t) -1) - { - if (!__builtin_constant_p (__n)) - return __wmemcpy_chk (__s1, __s2, __n, - __glibc_objsize0 (__s1) / sizeof (wchar_t)); - - if (__n > __glibc_objsize0 (__s1) / sizeof (wchar_t)) - return __wmemcpy_chk_warn (__s1, __s2, __n, - __glibc_objsize0 (__s1) / sizeof (wchar_t)); - } - return __wmemcpy_alias (__s1, __s2, __n); + return __glibc_fortify_n (wmemcpy, __n, sizeof (wchar_t), + __glibc_objsize0 (__s1), + __s1, __s2, __n); } @@ -67,18 +59,9 @@ extern wchar_t *__REDIRECT_NTH (__wmemmove_chk_warn, __fortify_function wchar_t * __NTH (wmemmove (wchar_t *__s1, const wchar_t *__s2, size_t __n)) { - if (__glibc_objsize0 (__s1) != (size_t) -1) - { - if (!__builtin_constant_p (__n)) - return __wmemmove_chk (__s1, __s2, __n, - __glibc_objsize0 (__s1) / sizeof (wchar_t)); - - if (__n > __glibc_objsize0 (__s1) / sizeof (wchar_t)) - return __wmemmove_chk_warn (__s1, __s2, __n, - (__glibc_objsize0 (__s1) - / sizeof (wchar_t))); - } - return __wmemmove_alias (__s1, __s2, __n); + return __glibc_fortify_n (wmemmove, __n, sizeof (wchar_t), + __glibc_objsize0 (__s1), + __s1, __s2, __n); } @@ -101,18 +84,9 @@ __fortify_function wchar_t * __NTH (wmempcpy (wchar_t *__restrict __s1, const wchar_t *__restrict __s2, size_t __n)) { - if (__glibc_objsize0 (__s1) != (size_t) -1) - { - if (!__builtin_constant_p (__n)) - return __wmempcpy_chk (__s1, __s2, __n, - __glibc_objsize0 (__s1) / sizeof (wchar_t)); - - if (__n > __glibc_objsize0 (__s1) / sizeof (wchar_t)) - return __wmempcpy_chk_warn (__s1, __s2, __n, - (__glibc_objsize0 (__s1) - / sizeof (wchar_t))); - } - return __wmempcpy_alias (__s1, __s2, __n); + return __glibc_fortify_n (wmempcpy, __n, sizeof (wchar_t), + __glibc_objsize0 (__s1), + __s1, __s2, __n); } #endif @@ -130,17 +104,9 @@ extern wchar_t *__REDIRECT_NTH (__wmemset_chk_warn, __fortify_function wchar_t * __NTH (wmemset (wchar_t *__s, wchar_t __c, size_t __n)) { - if (__glibc_objsize0 (__s) != (size_t) -1) - { - if (!__builtin_constant_p (__n)) - return __wmemset_chk (__s, __c, __n, - __glibc_objsize0 (__s) / sizeof (wchar_t)); - - if (__n > __glibc_objsize0 (__s) / sizeof (wchar_t)) - return __wmemset_chk_warn (__s, __c, __n, - __glibc_objsize0 (__s) / sizeof (wchar_t)); - } - return __wmemset_alias (__s, __c, __n); + return __glibc_fortify_n (wmemset, __n, sizeof (wchar_t), + __glibc_objsize0 (__s), + __s, __c, __n); } @@ -154,9 +120,9 @@ extern wchar_t *__REDIRECT_NTH (__wcscpy_alias, __fortify_function wchar_t * __NTH (wcscpy (wchar_t *__restrict __dest, const wchar_t *__restrict __src)) { - if (__glibc_objsize (__dest) != (size_t) -1) - return __wcscpy_chk (__dest, __src, - __glibc_objsize (__dest) / sizeof (wchar_t)); + size_t sz = __glibc_objsize (__dest); + if (sz != (size_t) -1) + return __wcscpy_chk (__dest, __src, sz / sizeof (wchar_t)); return __wcscpy_alias (__dest, __src); } @@ -171,9 +137,9 @@ extern wchar_t *__REDIRECT_NTH (__wcpcpy_alias, __fortify_function wchar_t * __NTH (wcpcpy (wchar_t *__restrict __dest, const wchar_t *__restrict __src)) { - if (__glibc_objsize (__dest) != (size_t) -1) - return __wcpcpy_chk (__dest, __src, - __glibc_objsize (__dest) / sizeof (wchar_t)); + size_t sz = __glibc_objsize (__dest); + if (sz != (size_t) -1) + return __wcpcpy_chk (__dest, __src, sz / sizeof (wchar_t)); return __wcpcpy_alias (__dest, __src); } @@ -196,17 +162,9 @@ __fortify_function wchar_t * __NTH (wcsncpy (wchar_t *__restrict __dest, const wchar_t *__restrict __src, size_t __n)) { - if (__glibc_objsize (__dest) != (size_t) -1) - { - if (!__builtin_constant_p (__n)) - return __wcsncpy_chk (__dest, __src, __n, - __glibc_objsize (__dest) / sizeof (wchar_t)); - if (__n > __glibc_objsize (__dest) / sizeof (wchar_t)) - return __wcsncpy_chk_warn (__dest, __src, __n, - (__glibc_objsize (__dest) - / sizeof (wchar_t))); - } - return __wcsncpy_alias (__dest, __src, __n); + return __glibc_fortify_n (wcsncpy, __n, sizeof (wchar_t), + __glibc_objsize (__dest), + __dest, __src, __n); } @@ -228,17 +186,9 @@ __fortify_function wchar_t * __NTH (wcpncpy (wchar_t *__restrict __dest, const wchar_t *__restrict __src, size_t __n)) { - if (__glibc_objsize (__dest) != (size_t) -1) - { - if (!__builtin_constant_p (__n)) - return __wcpncpy_chk (__dest, __src, __n, - __glibc_objsize (__dest) / sizeof (wchar_t)); - if (__n > __glibc_objsize (__dest) / sizeof (wchar_t)) - return __wcpncpy_chk_warn (__dest, __src, __n, - (__glibc_objsize (__dest) - / sizeof (wchar_t))); - } - return __wcpncpy_alias (__dest, __src, __n); + return __glibc_fortify_n (wcpncpy, __n, sizeof (wchar_t), + __glibc_objsize (__dest), + __dest, __src, __n); } @@ -252,9 +202,9 @@ extern wchar_t *__REDIRECT_NTH (__wcscat_alias, __fortify_function wchar_t * __NTH (wcscat (wchar_t *__restrict __dest, const wchar_t *__restrict __src)) { - if (__glibc_objsize (__dest) != (size_t) -1) - return __wcscat_chk (__dest, __src, - __glibc_objsize (__dest) / sizeof (wchar_t)); + size_t sz = __glibc_objsize (__dest); + if (sz != (size_t) -1) + return __wcscat_chk (__dest, __src, sz / sizeof (wchar_t)); return __wcscat_alias (__dest, __src); } @@ -271,9 +221,9 @@ __fortify_function wchar_t * __NTH (wcsncat (wchar_t *__restrict __dest, const wchar_t *__restrict __src, size_t __n)) { - if (__glibc_objsize (__dest) != (size_t) -1) - return __wcsncat_chk (__dest, __src, __n, - __glibc_objsize (__dest) / sizeof (wchar_t)); + size_t sz = __glibc_objsize (__dest); + if (sz != (size_t) -1) + return __wcsncat_chk (__dest, __src, __n, sz / sizeof (wchar_t)); return __wcsncat_alias (__dest, __src, __n); } @@ -293,10 +243,10 @@ __fortify_function int __NTH (swprintf (wchar_t *__restrict __s, size_t __n, const wchar_t *__restrict __fmt, ...)) { - if (__glibc_objsize (__s) != (size_t) -1 || __USE_FORTIFY_LEVEL > 1) + size_t sz = __glibc_objsize (__s); + if (sz != (size_t) -1 || __USE_FORTIFY_LEVEL > 1) return __swprintf_chk (__s, __n, __USE_FORTIFY_LEVEL - 1, - __glibc_objsize (__s) / sizeof (wchar_t), - __fmt, __va_arg_pack ()); + sz / sizeof (wchar_t), __fmt, __va_arg_pack ()); return __swprintf_alias (__s, __n, __fmt, __va_arg_pack ()); } #elif !defined __cplusplus @@ -323,10 +273,10 @@ __fortify_function int __NTH (vswprintf (wchar_t *__restrict __s, size_t __n, const wchar_t *__restrict __fmt, __gnuc_va_list __ap)) { - if (__glibc_objsize (__s) != (size_t) -1 || __USE_FORTIFY_LEVEL > 1) + size_t sz = __glibc_objsize (__s); + if (sz != (size_t) -1 || __USE_FORTIFY_LEVEL > 1) return __vswprintf_chk (__s, __n, __USE_FORTIFY_LEVEL - 1, - __glibc_objsize (__s) / sizeof (wchar_t), __fmt, - __ap); + sz / sizeof (wchar_t), __fmt, __ap); return __vswprintf_alias (__s, __n, __fmt, __ap); } @@ -392,18 +342,12 @@ extern wchar_t *__REDIRECT (__fgetws_chk_warn, __fortify_function __wur wchar_t * fgetws (wchar_t *__restrict __s, int __n, __FILE *__restrict __stream) { - if (__glibc_objsize (__s) != (size_t) -1) - { - if (!__builtin_constant_p (__n) || __n <= 0) - return __fgetws_chk (__s, __glibc_objsize (__s) / sizeof (wchar_t), - __n, __stream); - - if ((size_t) __n > __glibc_objsize (__s) / sizeof (wchar_t)) - return __fgetws_chk_warn (__s, - __glibc_objsize (__s) / sizeof (wchar_t), - __n, __stream); - } - return __fgetws_alias (__s, __n, __stream); + size_t sz = __glibc_objsize (__s); + if (__glibc_safe_or_unknown_len (__n, sizeof (wchar_t), sz)) + return __fgetws_alias (__s, __n, __stream); + if (__glibc_unsafe_len (__n, sizeof (wchar_t), sz)) + return __fgetws_chk_warn (__s, sz / sizeof (wchar_t), __n, __stream); + return __fgetws_chk (__s, sz / sizeof (wchar_t), __n, __stream); } #ifdef __USE_GNU @@ -424,20 +368,13 @@ extern wchar_t *__REDIRECT (__fgetws_unlocked_chk_warn, __fortify_function __wur wchar_t * fgetws_unlocked (wchar_t *__restrict __s, int __n, __FILE *__restrict __stream) { - if (__glibc_objsize (__s) != (size_t) -1) - { - if (!__builtin_constant_p (__n) || __n <= 0) - return __fgetws_unlocked_chk (__s, - __glibc_objsize (__s) / sizeof (wchar_t), - __n, __stream); - - if ((size_t) __n > __glibc_objsize (__s) / sizeof (wchar_t)) - return __fgetws_unlocked_chk_warn (__s, - (__glibc_objsize (__s) - / sizeof (wchar_t)), - __n, __stream); - } - return __fgetws_unlocked_alias (__s, __n, __stream); + size_t sz = __glibc_objsize (__s); + if (__glibc_safe_or_unknown_len (__n, sizeof (wchar_t), sz)) + return __fgetws_unlocked_alias (__s, __n, __stream); + if (__glibc_unsafe_len (__n, sizeof (wchar_t), sz)) + return __fgetws_unlocked_chk_warn (__s, sz / sizeof (wchar_t), __n, + __stream); + return __fgetws_unlocked_chk (__s, sz / sizeof (wchar_t), __n, __stream); } #endif @@ -488,18 +425,9 @@ __fortify_function size_t __NTH (mbsrtowcs (wchar_t *__restrict __dst, const char **__restrict __src, size_t __len, mbstate_t *__restrict __ps)) { - if (__glibc_objsize (__dst) != (size_t) -1) - { - if (!__builtin_constant_p (__len)) - return __mbsrtowcs_chk (__dst, __src, __len, __ps, - __glibc_objsize (__dst) / sizeof (wchar_t)); - - if (__len > __glibc_objsize (__dst) / sizeof (wchar_t)) - return __mbsrtowcs_chk_warn (__dst, __src, __len, __ps, - (__glibc_objsize (__dst) - / sizeof (wchar_t))); - } - return __mbsrtowcs_alias (__dst, __src, __len, __ps); + return __glibc_fortify_n (mbsrtowcs, __len, sizeof (wchar_t), + __glibc_objsize (__dst), + __dst, __src, __len, __ps); } @@ -523,17 +451,9 @@ __fortify_function size_t __NTH (wcsrtombs (char *__restrict __dst, const wchar_t **__restrict __src, size_t __len, mbstate_t *__restrict __ps)) { - if (__glibc_objsize (__dst) != (size_t) -1) - { - if (!__builtin_constant_p (__len)) - return __wcsrtombs_chk (__dst, __src, __len, __ps, - __glibc_objsize (__dst)); - - if (__len > __glibc_objsize (__dst)) - return __wcsrtombs_chk_warn (__dst, __src, __len, __ps, - __glibc_objsize (__dst)); - } - return __wcsrtombs_alias (__dst, __src, __len, __ps); + return __glibc_fortify (wcsrtombs, __len, sizeof (char), + __glibc_objsize (__dst), + __dst, __src, __len, __ps); } @@ -559,18 +479,9 @@ __fortify_function size_t __NTH (mbsnrtowcs (wchar_t *__restrict __dst, const char **__restrict __src, size_t __nmc, size_t __len, mbstate_t *__restrict __ps)) { - if (__glibc_objsize (__dst) != (size_t) -1) - { - if (!__builtin_constant_p (__len)) - return __mbsnrtowcs_chk (__dst, __src, __nmc, __len, __ps, - __glibc_objsize (__dst) / sizeof (wchar_t)); - - if (__len > __glibc_objsize (__dst) / sizeof (wchar_t)) - return __mbsnrtowcs_chk_warn (__dst, __src, __nmc, __len, __ps, - (__glibc_objsize (__dst) - / sizeof (wchar_t))); - } - return __mbsnrtowcs_alias (__dst, __src, __nmc, __len, __ps); + return __glibc_fortify_n (mbsnrtowcs, __len, sizeof (wchar_t), + __glibc_objsize (__dst), + __dst, __src, __nmc, __len, __ps); } @@ -596,16 +507,8 @@ __fortify_function size_t __NTH (wcsnrtombs (char *__restrict __dst, const wchar_t **__restrict __src, size_t __nwc, size_t __len, mbstate_t *__restrict __ps)) { - if (__glibc_objsize (__dst) != (size_t) -1) - { - if (!__builtin_constant_p (__len)) - return __wcsnrtombs_chk (__dst, __src, __nwc, __len, __ps, - __glibc_objsize (__dst)); - - if (__len > __glibc_objsize (__dst)) - return __wcsnrtombs_chk_warn (__dst, __src, __nwc, __len, __ps, - __glibc_objsize (__dst)); - } - return __wcsnrtombs_alias (__dst, __src, __nwc, __len, __ps); + return __glibc_fortify (wcsnrtombs, __len, sizeof (char), + __glibc_objsize (__dst), + __dst, __src, __nwc, __len, __ps); } #endif |