From patchwork Thu Dec 21 18:59:23 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Adhemerval Zanella X-Patchwork-Id: 757037 Delivered-To: patch@linaro.org Received: by 2002:a5d:67c6:0:b0:336:6142:bf13 with SMTP id n6csp1055025wrw; Thu, 21 Dec 2023 11:01:39 -0800 (PST) X-Google-Smtp-Source: AGHT+IGVCbU4zVw8v9rvwypsuKh0M0wpoSI1f4mgX1QUx+4u3znKFulyguJD96s8EP83JFOx0GW5 X-Received: by 2002:a05:6808:2dcc:b0:3ba:144b:ae20 with SMTP id gn12-20020a0568082dcc00b003ba144bae20mr171862oib.118.1703185299511; Thu, 21 Dec 2023 11:01:39 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1703185299; cv=pass; d=google.com; s=arc-20160816; b=VEYdw7TpqBdhd187Kmrlo0NUvlEMp1DaMP13NrvNt9eDt7kwCjUGVqeLQBmj/tBq5V qqqH172kmWK7qZrbmBK9HyjnnobX1Vm/XXuhjXR3Gsjb7RtnKtqh+6t4fMqsxHKIemMr ogidSM6zIQlsKMLKxW2cq9pwy46UV9NgVkZtngT8gUnEipmOYzit8dGEfS5oASL7ESir 7F/3tkp+5jo8DJhqMFlilXlgDhwAAZsTmfGgKU/IhxpolZ7VyGG+MKcQfGz66/5vvTHc rt6lzmziqZuJ+T9wqIia5DFIU7OH8PebR9cJs3mGTfDi8NUZF9d2R3H0tLtYbYDWH9dn ZKZg== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:to:from :dkim-signature:arc-filter:dmarc-filter:delivered-to; bh=O6Wsthlf3nlQyUQnyQPEBtulveFzvYZp4F0qBzqq2Q0=; fh=JNN3k7BRNI1OnWdIBK9jlpNeitGd8uBm02dHI75AGcg=; b=nypwKQ2oZigYB5LSy7uzOdiN1Lx6QPBWLyIjIuo+Gnliu+RuGa4wKeB7e4EMGKke1a M8pjtVVMUEMaLnPTk4SD9F+HI5L6xOrwHGewEoz+Kv48NcZK03zlLKAi2fQSQUBAGsXk IGIUq/l2fpMKMMAJFRFDHWmcAhuMLES/yhpWBg5QpE5GST4Lhue00W6h/bXoQC3u0Tci e1fldwFNG8PgmJS9MiiF9WMkpgDwwcXhU0TPZsVW+w9v0r88vAudtGmlmbRqd+wX3pkx nrRvnj57qFiJhbSW5eruqUNsGh+QtFzGKH6gI173ulCqjFQxBfOC82TuFdQy175/qQAP VsmQ== ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=ssU9v3mr; arc=pass (i=1); spf=pass (google.com: domain of libc-alpha-bounces+patch=linaro.org@sourceware.org designates 8.43.85.97 as permitted sender) smtp.mailfrom="libc-alpha-bounces+patch=linaro.org@sourceware.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from server2.sourceware.org (server2.sourceware.org. [8.43.85.97]) by mx.google.com with ESMTPS id v5-20020a056102302500b00466a08c1622si525198vsa.3.2023.12.21.11.01.39 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 21 Dec 2023 11:01:39 -0800 (PST) Received-SPF: pass (google.com: domain of libc-alpha-bounces+patch=linaro.org@sourceware.org designates 8.43.85.97 as permitted sender) client-ip=8.43.85.97; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=ssU9v3mr; arc=pass (i=1); spf=pass (google.com: domain of libc-alpha-bounces+patch=linaro.org@sourceware.org designates 8.43.85.97 as permitted sender) smtp.mailfrom="libc-alpha-bounces+patch=linaro.org@sourceware.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id C3180386480A for ; Thu, 21 Dec 2023 19:01:31 +0000 (GMT) X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from mail-pg1-x530.google.com (mail-pg1-x530.google.com [IPv6:2607:f8b0:4864:20::530]) by sourceware.org (Postfix) with ESMTPS id 9C8F93858292 for ; Thu, 21 Dec 2023 19:00:00 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 9C8F93858292 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=linaro.org ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 9C8F93858292 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=2607:f8b0:4864:20::530 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1703185202; cv=none; b=h4TqT22nA/4VY1QDkGl8Mocm/lNqjL47uR/0754+0RJvqhlwsSbhvIvKbOirZu9Xs9xZaIS1XqiTof2jgv63R2rGcTZfwGCbmOZDbtxvDFxxLKVdaAv6lxo/FzomIvPel0vkNYokF8uoaOr4Bk8Y2yPH1Bkinh5fnIGfTMCajLA= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1703185202; c=relaxed/simple; bh=qrRxmfPRJL/sXSPvoBikMkiPfjLkDlN+gxTUb+m6bIA=; h=DKIM-Signature:From:To:Subject:Date:Message-Id:MIME-Version; b=hpy9b9ePEDtGQCyEoy2YFe501gLpLoTvHl1blzQg5VLJp94qdIEuIcKZk3ahux8YtvnkDx0Z08FLGERPMlQnmbR+DbGwC7gyH5ffYiG2Dl/Jf84RcEr7SdVzi1WG4GGZD0OxIQ6iOv9b/aNmOV4LWklkfwJXhwrsAncJuSyVeMU= ARC-Authentication-Results: i=1; server2.sourceware.org Received: by mail-pg1-x530.google.com with SMTP id 41be03b00d2f7-5bdbe2de25fso865668a12.3 for ; Thu, 21 Dec 2023 11:00:00 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1703185199; x=1703789999; darn=sourceware.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=O6Wsthlf3nlQyUQnyQPEBtulveFzvYZp4F0qBzqq2Q0=; b=ssU9v3mrUuYn2IGPZnmAAMlQvwnTKvme8iyGtoOQ37drxTSBQ44WUqW6vxpSf6N3IL JaK7qEuPSU8tW3UaYMpUfbmpfrYI1jTXev3c4LFJlxI3ZpcQ8v7R2VgOrFK9OlJa9lKJ yTbfnWlzgNFln3xcmaFKiHi6dsmw6t4RS89xIAAc7EFoAj9EHBGnNDc7M1yUokY7gL6z HwO5KJdkuO3eILMTJ1KqsyqBRNHOeILp11ucqkmUHOFPHbRCmAYbdjxPPSZVF/XGZjZA o2kph8GralmLK2/qnQyfnX6TS6W+Qjxo0Lr4FFT7QjXy8/7UmW0LQo+z4JLj61cbCQ3V NDUw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1703185199; x=1703789999; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=O6Wsthlf3nlQyUQnyQPEBtulveFzvYZp4F0qBzqq2Q0=; b=qPMXRLg2piU/GwNhlwNz8HRukl2fk58lRgW4150jCt18xJw5HgflOaxr5LegISD5nC q/ioSviWNpflMi1Gs+VbPMdpXXO4oKGkZXGnrND93ouKpzQl3LUu5nJBxeB8OxmLXHTB +v3TZQcmuC67Z5m6YghvD2WvJ8ZDhNfM4TfVD/SmigmeFw5cbifV9QrEOQwFbpwRsWUy hB1zb6MTRe9jbvLJcb+qcExdY5YdbjBt7/WOH3NhW4LAL9Jy3uxA1T18JqhrUfjrE7O9 /4UGl4/WmyeFG+CUd71tm6WQGWp7pFeRMYJ4WAMnq6QJqtOUT3m0tJJDkwTMJhJ5slzp ejJA== X-Gm-Message-State: AOJu0YxroeFpEnO8pqsWnb2xo6XrYLAMXRi3cVa8IweAY2Nqi5I0L8ll oFH8ljuvszYZrpwjyauxWriw8j2sA7zXi4XwzEPnjE+eQXw= X-Received: by 2002:a05:6a20:bb81:b0:190:1c0:1c25 with SMTP id fd1-20020a056a20bb8100b0019001c01c25mr122963pzb.91.1703185199148; Thu, 21 Dec 2023 10:59:59 -0800 (PST) Received: from mandiga.. ([2804:1b3:a7c0:8192:ecd7:d327:bea0:14dc]) by smtp.gmail.com with ESMTPSA id a9-20020a63e409000000b005cdbebd61d8sm1946165pgi.9.2023.12.21.10.59.57 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 21 Dec 2023 10:59:58 -0800 (PST) From: Adhemerval Zanella To: libc-alpha@sourceware.org, Siddhesh Poyarekar Subject: [PATCH 09/15] stdlib: Improve fortify with clang Date: Thu, 21 Dec 2023 15:59:23 -0300 Message-Id: <20231221185929.1307116-10-adhemerval.zanella@linaro.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20231221185929.1307116-1-adhemerval.zanella@linaro.org> References: <20231221185929.1307116-1-adhemerval.zanella@linaro.org> MIME-Version: 1.0 X-Spam-Status: No, score=-12.7 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libc-alpha-bounces+patch=linaro.org@sourceware.org It improve fortify checks for realpath, ptsname_r, wctomb, mbstowcs, and wcstombs. The runtime and compile checks have similar coverage as with GCC. Checked on aarch64, armhf, x86_64, and i686. --- stdlib/bits/stdlib.h | 40 +++++++++++++++++++++++++++++----------- 1 file changed, 29 insertions(+), 11 deletions(-) diff --git a/stdlib/bits/stdlib.h b/stdlib/bits/stdlib.h index c6c0082ad5..1f89c1e69f 100644 --- a/stdlib/bits/stdlib.h +++ b/stdlib/bits/stdlib.h @@ -33,15 +33,22 @@ extern char *__REDIRECT_NTH (__realpath_chk_warn, __warnattr ("second argument of realpath must be either NULL or at " "least PATH_MAX bytes long buffer"); -__fortify_function __wur char * -__NTH (realpath (const char *__restrict __name, char *__restrict __resolved)) +__fortify_function __attribute_overloadable__ __wur char * +__NTH (realpath (const char *__restrict __name, + __fortify_clang_overload_arg (char *, __restrict, __resolved))) +#if defined _LIBC_LIMITS_H_ && defined PATH_MAX + __fortify_clang_warning_only_if_bos_lt (PATH_MAX, __resolved, + "second argument of realpath must be " + "either NULL or at least PATH_MAX " + "bytes long buffer") +#endif { size_t sz = __glibc_objsize (__resolved); if (sz == (size_t) -1) return __realpath_alias (__name, __resolved); -#if defined _LIBC_LIMITS_H_ && defined PATH_MAX +#if !__fortify_use_clang && defined _LIBC_LIMITS_H_ && defined PATH_MAX if (__glibc_unsafe_len (PATH_MAX, sizeof (char), sz)) return __realpath_chk_warn (__name, __resolved, sz); #endif @@ -61,8 +68,13 @@ extern int __REDIRECT_NTH (__ptsname_r_chk_warn, __nonnull ((2)) __warnattr ("ptsname_r called with buflen bigger than " "size of buf"); -__fortify_function int -__NTH (ptsname_r (int __fd, char *__buf, size_t __buflen)) +__fortify_function __attribute_overloadable__ int +__NTH (ptsname_r (int __fd, + __fortify_clang_overload_arg (char *, ,__buf), + size_t __buflen)) + __fortify_clang_warning_only_if_bos_lt (__buflen, __buf, + "ptsname_r called with buflen " + "bigger than size of buf") { return __glibc_fortify (ptsname_r, __buflen, sizeof (char), __glibc_objsize (__buf), @@ -75,8 +87,8 @@ extern int __wctomb_chk (char *__s, wchar_t __wchar, size_t __buflen) extern int __REDIRECT_NTH (__wctomb_alias, (char *__s, wchar_t __wchar), wctomb) __wur; -__fortify_function __wur int -__NTH (wctomb (char *__s, wchar_t __wchar)) +__fortify_function __attribute_overloadable__ __wur int +__NTH (wctomb (__fortify_clang_overload_arg (char *, ,__s), wchar_t __wchar)) { /* We would have to include to get a definition of MB_LEN_MAX. But this would only disturb the namespace. So we define our own @@ -113,12 +125,17 @@ extern size_t __REDIRECT_NTH (__mbstowcs_chk_warn, __warnattr ("mbstowcs called with dst buffer smaller than len " "* sizeof (wchar_t)"); -__fortify_function size_t -__NTH (mbstowcs (wchar_t *__restrict __dst, const char *__restrict __src, +__fortify_function __attribute_overloadable__ size_t +__NTH (mbstowcs (__fortify_clang_overload_arg (wchar_t *, __restrict, __dst), + const char *__restrict __src, size_t __len)) + __fortify_clang_warning_only_if_bos0_lt2 (__len, __dst, sizeof (wchar_t), + "mbstowcs called with dst buffer " + "smaller than len * sizeof (wchar_t)") { if (__builtin_constant_p (__dst == NULL) && __dst == NULL) return __mbstowcs_nulldst (__dst, __src, __len); + else return __glibc_fortify_n (mbstowcs, __len, sizeof (wchar_t), __glibc_objsize (__dst), __dst, __src, __len); @@ -139,8 +156,9 @@ extern size_t __REDIRECT_NTH (__wcstombs_chk_warn, size_t __len, size_t __dstlen), __wcstombs_chk) __warnattr ("wcstombs called with dst buffer smaller than len"); -__fortify_function size_t -__NTH (wcstombs (char *__restrict __dst, const wchar_t *__restrict __src, +__fortify_function __attribute_overloadable__ size_t +__NTH (wcstombs (__fortify_clang_overload_arg (char *, __restrict, __dst), + const wchar_t *__restrict __src, size_t __len)) { return __glibc_fortify (wcstombs, __len, sizeof (char),