[glibc] scripts: Add fortify checks on installed headers

public inbox for glibc-cvs@sourceware.org
help / color / mirror / Atom feed

* [glibc] scripts: Add fortify checks on installed headers
@ 2023-07-19 19:24 Adhemerval Zanella
  0 siblings, 0 replies; only message in thread
From: Adhemerval Zanella @ 2023-07-19 19:24 UTC (permalink / raw)
  To: glibc-cvs

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=30379efad117b85cc56a255cac628d0ad745bfe3

commit 30379efad117b85cc56a255cac628d0ad745bfe3
Author: Adhemerval Zanella <adhemerval.zanella@linaro.org>
Date:   Wed Jul 19 11:37:01 2023 -0300

    scripts: Add fortify checks on installed headers
    
    The _FORTIFY_SOURCE is used as default by some system compilers,
    and there is no way to check if some fortify extension does not
    trigger any conformance issue.
    
    Checked on x86_64-linux-gnu.
    
    Reviewed-by: Carlos O'Donell <carlos@redhat.com>

Diff:
---
 scripts/check-installed-headers.sh | 36 +++++++++++++++++++++++-------------
 1 file changed, 23 insertions(+), 13 deletions(-)

diff --git a/scripts/check-installed-headers.sh b/scripts/check-installed-headers.sh
index 5a50a491ca..23506a2514 100644
--- a/scripts/check-installed-headers.sh
+++ b/scripts/check-installed-headers.sh
@@ -29,6 +29,9 @@ cxx_modes="-std=c++98 -std=gnu++98 -std=c++11 -std=gnu++11"
 # These are probably the most commonly used three.
 lib_modes="-D_DEFAULT_SOURCE=1 -D_GNU_SOURCE=1 -D_XOPEN_SOURCE=700"
 
+# Also check for fortify modes, since it might be enabled as default.
+fortify_modes="1 2 3"
+
 if [ $# -lt 3 ]; then
     echo "usage: $0 c|c++ \"compile command\" header header header..." >&2
     exit 2
@@ -100,29 +103,36 @@ EOF
     echo :: "$header"
     for lang_mode in "" $lang_modes; do
         for lib_mode in "" $lib_modes; do
-            echo :::: $lang_mode $lib_mode
-            if [ -z "$lib_mode" ]; then
-                expanded_lib_mode='/* default library mode */'
-            else
-                expanded_lib_mode=$(echo : $lib_mode | \
-                    sed 's/^: -D/#define /; s/=/ /')
-            fi
-            cat >"$cih_test_c" <<EOF
+            for fortify_mode in "" $fortify_modes; do
+                echo :::: $lang_mode $lib_mode $fortify_mode
+                if [ -z "$lib_mode" ]; then
+                    expanded_lib_mode='/* default library mode */'
+                else
+                    expanded_lib_mode=$(echo : $lib_mode | \
+                        sed 's/^: -D/#define /; s/=/ /')
+                fi
+                if [ ! -z $fortify_mode ]; then
+                    fortify_mode="#define _FORTIFY_SOURCE $fortify_mode"
+                fi
+                cat >"$cih_test_c" <<EOF
 /* These macros may have been defined on the command line.  They are
    inappropriate for this test.  */
 #undef _LIBC
 #undef _GNU_SOURCE
+#undef _FORTIFY_SOURCE
+$fortify_mode
 /* The library mode is selected here rather than on the command line to
    ensure that this selection wins. */
 $expanded_lib_mode
 #include <$header>
 int avoid_empty_translation_unit;
 EOF
-            if $cc_cmd -finput-charset=ascii -fsyntax-only $lang_mode \
-		       "$cih_test_c" 2>&1
-            then :
-            else failed=1
-            fi
+                if $cc_cmd -finput-charset=ascii -fsyntax-only $lang_mode \
+		           "$cih_test_c" 2>&1
+                then :
+                else failed=1
+                fi
+            done
         done
     done
 done

^ permalink raw reply	[flat|nested] only message in thread

only message in thread, other threads:[~2023-07-19 19:24 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-07-19 19:24 [glibc] scripts: Add fortify checks on installed headers Adhemerval Zanella

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).