From patchwork Thu Feb 8 18:46:16 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Adhemerval Zanella X-Patchwork-Id: 770866 Delivered-To: patch@linaro.org Received: by 2002:adf:9dca:0:b0:33b:4db1:f5b3 with SMTP id q10csp478830wre; Thu, 8 Feb 2024 10:47:32 -0800 (PST) X-Forwarded-Encrypted: i=3; AJvYcCWw+Thp/mf49E9uFLFyJLBfr+a6zuMzgJ5L/PReZO7jZFsrO4XNIBWC+G4nEJUxAi4F0ypNlnvW3zZjMOMwHjGC X-Google-Smtp-Source: AGHT+IE53yy4v45Y5Fl2Ue5toMK+4s9s5PeW2VdsTJEwUW+tmS67BywxyG3zG615Cw6yzA0TQRPZ X-Received: by 2002:a05:620a:3946:b0:785:5b0b:ef75 with SMTP id qs6-20020a05620a394600b007855b0bef75mr821243qkn.29.1707418051798; Thu, 08 Feb 2024 10:47:31 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1707418051; cv=pass; d=google.com; s=arc-20160816; b=dCXzdGOj/eI0AUfgZ99iXOeoVwHqhetjRUc5FSxRYgrTPSGGW7w70vQH4i0UEqTFXa lazp5DyyGJJ5WKN1u+tfw6VGSjocNrn+o8tL4lsxrDusc+X21PWHAtmB0RQAT/rbappn P24ynhIO/SdApD/F3Epnp1AS9jspM6Z5tidgBXJQF2tfBAtq/YqF4OznATMFpBo49Wpc T76wSYSCV81CrAnGJipQhP7vb48/guAxG6jv02C6Bl+igD9J7dw8BFO5QOG45wYXSV0w EFTWv38OmF8lnVlHJC4NiA2jYt0st3DGaNFLnXRY2BftQ4akVpcA92wG5x6JycF7N1Qw 5P8Q== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature:arc-filter:dmarc-filter:delivered-to; bh=ZswzWeOlBH/+xmo74OsDUhqf+d/Qk51d0fscqhJwgns=; fh=e8I2ikr7nIATMRa/AS1Q3/ah0+PwEBjJuLxSnoGvXPY=; b=kVVN86z0qr3Hbo7v+E2Y+J3Q4WjwxFC/qfRgpaCy67+SjXb/2waGRhzJa6KHpqpWr9 JEuJGay7+exEpz9ziAsY5gJpSQtdMetEgcOMsNYQW/F1Yw3Uj8GPzgHwIEGSxVWCjkn1 OcyzJ+ycu+EVrpIeefaXjZ+KLlLzTwUVKTCP5P4rlLrrMxdDNkzaPt/mC+uUWH1GAL79 ORyR5tD0bVJyP8Qdp/A/KKQs/2dBcLEhh/Vff2nnR8BC/h3XkYy9I5P7PBRYKmyFbryn IcVl4jUen/Vc0A0kBVLFlXQDq/jaQgiP4dbP2AkeYBa8y3BXl0Yx49nDYy56g592dN3h /y5w==; darn=linaro.org ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=JNvKTHqb; arc=pass (i=1); spf=pass (google.com: domain of libc-alpha-bounces+patch=linaro.org@sourceware.org designates 2620:52:3:1:0:246e:9693:128c as permitted sender) smtp.mailfrom="libc-alpha-bounces+patch=linaro.org@sourceware.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org X-Forwarded-Encrypted: i=2; AJvYcCVErVepEo+j+v7P+dUv2hOrZleFYw3S7QPLAMUJHP7BxSodNn5TjJZ6FjDNgF4vh/N5EzfCYnD5wye8qYoYVX+H Return-Path: Received: from server2.sourceware.org (server2.sourceware.org. [2620:52:3:1:0:246e:9693:128c]) by mx.google.com with ESMTPS id cx23-20020a05620a51d700b00785acc73759si183871qkb.323.2024.02.08.10.47.31 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 08 Feb 2024 10:47:31 -0800 (PST) Received-SPF: pass (google.com: domain of libc-alpha-bounces+patch=linaro.org@sourceware.org designates 2620:52:3:1:0:246e:9693:128c as permitted sender) client-ip=2620:52:3:1:0:246e:9693:128c; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=JNvKTHqb; arc=pass (i=1); spf=pass (google.com: domain of libc-alpha-bounces+patch=linaro.org@sourceware.org designates 2620:52:3:1:0:246e:9693:128c as permitted sender) smtp.mailfrom="libc-alpha-bounces+patch=linaro.org@sourceware.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 67C19385828F for ; Thu, 8 Feb 2024 18:47:31 +0000 (GMT) X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from mail-pl1-x634.google.com (mail-pl1-x634.google.com [IPv6:2607:f8b0:4864:20::634]) by sourceware.org (Postfix) with ESMTPS id 6D7CC3858417 for ; Thu, 8 Feb 2024 18:46:36 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 6D7CC3858417 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=linaro.org ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 6D7CC3858417 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=2607:f8b0:4864:20::634 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1707417998; cv=none; b=iKx7xfY5+pwiQ2za9vm1eNHQywj7QgjOSa7F7zmC+aEQ27lzesxXGkFO8LbjSqbVHSiBPd2AsyQQj8rKYkqN8JTqkEQh0w0jF/y1Gb3DgER5XWwvuowsgHvLcinX4kBJhvKNBn9yTJXjGplFbL6FVAebzoEluTvVwBrFOv4LLuc= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1707417998; c=relaxed/simple; bh=OTPmzdHBOsudJ6xQcqbMDPwk+Nt/p4p2uBRap4E9/sI=; h=DKIM-Signature:From:To:Subject:Date:Message-Id:MIME-Version; b=D32RIQQyw76016GYyDya4voYUWu37d4l4NfplsoRkbO5izfNQQsdi1Fqd7uNEHap8NQAgIKc1rNgzNcvs7nlLRKIqnaA/WzbP3yZ8c2y8kDlAg1OVh447w1NcaC5xUFs7FRfa6/8xmcW2HZWW0AFk+SIwfoDLvPf6N9q+uGE/TY= ARC-Authentication-Results: i=1; server2.sourceware.org Received: by mail-pl1-x634.google.com with SMTP id d9443c01a7336-1d958e0d73dso1452755ad.1 for ; Thu, 08 Feb 2024 10:46:36 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1707417995; x=1708022795; darn=sourceware.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=ZswzWeOlBH/+xmo74OsDUhqf+d/Qk51d0fscqhJwgns=; b=JNvKTHqbdd/XxkJIyENIZqB6vhHKIZznp09XIS+UBxnzy+k8kySv9xTpNf+fh1bYjN mgjLiqydl7yicb1daS4gVWzM1BdDDI85KnE2r5VSQrdudOWuoPl47Z8f6a4FBBvEEBNO Ai0Ia7XIm8980vVPN4QhaFxaVvGCTTNYCJKZJd3nlsCarninn4pQCMlDH1YBabHFXKsB xFls5jDTzBip08xxGwK+7ZbhUNy6lFYHtXIKTSXXXTmM86eMu4tzj8ePH67nIGYXLBbw jARt7Rm1AydJoSoAwCTGFpYYYsT1UD2vFBSKqHsrOTWFhOihSFlBi+8JgRp7hr/mn/ZM QCWw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1707417995; x=1708022795; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=ZswzWeOlBH/+xmo74OsDUhqf+d/Qk51d0fscqhJwgns=; b=gN2zoYmJkCcvfzEqhm1v8dpEGtRwfoAkzDa2j7i4z/xeHFPFbQ/TPRaU2DlF8ryrXr aTKbFE2OO1UayVfmeNBkb0Gnge8f61khF+l5gZaCoPKXBYu8nL2wxJzuORrY9ecDfrp+ BZQfAd2Aph0e+9yI27wmsIqYeFEg0NMiregcBaOwtMSiKH1AYM2PhV2taLJb8vMZWrBM 5qsxgm9sfaL/hcRO5uGwpZaGyK9X7EqOq7ZECF1UfYBpNjtG7v/ZbYG0/ikoRdtw/7Jn uf+zxCADi4K1JSlrdzORqqgl/3CF8ePM7Mx+ViDHKqgkTIKTam6b+J0b8zXSaR+TYeUo oEsA== X-Gm-Message-State: AOJu0YymOgWyA6KhU9yY6QLP9eIwsqKyPIh06L9m0mVj8gfTKw6Td+Fk wx+UL/8YLdhI8bN13NKZu/G+9WytRd4829xsmlbtdbgmUFxbllYkn6Uu8rsqo9+uWgUz5DjZ48p A X-Received: by 2002:a17:902:d2c6:b0:1d9:ec0a:52b4 with SMTP id n6-20020a170902d2c600b001d9ec0a52b4mr5491800plc.21.1707417995024; Thu, 08 Feb 2024 10:46:35 -0800 (PST) Received: from mandiga.. ([2804:1b3:a7c0:378:6793:1dc3:1346:d6d6]) by smtp.gmail.com with ESMTPSA id n26-20020a638f1a000000b005d7994a08dcsm156408pgd.36.2024.02.08.10.46.33 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 08 Feb 2024 10:46:34 -0800 (PST) From: Adhemerval Zanella To: libc-alpha@sourceware.org Cc: Siddhesh Poyarekar Subject: [PATCH v3 04/10] stdlib: Improve fortify with clang Date: Thu, 8 Feb 2024 15:46:16 -0300 Message-Id: <20240208184622.332678-5-adhemerval.zanella@linaro.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240208184622.332678-1-adhemerval.zanella@linaro.org> References: <20240208184622.332678-1-adhemerval.zanella@linaro.org> MIME-Version: 1.0 X-Spam-Status: No, score=-12.5 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libc-alpha-bounces+patch=linaro.org@sourceware.org It improve fortify checks for realpath, ptsname_r, wctomb, mbstowcs, and wcstombs. The runtime and compile checks have similar coverage as with GCC. Checked on aarch64, armhf, x86_64, and i686. Tested-by: Carlos O'Donell Tested-by: Carlos O'Donell Reviewed-by: Carlos O'Donell --- stdlib/bits/stdlib.h | 40 +++++++++++++++++++++++++++++----------- 1 file changed, 29 insertions(+), 11 deletions(-) diff --git a/stdlib/bits/stdlib.h b/stdlib/bits/stdlib.h index 1c7191ba57..9e31801e80 100644 --- a/stdlib/bits/stdlib.h +++ b/stdlib/bits/stdlib.h @@ -33,15 +33,22 @@ extern char *__REDIRECT_NTH (__realpath_chk_warn, __warnattr ("second argument of realpath must be either NULL or at " "least PATH_MAX bytes long buffer"); -__fortify_function __wur char * -__NTH (realpath (const char *__restrict __name, char *__restrict __resolved)) +__fortify_function __attribute_overloadable__ __wur char * +__NTH (realpath (const char *__restrict __name, + __fortify_clang_overload_arg (char *, __restrict, __resolved))) +#if defined _LIBC_LIMITS_H_ && defined PATH_MAX + __fortify_clang_warning_only_if_bos_lt (PATH_MAX, __resolved, + "second argument of realpath must be " + "either NULL or at least PATH_MAX " + "bytes long buffer") +#endif { size_t sz = __glibc_objsize (__resolved); if (sz == (size_t) -1) return __realpath_alias (__name, __resolved); -#if defined _LIBC_LIMITS_H_ && defined PATH_MAX +#if !__fortify_use_clang && defined _LIBC_LIMITS_H_ && defined PATH_MAX if (__glibc_unsafe_len (PATH_MAX, sizeof (char), sz)) return __realpath_chk_warn (__name, __resolved, sz); #endif @@ -61,8 +68,13 @@ extern int __REDIRECT_NTH (__ptsname_r_chk_warn, __nonnull ((2)) __warnattr ("ptsname_r called with buflen bigger than " "size of buf"); -__fortify_function int -__NTH (ptsname_r (int __fd, char *__buf, size_t __buflen)) +__fortify_function __attribute_overloadable__ int +__NTH (ptsname_r (int __fd, + __fortify_clang_overload_arg (char *, ,__buf), + size_t __buflen)) + __fortify_clang_warning_only_if_bos_lt (__buflen, __buf, + "ptsname_r called with buflen " + "bigger than size of buf") { return __glibc_fortify (ptsname_r, __buflen, sizeof (char), __glibc_objsize (__buf), @@ -75,8 +87,8 @@ extern int __wctomb_chk (char *__s, wchar_t __wchar, size_t __buflen) extern int __REDIRECT_NTH (__wctomb_alias, (char *__s, wchar_t __wchar), wctomb) __wur; -__fortify_function __wur int -__NTH (wctomb (char *__s, wchar_t __wchar)) +__fortify_function __attribute_overloadable__ __wur int +__NTH (wctomb (__fortify_clang_overload_arg (char *, ,__s), wchar_t __wchar)) { /* We would have to include to get a definition of MB_LEN_MAX. But this would only disturb the namespace. So we define our own @@ -113,12 +125,17 @@ extern size_t __REDIRECT_NTH (__mbstowcs_chk_warn, __warnattr ("mbstowcs called with dst buffer smaller than len " "* sizeof (wchar_t)"); -__fortify_function size_t -__NTH (mbstowcs (wchar_t *__restrict __dst, const char *__restrict __src, +__fortify_function __attribute_overloadable__ size_t +__NTH (mbstowcs (__fortify_clang_overload_arg (wchar_t *, __restrict, __dst), + const char *__restrict __src, size_t __len)) + __fortify_clang_warning_only_if_bos0_lt2 (__len, __dst, sizeof (wchar_t), + "mbstowcs called with dst buffer " + "smaller than len * sizeof (wchar_t)") { if (__builtin_constant_p (__dst == NULL) && __dst == NULL) return __mbstowcs_nulldst (__dst, __src, __len); + else return __glibc_fortify_n (mbstowcs, __len, sizeof (wchar_t), __glibc_objsize (__dst), __dst, __src, __len); @@ -139,8 +156,9 @@ extern size_t __REDIRECT_NTH (__wcstombs_chk_warn, size_t __len, size_t __dstlen), __wcstombs_chk) __warnattr ("wcstombs called with dst buffer smaller than len"); -__fortify_function size_t -__NTH (wcstombs (char *__restrict __dst, const wchar_t *__restrict __src, +__fortify_function __attribute_overloadable__ size_t +__NTH (wcstombs (__fortify_clang_overload_arg (char *, __restrict, __dst), + const wchar_t *__restrict __src, size_t __len)) { return __glibc_fortify (wcstombs, __len, sizeof (char),