From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: by sourceware.org (Postfix, from userid 48) id 110933857C4C; Sat, 3 Feb 2024 00:14:07 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 110933857C4C DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sourceware.org; s=default; t=1706919247; bh=ysYuvbarDJgANjeQaFFim8p27/Qyo7z7Rz+4B/NOs1M=; h=From:To:Subject:Date:From; b=ypNxSVnu0kQ73w/hGHbHgOofJgO6KnEF9FXsUvwxIYCEL08m+OxQcSI7rLbgd85pq t1hHxFqCA5s4oW3xAa/ccNy1fDZk/0z47wm6qqraii2ySa3wB7dMM8KDV4uxIxvNzU Qun02qMbeh/Mk9TqcswvV07bc2DYD/2Vc4J+nV68= From: "Vojislav.Tomasevic at Syrmia dot com" To: glibc-bugs@sourceware.org Subject: [Bug string/31332] New: Improve detection of buffer overflow at compile-time with FORTIFY_SOURCE Date: Sat, 03 Feb 2024 00:14:05 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: glibc X-Bugzilla-Component: string X-Bugzilla-Version: unspecified X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: Vojislav.Tomasevic at Syrmia dot com X-Bugzilla-Status: UNCONFIRMED X-Bugzilla-Resolution: X-Bugzilla-Priority: P2 X-Bugzilla-Assigned-To: unassigned at sourceware dot org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_id short_desc product version bug_status bug_severity priority component assigned_to reporter target_milestone attachments.created Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://sourceware.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 List-Id: https://sourceware.org/bugzilla/show_bug.cgi?id=3D31332 Bug ID: 31332 Summary: Improve detection of buffer overflow at compile-time with FORTIFY_SOURCE Product: glibc Version: unspecified Status: UNCONFIRMED Severity: normal Priority: P2 Component: string Assignee: unassigned at sourceware dot org Reporter: Vojislav.Tomasevic at Syrmia dot com Target Milestone: --- Created attachment 15350 --> https://sourceware.org/bugzilla/attachment.cgi?id=3D15350&action=3Ded= it Test case with buffer overflow in memcpy call FORTIFY_SOURCE currently reports run-time errors when detecting buffer overflows, both with clang and gcc. However, it would be more beneficial to catch the issues earlier (at compile-time), when possible. There is room for improvement in fortified implementations of functions memcpy/memmove/memset/strncpy/bcopy/bzero as buffer overflows can be detect= ed at compile-time and reported as compile-time errors. Consider the example memcpy.c in the attached test case which contains buff= er overflow: bash-4.4$ clang -O2 -D_FORTIFY_SOURCE=3D2 memcpy.c // no compile-time war= ning bash-4.4$ ./a.out *** buffer overflow detected ***: terminated Aborted (core dumped) Note that the overflow is caught at run-time only. However, in this case, we should be able to detect it at compile-time as both the length and size of = the destination pointer is known at compile-time, when compiled with optimizati= ons. With changes to memcpy definition as below, the issue can be caught at compile-time itself. Similar changes could be done to memmove/memset/strncpy/bcopy/bzero functions as well. Both clang and gcc compilers support error/warning attribute, builtin_object_size and builtin_constant_p functions. @@ -26,6 +26,13 @@ __fortify_function void * __NTH (memcpy (void *__restrict __dest, const void *__restrict __src, size_t __len)) { + if (__bos (__dest) !=3D (size_t) -1 + && __builtin_constant_p (__len) + && __len > __bos (__dest)) + { + void __fortify_error (void) __attribute__((error("dest is too small"= ))); + __fortify_error (); + } return __builtin___memcpy_chk (__dest, __src, __len, __glibc_objsize0 (__dest)); } The above patch could be improved by using _errordecl macro to declare the prototype of the __fortify_error function, which is already used in glibc f= or similar purposes. If the attached test case is considered now (after applying this patch), th= ere is a compile-time error like the following one: bash-4.4$ clang -O2 -D_FORTIFY_SOURCE=3D2 memcpy.c In file included from memcpy.c:1: In file included from string.h:535: glibc/install_dir/include/bits/string_fortified.h:34:7: error: call to '__fortify_error' declared with 'error' attribute: dest is too small 34 | __fortify_error (); | ^ 1 error generated. If this is agreeable, I would be interested to work on a patch which improv= es buffer overflow detection at compile-time. --=20 You are receiving this mail because: You are on the CC list for the bug.=