| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
| |
It improve fortify checks for realpath, ptsname_r, wctomb, mbstowcs,
and wcstombs. The runtime and compile checks have similar coverage as
with GCC.
Checked on aarch64, armhf, x86_64, and i686.
Tested-by: Carlos O'Donell <carlos@redhat.com>
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
commit 464d189b9622932a75302290625de84931656ec0 (origin/master, origin/HEAD)
Author: Noah Goldstein <goldstein.w.n@gmail.com>
Date: Wed Jun 22 08:24:21 2022 -0700
stdlib: Remove attr_write from mbstows if dst is NULL [BZ: 29265]
Incorrectly called `__mbstowcs_chk` in the NULL __dst case which is
incorrect as in the NULL __dst case we are explicitly skipping
the objsize checks.
As well, remove the `__always_inline` attribute which exists in
`__fortify_function`.
Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
|
| |
|
|
|
|
|
|
| |
mbstows is defined if dst is NULL and is defined to special cased if
dst is NULL so the fortify objsize check if incorrect in that case.
Tested on x86-64 linux.
Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
I used these shell commands:
../glibc/scripts/update-copyrights $PWD/../gnulib/build-aux/update-copyright
(cd ../glibc && git commit -am"[this commit message]")
and then ignored the output, which consisted lines saying "FOO: warning:
copyright statement not found" for each of 7061 files FOO.
I then removed trailing white space from math/tgmath.h,
support/tst-support-open-dev-null-range.c, and
sysdeps/x86_64/multiarch/strlen-vec.S, to work around the following
obscure pre-commit check failure diagnostics from Savannah. I don't
know why I run into these diagnostics whereas others evidently do not.
remote: *** 912-#endif
remote: *** 913:
remote: *** 914-
remote: *** error: lines with trailing whitespace found
...
remote: *** error: sysdeps/unix/sysv/linux/statx_cp.c: trailing lines
|
| |
|
|
|
|
|
|
|
| |
The length and object size arguments were swapped around for realpath.
Also add a smoke test so that any changes in this area get caught in
future.
Signed-off-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In _FORTIFY_SOURCE=3, the size expression may be non-constant,
resulting in branches in the inline functions remaining intact and
causing a tiny overhead. Clang (and in future, gcc) make sure that
the -1 case is always safe, i.e. any comparison of the generated
expression with (size_t)-1 is always false so that bit is taken care
of. The rest is avoidable since we want the _chk variant whenever we
have a size expression and it's not -1.
Rework the conditionals in a uniform way to clearly indicate two
conditions at compile time:
- Either the size is unknown (-1) or we know at compile time that the
operation length is less than the object size. We can call the
original function in this case. It could be that either the length,
object size or both are non-constant, but the compiler, through
range analysis, is able to fold the *comparison* to a constant.
- The size and length are known and the compiler can see at compile
time that operation length > object size. This is valid grounds for
a warning at compile time, followed by emitting the _chk variant.
For everything else, emit the _chk variant.
This simplifies most of the fortified function implementations and at
the same time, ensures that only one call from _chk or the regular
function is emitted.
Signed-off-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
I used these shell commands:
../glibc/scripts/update-copyrights $PWD/../gnulib/build-aux/update-copyright
(cd ../glibc && git commit -am"[this commit message]")
and then ignored the output, which consisted lines saying "FOO: warning:
copyright statement not found" for each of 6694 files FOO.
I then removed trailing white space from benchtests/bench-pthread-locks.c
and iconvdata/tst-iconv-big5-hkscs-to-2ucs4.c, to work around this
diagnostic from Savannah:
remote: *** pre-commit check failed ...
remote: *** error: lines with trailing whitespace found
remote: error: hook declined to update refs/heads/master
|
| |
|
|
|
| |
Use __builtin_dynamic_object_size in the remaining functions that
don't have compiler builtins as is the case for string functions.
|
| |
|
|
|
|
|
|
| |
Adds the access attribute newly introduced in GCC 10 to the subset of
function declarations that are already covered by _FORTIFY_SOURCE and
that don't have corresponding GCC built-in equivalents.
Reviewed-by: DJ Delorie <dj@redhat.com>
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Also, change sources.redhat.com to sourceware.org.
This patch was automatically generated by running the following shell
script, which uses GNU sed, and which avoids modifying files imported
from upstream:
sed -ri '
s,(http|ftp)(://(.*\.)?(gnu|fsf|sourceware)\.org($|[^.]|\.[^a-z])),https\2,g
s,(http|ftp)(://(.*\.)?)sources\.redhat\.com($|[^.]|\.[^a-z]),https\2sourceware.org\4,g
' \
$(find $(git ls-files) -prune -type f \
! -name '*.po' \
! -name 'ChangeLog*' \
! -path COPYING ! -path COPYING.LIB \
! -path manual/fdl-1.3.texi ! -path manual/lgpl-2.1.texi \
! -path manual/texinfo.tex ! -path scripts/config.guess \
! -path scripts/config.sub ! -path scripts/install-sh \
! -path scripts/mkinstalldirs ! -path scripts/move-if-change \
! -path INSTALL ! -path locale/programs/charmap-kw.h \
! -path po/libc.pot ! -path sysdeps/gnu/errlist.c \
! '(' -name configure \
-execdir test -f configure.ac -o -f configure.in ';' ')' \
! '(' -name preconfigure \
-execdir test -f preconfigure.ac ';' ')' \
-print)
and then by running 'make dist-prepare' to regenerate files built
from the altered files, and then executing the following to cleanup:
chmod a+x sysdeps/unix/sysv/linux/riscv/configure
# Omit irrelevant whitespace and comment-only changes,
# perhaps from a slightly-different Autoconf version.
git checkout -f \
sysdeps/csky/configure \
sysdeps/hppa/configure \
sysdeps/riscv/configure \
sysdeps/unix/sysv/linux/csky/configure
# Omit changes that caused a pre-commit check to fail like this:
# remote: *** error: sysdeps/powerpc/powerpc64/ppc-mcount.S: trailing lines
git checkout -f \
sysdeps/powerpc/powerpc64/ppc-mcount.S \
sysdeps/unix/sysv/linux/s390/s390-64/syscall.S
# Omit change that caused a pre-commit check to fail like this:
# remote: *** error: sysdeps/sparc/sparc64/multiarch/memcpy-ultra3.S: last line does not end in newline
git checkout -f sysdeps/sparc/sparc64/multiarch/memcpy-ultra3.S
|
| |
|
|
|
|
|
| |
* All files with FSF copyright notices: Update copyright dates
using scripts/update-copyrights.
* locale/programs/charmap-kw.h: Regenerated.
* locale/programs/locfile-kw.h: Likewise.
|
| |
|
|
|
|
|
| |
* All files with FSF copyright notices: Update copyright dates
using scripts/update-copyrights.
* locale/programs/charmap-kw.h: Regenerated.
* locale/programs/locfile-kw.h: Likewise.
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
No more __const.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
with __warning__/__error__ attributes.
(__warnattr): Define.
* stdlib/bits/stdlib.h (__realpath_chk_warn, __ptsname_r_chk_warn,
__mbstowcs_chk_warn, __wcstombs_chk_warn): New aliases with
__warnattr.
(realpath, ptsname_r, mbstowcs, wcstombs): Call __*_chk_warn instead
of __*_chk if compile time detectable overflow is found.
* libio/bits/stdio2.h (__fgets_chk_warn, __fread_chk_warn,
__fgets_unlocked_chk_warn, __fread_unlocked_chk_warn): New aliases
with __warnattr.
(fgets, fread, fgets_unlocked, fread_unlocked): Call __*_chk_warn
instead of __*_chk if compile time detectable overflow is found.
(__gets_alias): Rename to...
(__gets_warn): ... this. Add __warnattr.
(gets): Call __gets_warn instead of __gets_alias.
* socket/bits/socket2.h (__recv_chk_warn, __recvfrom_chk_warn): New
aliases with __warnattr.
(recv, recvfrom): Call __*_chk_warn instead of __*_chk if compile
time detectable overflow is found.
* posix/bits/unistd.h (__read_chk_warn, __pread_chk_warn,
__pread64_chk_warn, __readlink_chk_warn, __readlinkat_chk_warn,
__getcwd_chk_warn, __confstr_chk_warn, __getgroups_chk_warn,
__ttyname_r_chk_warn, __getlogin_r_chk_warn, __gethostname_chk_warn,
__getdomainname_chk_warn): New aliases with __warnattr.
(read, pread, pread64, readlink, readlinkat, getcwd, confstr,
getgroups, ttyname_r, getlogin_r, gethostname, getdomainname): Call
__*_chk_warn instead of __*_chk if compile time detectable overflow
is found.
(__getgroups_chk): Rename argument to __listlen from listlen.
(__getwd_alias): Rename to...
(__getwd_warn): ... this. Add __warnattr.
(getwd): Call __getwd_warn instead of __getwd_alias.
* wcsmbs/bits/wchar2.h (__wmemcpy_chk_warn, __wmemmove_chk_warn,
__wmempcpy_chk_warn, __wmemset_chk_warn, __wcsncpy_chk_warn,
__wcpncpy_chk_warn, __fgetws_chk_warn, __fgetws_unlocked_chk_warn,
__mbsrtowcs_chk_warn, __wcsrtombs_chk_warn, __mbsnrtowcs_chk_warn,
__wcsnrtombs_chk_warn): New aliases with __warnattr.
(wmemcpy, wmemmove, wmempcpy, wmemset, mbsrtowcs, wcsrtombs,
mbsnrtowcs, wcsnrtombs): Call __*_chk_warn instead of __*_chk if
compile time detectable overflow is found.
(wcsncpy, wcpncpy): Likewise. For constant __n fix check whether
to use __*_chk or not.
(fgetws, fgetws_unlocked): Divide __bos by sizeof (wchar_t), both
in comparisons which function should be called and in __*_chk*
arguments. Call __*_chk_warn instead of __*_chk if compile time
detectable overflow is found.
(swprintf, vswprintf): Divide __bos by sizeof (wchar_t) in
__*_chk argument.
* debug/tst-chk1.c (do_test): Add a few more tests.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* config.make.in (gnu89-inline-CFLAGS): New variable.
* Makeconfig (CFLAGS): Use $(gnu89-inline-CFLAGS) together with
-std=gnu99.
* misc/sys/cdefs.h (__extern_inline, __extern_always_inline): Define.
* argp/argp.h: Use it.
* bits/mathinline.h: Likewise.
* bits/sigset.h: Likewise.
* bits/string.h: Likewise.
* ctype/ctype.h: Likewise.
* hurd/hurd.h: Likewise.
* hurd/hurd/fd.h: Likewise.
* hurd/hurd/port.h: Likewise.
* hurd/hurd/signal.h: Likewise.
* hurd/hurd/threadvar.h: Likewise.
* hurd/hurd/userlink.h: Likewise.
* io/sys/stat.h: Likewise.
* libio/bits/stdio.h: Likewise.
* libio/bits/stdio2.h: Likewise.
* mach/lock-intern.h: Likewise.
* mach/mach/mig_support.h: Likewise.
* math/bits/cmathcalls.h: Likewise.
* posix/bits/unistd.h: Likewise.
* socket/bits/socket2.h: Likewise.
* stdlib/bits/stdlib.h: Likewise.
* stdlib/stdlib.h: Likewise.
* string/argz.h: Likewise.
* string/bits/string2.h: Likewise.
* string/bits/string3.h: Likewise.
* sysdeps/alpha/fpu/bits/mathinline.h: Likewise.
* sysdeps/generic/inttypes.h: Likewise.
* sysdeps/generic/machine-lock.h: Likewise.
* sysdeps/generic/machine-sp.h: Likewise.
* sysdeps/i386/fpu/bits/mathinline.h: Likewise.
* sysdeps/i386/i486/bits/string.h: Likewise.
* sysdeps/ia64/fpu/bits/mathinline.h: Likewise.
* sysdeps/mach/alpha/machine-lock.h: Likewise.
* sysdeps/mach/alpha/machine-sp.h: Likewise.
* sysdeps/mach/i386/machine-lock.h: Likewise.
* sysdeps/mach/powerpc/machine-lock.h: Likewise.
* sysdeps/mach/powerpc/machine-sp.h: Likewise.
* sysdeps/powerpc/fpu/bits/mathinline.h: Likewise.
* sysdeps/s390/bits/string.h: Likewise.
* sysdeps/s390/fpu/bits/mathinline.h: Likewise.
* sysdeps/sparc/fpu/bits/mathinline.h: Likewise.
* sysdeps/unix/bsd/bsd4.4/bits/socket.h: Likewise.
* sysdeps/unix/sysv/linux/bits/sigset.h: Likewise.
* sysdeps/unix/sysv/linux/bits/socket.h: Likewise.
* sysdeps/unix/sysv/linux/sys/sysmacros.h: Likewise.
* sysdeps/x86_64/fpu/bits/mathinline.h: Likewise.
* wcsmbs/bits/wchar2.h: Likewise.
* wcsmbs/wchar.h: Likewise.
* stdlib/gmp.h: Likewise. Include <features.h> to get
__extern_inline definition.
* locale/programs/ld-ctype.c (find_translit): Return NULL if ctype is
NULL.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
sizeof (wchar_t) rather than multiplying __len by sizeof (wchar_t).
Pass __bos (__dst) / sizeof (wchar_t) to the *_chk routine.
* wcsmbs/bits/wchar2.h (mbsrtowcs, mbsnrtowcs): Likewise.
* debug/mbsnrtowcs_chk.c (__mbsnrtowcs_chk): Don't multiply
len by sizeof (wchar_t).
* debug/mbsrtowcs_chk.c (__mbsrtowcs_chk): Likewise.
* debug/mbstowcs_chk.c (__mbstowcs_chk): Likewise.
Fix type of SRC argument. Pass &SRC rather than SRC to
__mbsrtowcs.
* debug/wcstombs_chk.c (__wcstombs_chk): Pass &SRC rather than SRC
to __wcsrtombs.
* debug/tst-chk1.c: Include assert.h.
(do_test): Change enough array from VLA into a fixed size array.
Assert that MB_CUR_MAX is <= sizeof (enough). Use FAIL () macro
instead of print error details. Add several new tests.
Kill some unused variable warnings.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
getdomainname): Add __NTH.
* stdlib/bits/stdlib.h (ptsname_r, wctomb, mbstowcs, wcstombs):
Likewise.
(realpath): Likewise. Use __const instead of const. Add __restrict
keywords.
* socket/bits/socket2.h (recvfrom): Add __restrict keyword to __buf.
* wcsmbs/bits/wchar2.h (wmemcpy, wmemmove, wmempcpy, wmemset,
wcscpy, wcpcpy, wcsncpy, wcpncpy, wcscat, wcsncat, vswprintf, wcrtomb,
mbsrtowcs, wcsrtombs, mbsnrtowcs, wcsnrtombs): Add __NTH.
* string/bits/string3.h (__memset_ichk): Likewise.
(__memcpy_ichk, __memmove_ichk, __mempcpy_ichk, __strcpy_ichk,
__stpcpy_ichk, __strncpy_ichk, stpncpy, __strcat_ichk,
__strncat_ichk): Likewise. Use __const instead of const.
(__stpncpy_chk): Use __const instead of const.
(__stpncpy_alias): Use __REDIRECT_NTH instead of __REDIRECT.
2005-08-08 Ulrich Drepper <drepper@redhat.com>
Jakub Jelinek <jakub@redhat.com>
* nscd/mem.c (BLOCK_ALIGN_LOG, BLOCK_ALIGN, BLOCK_ALIGN_M1): Move
definitions to...
* nscd/nscd.h (BLOCK_ALIGN_LOG, BLOCK_ALIGN, BLOCK_ALIGN_M1): ...here.
* nscd/connections.c (usekey): New enum.
(check_use, verify_persistent_db): New functions.
(nscd_init): If persistent database is corrupted, unlink it and
recreate rather than falling back to non-persistent database.
Call verify_persistent_db. Avoid overflows in total computation.
2005-08-08 Ulrich Drepper <drepper@redhat.com>
* iconvdata/utf-16.c (PREPARE_LOOP): Minor cleanups to make code
better readable. Avoid passing var to loop function, it's not
necessary at all.
|
| |
|
|
|
|
|
|
|
|
|
| |
* debug/wcstombs_chk.c: New file.
* debug/Makefile (routines): Add mbstowcs_chk and wcstombs_chk.
* debug/Versions: Add __mbstowcs_chk and __wcstombs_chk.
* stdlib/bits/stdlib.h: Add definitions for mbstowcs and wcstombs.
* wcsmbs/bits/wchar2.h (mbsrtowcs): Pretty printing.
* string/test-memset.c (test_main): Use negative byte value in
|
| | |
|
| |
|
|
| |
* wcsmbs/bits/wchar2.h: Likewise.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* stdlib/stdlib.h: Include <bits/stdlib.h> if fortification is
requested.
* Makefile (headers): Add bits/stdlib.h.
* include/bits/stdlib.h: New file.
* debug/Depend: New file.
* debug/ptsname_r_chk.c: New file.
* debug/realpath_chk.c: New file.
* debug/wctomb_chk.c: New file.
* debug/Makefile (routines): Add ptsname_r_chk, realpath_chk, and
wctomb_chk.
* debug/Versions: Export __ptsname_r_chk, __realpath_chk, and
__wctomb_chk.
* debug/tst-chk1.c: Add tests for __ptsname_r_chk, __realpath_chk, and
__wctomb_chk.
|
| | |
|
| |
|
