public inbox for glibc-cvs@sourceware.org
help / color / mirror / Atom feed
* [glibc/azanella/clang] unistd: Improve fortify with clang
@ 2024-02-09 17:28 Adhemerval Zanella
0 siblings, 0 replies; 4+ messages in thread
From: Adhemerval Zanella @ 2024-02-09 17:28 UTC (permalink / raw)
To: glibc-cvs
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=77dd6fad5fa726205cf36ce009f59fd9a81789b7
commit 77dd6fad5fa726205cf36ce009f59fd9a81789b7
Author: Adhemerval Zanella <adhemerval.zanella@linaro.org>
Date: Tue Dec 5 10:37:25 2023 -0300
unistd: Improve fortify with clang
It improve fortify checks for read, pread, pread64, readlink,
readlinkat, getcwd, getwd, confstr, getgroups, ttyname_r, getlogin_r,
gethostname, and getdomainname. The compile and runtime checks have
similar coverage as with GCC.
Checked on aarch64, armhf, x86_64, and i686.
Diff:
---
posix/bits/unistd.h | 110 +++++++++++++++++++++++++++++++++++++++-------------
1 file changed, 82 insertions(+), 28 deletions(-)
diff --git a/posix/bits/unistd.h b/posix/bits/unistd.h
index bd209ec28e..2757b0619a 100644
--- a/posix/bits/unistd.h
+++ b/posix/bits/unistd.h
@@ -22,8 +22,12 @@
# include <bits/unistd-decl.h>
-__fortify_function __wur ssize_t
-read (int __fd, void *__buf, size_t __nbytes)
+__fortify_function __attribute_overloadable__ __wur ssize_t
+read (int __fd, __fortify_clang_overload_arg0 (void *, ,__buf), size_t __nbytes)
+ __fortify_clang_warning_only_if_bos0_lt (__nbytes, __buf,
+ "read called with bigger length than "
+ "size of the destination buffer")
+
{
return __glibc_fortify (read, __nbytes, sizeof (char),
__glibc_objsize0 (__buf),
@@ -32,16 +36,24 @@ read (int __fd, void *__buf, size_t __nbytes)
#if defined __USE_UNIX98 || defined __USE_XOPEN2K8
# ifndef __USE_FILE_OFFSET64
-__fortify_function __wur ssize_t
-pread (int __fd, void *__buf, size_t __nbytes, __off_t __offset)
+__fortify_function __attribute_overloadable__ __wur ssize_t
+pread (int __fd, __fortify_clang_overload_arg0 (void *, ,__buf),
+ size_t __nbytes, __off_t __offset)
+ __fortify_clang_warning_only_if_bos0_lt (__nbytes, __buf,
+ "pread called with bigger length than "
+ "size of the destination buffer")
{
return __glibc_fortify (pread, __nbytes, sizeof (char),
__glibc_objsize0 (__buf),
__fd, __buf, __nbytes, __offset);
}
# else
-__fortify_function __wur ssize_t
-pread (int __fd, void *__buf, size_t __nbytes, __off64_t __offset)
+__fortify_function __attribute_overloadable__ __wur ssize_t
+pread (int __fd, __fortify_clang_overload_arg0 (void *, ,__buf),
+ size_t __nbytes, __off64_t __offset)
+ __fortify_clang_warning_only_if_bos0_lt (__nbytes, __buf,
+ "pread called with bigger length than "
+ "size of the destination buffer")
{
return __glibc_fortify (pread64, __nbytes, sizeof (char),
__glibc_objsize0 (__buf),
@@ -50,8 +62,12 @@ pread (int __fd, void *__buf, size_t __nbytes, __off64_t __offset)
# endif
# ifdef __USE_LARGEFILE64
-__fortify_function __wur ssize_t
-pread64 (int __fd, void *__buf, size_t __nbytes, __off64_t __offset)
+__fortify_function __attribute_overloadable__ __wur ssize_t
+pread64 (int __fd, __fortify_clang_overload_arg0 (void *, ,__buf),
+ size_t __nbytes, __off64_t __offset)
+ __fortify_clang_warning_only_if_bos0_lt (__nbytes, __buf,
+ "pread64 called with bigger length than "
+ "size of the destination buffer")
{
return __glibc_fortify (pread64, __nbytes, sizeof (char),
__glibc_objsize0 (__buf),
@@ -61,9 +77,14 @@ pread64 (int __fd, void *__buf, size_t __nbytes, __off64_t __offset)
#endif
#if defined __USE_XOPEN_EXTENDED || defined __USE_XOPEN2K
-__fortify_function __nonnull ((1, 2)) __wur ssize_t
-__NTH (readlink (const char *__restrict __path, char *__restrict __buf,
+__fortify_function __attribute_overloadable__ __nonnull ((1, 2)) __wur ssize_t
+__NTH (readlink (const char *__restrict __path,
+ __fortify_clang_overload_arg0 (char *, __restrict, __buf),
size_t __len))
+ __fortify_clang_warning_only_if_bos_lt (__len, __buf,
+ "readlink called with bigger length "
+ "than size of destination buffer")
+
{
return __glibc_fortify (readlink, __len, sizeof (char),
__glibc_objsize (__buf),
@@ -72,9 +93,13 @@ __NTH (readlink (const char *__restrict __path, char *__restrict __buf,
#endif
#ifdef __USE_ATFILE
-__fortify_function __nonnull ((2, 3)) __wur ssize_t
+__fortify_function __attribute_overloadable__ __nonnull ((2, 3)) __wur ssize_t
__NTH (readlinkat (int __fd, const char *__restrict __path,
- char *__restrict __buf, size_t __len))
+ __fortify_clang_overload_arg0 (char *, __restrict, __buf),
+ size_t __len))
+ __fortify_clang_warning_only_if_bos_lt (__len, __buf,
+ "readlinkat called with bigger length "
+ "than size of destination buffer")
{
return __glibc_fortify (readlinkat, __len, sizeof (char),
__glibc_objsize (__buf),
@@ -82,8 +107,11 @@ __NTH (readlinkat (int __fd, const char *__restrict __path,
}
#endif
-__fortify_function __wur char *
-__NTH (getcwd (char *__buf, size_t __size))
+__fortify_function __attribute_overloadable__ __wur char *
+__NTH (getcwd (__fortify_clang_overload_arg (char *, , __buf), size_t __size))
+ __fortify_clang_warning_only_if_bos_lt (__size, __buf,
+ "getcwd called with bigger length "
+ "than size of destination buffer")
{
return __glibc_fortify (getcwd, __size, sizeof (char),
__glibc_objsize (__buf),
@@ -91,8 +119,9 @@ __NTH (getcwd (char *__buf, size_t __size))
}
#if defined __USE_MISC || defined __USE_XOPEN_EXTENDED
-__fortify_function __nonnull ((1)) __attribute_deprecated__ __wur char *
-__NTH (getwd (char *__buf))
+__fortify_function __attribute_overloadable__ __nonnull ((1))
+__attribute_deprecated__ __wur char *
+__NTH (getwd (__fortify_clang_overload_arg (char *,, __buf)))
{
if (__glibc_objsize (__buf) != (size_t) -1)
return __getwd_chk (__buf, __glibc_objsize (__buf));
@@ -100,8 +129,12 @@ __NTH (getwd (char *__buf))
}
#endif
-__fortify_function size_t
-__NTH (confstr (int __name, char *__buf, size_t __len))
+__fortify_function __attribute_overloadable__ size_t
+__NTH (confstr (int __name, __fortify_clang_overload_arg (char *, ,__buf),
+ size_t __len))
+ __fortify_clang_warning_only_if_bos_lt (__len, __buf,
+ "confstr called with bigger length than "
+ "size of destination buffer")
{
return __glibc_fortify (confstr, __len, sizeof (char),
__glibc_objsize (__buf),
@@ -109,8 +142,13 @@ __NTH (confstr (int __name, char *__buf, size_t __len))
}
-__fortify_function int
-__NTH (getgroups (int __size, __gid_t __list[]))
+__fortify_function __attribute_overloadable__ int
+__NTH (getgroups (int __size,
+ __fortify_clang_overload_arg (__gid_t *, , __list)))
+ __fortify_clang_warning_only_if_bos_lt (__size * sizeof (__gid_t), __list,
+ "getgroups called with bigger group "
+ "count than what can fit into "
+ "destination buffer")
{
return __glibc_fortify (getgroups, __size, sizeof (__gid_t),
__glibc_objsize (__list),
@@ -118,8 +156,13 @@ __NTH (getgroups (int __size, __gid_t __list[]))
}
-__fortify_function int
-__NTH (ttyname_r (int __fd, char *__buf, size_t __buflen))
+__fortify_function __attribute_overloadable__ int
+__NTH (ttyname_r (int __fd,
+ __fortify_clang_overload_arg (char *, ,__buf),
+ size_t __buflen))
+ __fortify_clang_warning_only_if_bos_lt (__buflen, __buf,
+ "ttyname_r called with bigger buflen "
+ "than size of destination buffer")
{
return __glibc_fortify (ttyname_r, __buflen, sizeof (char),
__glibc_objsize (__buf),
@@ -128,8 +171,11 @@ __NTH (ttyname_r (int __fd, char *__buf, size_t __buflen))
#ifdef __USE_POSIX199506
-__fortify_function int
-getlogin_r (char *__buf, size_t __buflen)
+__fortify_function __attribute_overloadable__ int
+getlogin_r (__fortify_clang_overload_arg (char *, ,__buf), size_t __buflen)
+ __fortify_clang_warning_only_if_bos_lt (__buflen, __buf,
+ "getlogin_r called with bigger buflen "
+ "than size of destination buffer")
{
return __glibc_fortify (getlogin_r, __buflen, sizeof (char),
__glibc_objsize (__buf),
@@ -139,8 +185,12 @@ getlogin_r (char *__buf, size_t __buflen)
#if defined __USE_MISC || defined __USE_UNIX98
-__fortify_function int
-__NTH (gethostname (char *__buf, size_t __buflen))
+__fortify_function __attribute_overloadable__ int
+__NTH (gethostname (__fortify_clang_overload_arg (char *, ,__buf),
+ size_t __buflen))
+ __fortify_clang_warning_only_if_bos_lt (__buflen, __buf,
+ "gethostname called with bigger buflen "
+ "than size of destination buffer")
{
return __glibc_fortify (gethostname, __buflen, sizeof (char),
__glibc_objsize (__buf),
@@ -150,8 +200,12 @@ __NTH (gethostname (char *__buf, size_t __buflen))
#if defined __USE_MISC || (defined __USE_XOPEN && !defined __USE_UNIX98)
-__fortify_function int
-__NTH (getdomainname (char *__buf, size_t __buflen))
+__fortify_function __attribute_overloadable__ int
+__NTH (getdomainname (__fortify_clang_overload_arg (char *, ,__buf),
+ size_t __buflen))
+ __fortify_clang_warning_only_if_bos_lt (__buflen, __buf,
+ "getdomainname called with bigger "
+ "buflen than size of destination buffer")
{
return __glibc_fortify (getdomainname, __buflen, sizeof (char),
__glibc_objsize (__buf),
^ permalink raw reply [flat|nested] 4+ messages in thread
* [glibc/azanella/clang] unistd: Improve fortify with clang
@ 2024-02-07 14:03 Adhemerval Zanella
0 siblings, 0 replies; 4+ messages in thread
From: Adhemerval Zanella @ 2024-02-07 14:03 UTC (permalink / raw)
To: glibc-cvs
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=723192e4c0425b7795ab437880aa441a5f33d6c6
commit 723192e4c0425b7795ab437880aa441a5f33d6c6
Author: Adhemerval Zanella <adhemerval.zanella@linaro.org>
Date: Tue Dec 5 10:37:25 2023 -0300
unistd: Improve fortify with clang
It improve fortify checks for read, pread, pread64, readlink,
readlinkat, getcwd, getwd, confstr, getgroups, ttyname_r, getlogin_r,
gethostname, and getdomainname. The compile and runtime checks have
similar coverage as with GCC.
Checked on aarch64, armhf, x86_64, and i686.
Diff:
---
posix/bits/unistd.h | 110 +++++++++++++++++++++++++++++++++++++++-------------
1 file changed, 82 insertions(+), 28 deletions(-)
diff --git a/posix/bits/unistd.h b/posix/bits/unistd.h
index bd209ec28e..2757b0619a 100644
--- a/posix/bits/unistd.h
+++ b/posix/bits/unistd.h
@@ -22,8 +22,12 @@
# include <bits/unistd-decl.h>
-__fortify_function __wur ssize_t
-read (int __fd, void *__buf, size_t __nbytes)
+__fortify_function __attribute_overloadable__ __wur ssize_t
+read (int __fd, __fortify_clang_overload_arg0 (void *, ,__buf), size_t __nbytes)
+ __fortify_clang_warning_only_if_bos0_lt (__nbytes, __buf,
+ "read called with bigger length than "
+ "size of the destination buffer")
+
{
return __glibc_fortify (read, __nbytes, sizeof (char),
__glibc_objsize0 (__buf),
@@ -32,16 +36,24 @@ read (int __fd, void *__buf, size_t __nbytes)
#if defined __USE_UNIX98 || defined __USE_XOPEN2K8
# ifndef __USE_FILE_OFFSET64
-__fortify_function __wur ssize_t
-pread (int __fd, void *__buf, size_t __nbytes, __off_t __offset)
+__fortify_function __attribute_overloadable__ __wur ssize_t
+pread (int __fd, __fortify_clang_overload_arg0 (void *, ,__buf),
+ size_t __nbytes, __off_t __offset)
+ __fortify_clang_warning_only_if_bos0_lt (__nbytes, __buf,
+ "pread called with bigger length than "
+ "size of the destination buffer")
{
return __glibc_fortify (pread, __nbytes, sizeof (char),
__glibc_objsize0 (__buf),
__fd, __buf, __nbytes, __offset);
}
# else
-__fortify_function __wur ssize_t
-pread (int __fd, void *__buf, size_t __nbytes, __off64_t __offset)
+__fortify_function __attribute_overloadable__ __wur ssize_t
+pread (int __fd, __fortify_clang_overload_arg0 (void *, ,__buf),
+ size_t __nbytes, __off64_t __offset)
+ __fortify_clang_warning_only_if_bos0_lt (__nbytes, __buf,
+ "pread called with bigger length than "
+ "size of the destination buffer")
{
return __glibc_fortify (pread64, __nbytes, sizeof (char),
__glibc_objsize0 (__buf),
@@ -50,8 +62,12 @@ pread (int __fd, void *__buf, size_t __nbytes, __off64_t __offset)
# endif
# ifdef __USE_LARGEFILE64
-__fortify_function __wur ssize_t
-pread64 (int __fd, void *__buf, size_t __nbytes, __off64_t __offset)
+__fortify_function __attribute_overloadable__ __wur ssize_t
+pread64 (int __fd, __fortify_clang_overload_arg0 (void *, ,__buf),
+ size_t __nbytes, __off64_t __offset)
+ __fortify_clang_warning_only_if_bos0_lt (__nbytes, __buf,
+ "pread64 called with bigger length than "
+ "size of the destination buffer")
{
return __glibc_fortify (pread64, __nbytes, sizeof (char),
__glibc_objsize0 (__buf),
@@ -61,9 +77,14 @@ pread64 (int __fd, void *__buf, size_t __nbytes, __off64_t __offset)
#endif
#if defined __USE_XOPEN_EXTENDED || defined __USE_XOPEN2K
-__fortify_function __nonnull ((1, 2)) __wur ssize_t
-__NTH (readlink (const char *__restrict __path, char *__restrict __buf,
+__fortify_function __attribute_overloadable__ __nonnull ((1, 2)) __wur ssize_t
+__NTH (readlink (const char *__restrict __path,
+ __fortify_clang_overload_arg0 (char *, __restrict, __buf),
size_t __len))
+ __fortify_clang_warning_only_if_bos_lt (__len, __buf,
+ "readlink called with bigger length "
+ "than size of destination buffer")
+
{
return __glibc_fortify (readlink, __len, sizeof (char),
__glibc_objsize (__buf),
@@ -72,9 +93,13 @@ __NTH (readlink (const char *__restrict __path, char *__restrict __buf,
#endif
#ifdef __USE_ATFILE
-__fortify_function __nonnull ((2, 3)) __wur ssize_t
+__fortify_function __attribute_overloadable__ __nonnull ((2, 3)) __wur ssize_t
__NTH (readlinkat (int __fd, const char *__restrict __path,
- char *__restrict __buf, size_t __len))
+ __fortify_clang_overload_arg0 (char *, __restrict, __buf),
+ size_t __len))
+ __fortify_clang_warning_only_if_bos_lt (__len, __buf,
+ "readlinkat called with bigger length "
+ "than size of destination buffer")
{
return __glibc_fortify (readlinkat, __len, sizeof (char),
__glibc_objsize (__buf),
@@ -82,8 +107,11 @@ __NTH (readlinkat (int __fd, const char *__restrict __path,
}
#endif
-__fortify_function __wur char *
-__NTH (getcwd (char *__buf, size_t __size))
+__fortify_function __attribute_overloadable__ __wur char *
+__NTH (getcwd (__fortify_clang_overload_arg (char *, , __buf), size_t __size))
+ __fortify_clang_warning_only_if_bos_lt (__size, __buf,
+ "getcwd called with bigger length "
+ "than size of destination buffer")
{
return __glibc_fortify (getcwd, __size, sizeof (char),
__glibc_objsize (__buf),
@@ -91,8 +119,9 @@ __NTH (getcwd (char *__buf, size_t __size))
}
#if defined __USE_MISC || defined __USE_XOPEN_EXTENDED
-__fortify_function __nonnull ((1)) __attribute_deprecated__ __wur char *
-__NTH (getwd (char *__buf))
+__fortify_function __attribute_overloadable__ __nonnull ((1))
+__attribute_deprecated__ __wur char *
+__NTH (getwd (__fortify_clang_overload_arg (char *,, __buf)))
{
if (__glibc_objsize (__buf) != (size_t) -1)
return __getwd_chk (__buf, __glibc_objsize (__buf));
@@ -100,8 +129,12 @@ __NTH (getwd (char *__buf))
}
#endif
-__fortify_function size_t
-__NTH (confstr (int __name, char *__buf, size_t __len))
+__fortify_function __attribute_overloadable__ size_t
+__NTH (confstr (int __name, __fortify_clang_overload_arg (char *, ,__buf),
+ size_t __len))
+ __fortify_clang_warning_only_if_bos_lt (__len, __buf,
+ "confstr called with bigger length than "
+ "size of destination buffer")
{
return __glibc_fortify (confstr, __len, sizeof (char),
__glibc_objsize (__buf),
@@ -109,8 +142,13 @@ __NTH (confstr (int __name, char *__buf, size_t __len))
}
-__fortify_function int
-__NTH (getgroups (int __size, __gid_t __list[]))
+__fortify_function __attribute_overloadable__ int
+__NTH (getgroups (int __size,
+ __fortify_clang_overload_arg (__gid_t *, , __list)))
+ __fortify_clang_warning_only_if_bos_lt (__size * sizeof (__gid_t), __list,
+ "getgroups called with bigger group "
+ "count than what can fit into "
+ "destination buffer")
{
return __glibc_fortify (getgroups, __size, sizeof (__gid_t),
__glibc_objsize (__list),
@@ -118,8 +156,13 @@ __NTH (getgroups (int __size, __gid_t __list[]))
}
-__fortify_function int
-__NTH (ttyname_r (int __fd, char *__buf, size_t __buflen))
+__fortify_function __attribute_overloadable__ int
+__NTH (ttyname_r (int __fd,
+ __fortify_clang_overload_arg (char *, ,__buf),
+ size_t __buflen))
+ __fortify_clang_warning_only_if_bos_lt (__buflen, __buf,
+ "ttyname_r called with bigger buflen "
+ "than size of destination buffer")
{
return __glibc_fortify (ttyname_r, __buflen, sizeof (char),
__glibc_objsize (__buf),
@@ -128,8 +171,11 @@ __NTH (ttyname_r (int __fd, char *__buf, size_t __buflen))
#ifdef __USE_POSIX199506
-__fortify_function int
-getlogin_r (char *__buf, size_t __buflen)
+__fortify_function __attribute_overloadable__ int
+getlogin_r (__fortify_clang_overload_arg (char *, ,__buf), size_t __buflen)
+ __fortify_clang_warning_only_if_bos_lt (__buflen, __buf,
+ "getlogin_r called with bigger buflen "
+ "than size of destination buffer")
{
return __glibc_fortify (getlogin_r, __buflen, sizeof (char),
__glibc_objsize (__buf),
@@ -139,8 +185,12 @@ getlogin_r (char *__buf, size_t __buflen)
#if defined __USE_MISC || defined __USE_UNIX98
-__fortify_function int
-__NTH (gethostname (char *__buf, size_t __buflen))
+__fortify_function __attribute_overloadable__ int
+__NTH (gethostname (__fortify_clang_overload_arg (char *, ,__buf),
+ size_t __buflen))
+ __fortify_clang_warning_only_if_bos_lt (__buflen, __buf,
+ "gethostname called with bigger buflen "
+ "than size of destination buffer")
{
return __glibc_fortify (gethostname, __buflen, sizeof (char),
__glibc_objsize (__buf),
@@ -150,8 +200,12 @@ __NTH (gethostname (char *__buf, size_t __buflen))
#if defined __USE_MISC || (defined __USE_XOPEN && !defined __USE_UNIX98)
-__fortify_function int
-__NTH (getdomainname (char *__buf, size_t __buflen))
+__fortify_function __attribute_overloadable__ int
+__NTH (getdomainname (__fortify_clang_overload_arg (char *, ,__buf),
+ size_t __buflen))
+ __fortify_clang_warning_only_if_bos_lt (__buflen, __buf,
+ "getdomainname called with bigger "
+ "buflen than size of destination buffer")
{
return __glibc_fortify (getdomainname, __buflen, sizeof (char),
__glibc_objsize (__buf),
^ permalink raw reply [flat|nested] 4+ messages in thread
* [glibc/azanella/clang] unistd: Improve fortify with clang
@ 2024-01-29 17:53 Adhemerval Zanella
0 siblings, 0 replies; 4+ messages in thread
From: Adhemerval Zanella @ 2024-01-29 17:53 UTC (permalink / raw)
To: glibc-cvs
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=8953a08e02fd6f31294c7ff285fd5c21f46241e9
commit 8953a08e02fd6f31294c7ff285fd5c21f46241e9
Author: Adhemerval Zanella <adhemerval.zanella@linaro.org>
Date: Tue Dec 5 10:37:25 2023 -0300
unistd: Improve fortify with clang
It improve fortify checks for read, pread, pread64, readlink,
readlinkat, getcwd, getwd, confstr, getgroups, ttyname_r, getlogin_r,
gethostname, and getdomainname. The compile and runtime checks have
similar coverage as with GCC.
Checked on aarch64, armhf, x86_64, and i686.
Diff:
---
posix/bits/unistd.h | 110 +++++++++++++++++++++++++++++++++++++++-------------
1 file changed, 82 insertions(+), 28 deletions(-)
diff --git a/posix/bits/unistd.h b/posix/bits/unistd.h
index bd209ec28e..2757b0619a 100644
--- a/posix/bits/unistd.h
+++ b/posix/bits/unistd.h
@@ -22,8 +22,12 @@
# include <bits/unistd-decl.h>
-__fortify_function __wur ssize_t
-read (int __fd, void *__buf, size_t __nbytes)
+__fortify_function __attribute_overloadable__ __wur ssize_t
+read (int __fd, __fortify_clang_overload_arg0 (void *, ,__buf), size_t __nbytes)
+ __fortify_clang_warning_only_if_bos0_lt (__nbytes, __buf,
+ "read called with bigger length than "
+ "size of the destination buffer")
+
{
return __glibc_fortify (read, __nbytes, sizeof (char),
__glibc_objsize0 (__buf),
@@ -32,16 +36,24 @@ read (int __fd, void *__buf, size_t __nbytes)
#if defined __USE_UNIX98 || defined __USE_XOPEN2K8
# ifndef __USE_FILE_OFFSET64
-__fortify_function __wur ssize_t
-pread (int __fd, void *__buf, size_t __nbytes, __off_t __offset)
+__fortify_function __attribute_overloadable__ __wur ssize_t
+pread (int __fd, __fortify_clang_overload_arg0 (void *, ,__buf),
+ size_t __nbytes, __off_t __offset)
+ __fortify_clang_warning_only_if_bos0_lt (__nbytes, __buf,
+ "pread called with bigger length than "
+ "size of the destination buffer")
{
return __glibc_fortify (pread, __nbytes, sizeof (char),
__glibc_objsize0 (__buf),
__fd, __buf, __nbytes, __offset);
}
# else
-__fortify_function __wur ssize_t
-pread (int __fd, void *__buf, size_t __nbytes, __off64_t __offset)
+__fortify_function __attribute_overloadable__ __wur ssize_t
+pread (int __fd, __fortify_clang_overload_arg0 (void *, ,__buf),
+ size_t __nbytes, __off64_t __offset)
+ __fortify_clang_warning_only_if_bos0_lt (__nbytes, __buf,
+ "pread called with bigger length than "
+ "size of the destination buffer")
{
return __glibc_fortify (pread64, __nbytes, sizeof (char),
__glibc_objsize0 (__buf),
@@ -50,8 +62,12 @@ pread (int __fd, void *__buf, size_t __nbytes, __off64_t __offset)
# endif
# ifdef __USE_LARGEFILE64
-__fortify_function __wur ssize_t
-pread64 (int __fd, void *__buf, size_t __nbytes, __off64_t __offset)
+__fortify_function __attribute_overloadable__ __wur ssize_t
+pread64 (int __fd, __fortify_clang_overload_arg0 (void *, ,__buf),
+ size_t __nbytes, __off64_t __offset)
+ __fortify_clang_warning_only_if_bos0_lt (__nbytes, __buf,
+ "pread64 called with bigger length than "
+ "size of the destination buffer")
{
return __glibc_fortify (pread64, __nbytes, sizeof (char),
__glibc_objsize0 (__buf),
@@ -61,9 +77,14 @@ pread64 (int __fd, void *__buf, size_t __nbytes, __off64_t __offset)
#endif
#if defined __USE_XOPEN_EXTENDED || defined __USE_XOPEN2K
-__fortify_function __nonnull ((1, 2)) __wur ssize_t
-__NTH (readlink (const char *__restrict __path, char *__restrict __buf,
+__fortify_function __attribute_overloadable__ __nonnull ((1, 2)) __wur ssize_t
+__NTH (readlink (const char *__restrict __path,
+ __fortify_clang_overload_arg0 (char *, __restrict, __buf),
size_t __len))
+ __fortify_clang_warning_only_if_bos_lt (__len, __buf,
+ "readlink called with bigger length "
+ "than size of destination buffer")
+
{
return __glibc_fortify (readlink, __len, sizeof (char),
__glibc_objsize (__buf),
@@ -72,9 +93,13 @@ __NTH (readlink (const char *__restrict __path, char *__restrict __buf,
#endif
#ifdef __USE_ATFILE
-__fortify_function __nonnull ((2, 3)) __wur ssize_t
+__fortify_function __attribute_overloadable__ __nonnull ((2, 3)) __wur ssize_t
__NTH (readlinkat (int __fd, const char *__restrict __path,
- char *__restrict __buf, size_t __len))
+ __fortify_clang_overload_arg0 (char *, __restrict, __buf),
+ size_t __len))
+ __fortify_clang_warning_only_if_bos_lt (__len, __buf,
+ "readlinkat called with bigger length "
+ "than size of destination buffer")
{
return __glibc_fortify (readlinkat, __len, sizeof (char),
__glibc_objsize (__buf),
@@ -82,8 +107,11 @@ __NTH (readlinkat (int __fd, const char *__restrict __path,
}
#endif
-__fortify_function __wur char *
-__NTH (getcwd (char *__buf, size_t __size))
+__fortify_function __attribute_overloadable__ __wur char *
+__NTH (getcwd (__fortify_clang_overload_arg (char *, , __buf), size_t __size))
+ __fortify_clang_warning_only_if_bos_lt (__size, __buf,
+ "getcwd called with bigger length "
+ "than size of destination buffer")
{
return __glibc_fortify (getcwd, __size, sizeof (char),
__glibc_objsize (__buf),
@@ -91,8 +119,9 @@ __NTH (getcwd (char *__buf, size_t __size))
}
#if defined __USE_MISC || defined __USE_XOPEN_EXTENDED
-__fortify_function __nonnull ((1)) __attribute_deprecated__ __wur char *
-__NTH (getwd (char *__buf))
+__fortify_function __attribute_overloadable__ __nonnull ((1))
+__attribute_deprecated__ __wur char *
+__NTH (getwd (__fortify_clang_overload_arg (char *,, __buf)))
{
if (__glibc_objsize (__buf) != (size_t) -1)
return __getwd_chk (__buf, __glibc_objsize (__buf));
@@ -100,8 +129,12 @@ __NTH (getwd (char *__buf))
}
#endif
-__fortify_function size_t
-__NTH (confstr (int __name, char *__buf, size_t __len))
+__fortify_function __attribute_overloadable__ size_t
+__NTH (confstr (int __name, __fortify_clang_overload_arg (char *, ,__buf),
+ size_t __len))
+ __fortify_clang_warning_only_if_bos_lt (__len, __buf,
+ "confstr called with bigger length than "
+ "size of destination buffer")
{
return __glibc_fortify (confstr, __len, sizeof (char),
__glibc_objsize (__buf),
@@ -109,8 +142,13 @@ __NTH (confstr (int __name, char *__buf, size_t __len))
}
-__fortify_function int
-__NTH (getgroups (int __size, __gid_t __list[]))
+__fortify_function __attribute_overloadable__ int
+__NTH (getgroups (int __size,
+ __fortify_clang_overload_arg (__gid_t *, , __list)))
+ __fortify_clang_warning_only_if_bos_lt (__size * sizeof (__gid_t), __list,
+ "getgroups called with bigger group "
+ "count than what can fit into "
+ "destination buffer")
{
return __glibc_fortify (getgroups, __size, sizeof (__gid_t),
__glibc_objsize (__list),
@@ -118,8 +156,13 @@ __NTH (getgroups (int __size, __gid_t __list[]))
}
-__fortify_function int
-__NTH (ttyname_r (int __fd, char *__buf, size_t __buflen))
+__fortify_function __attribute_overloadable__ int
+__NTH (ttyname_r (int __fd,
+ __fortify_clang_overload_arg (char *, ,__buf),
+ size_t __buflen))
+ __fortify_clang_warning_only_if_bos_lt (__buflen, __buf,
+ "ttyname_r called with bigger buflen "
+ "than size of destination buffer")
{
return __glibc_fortify (ttyname_r, __buflen, sizeof (char),
__glibc_objsize (__buf),
@@ -128,8 +171,11 @@ __NTH (ttyname_r (int __fd, char *__buf, size_t __buflen))
#ifdef __USE_POSIX199506
-__fortify_function int
-getlogin_r (char *__buf, size_t __buflen)
+__fortify_function __attribute_overloadable__ int
+getlogin_r (__fortify_clang_overload_arg (char *, ,__buf), size_t __buflen)
+ __fortify_clang_warning_only_if_bos_lt (__buflen, __buf,
+ "getlogin_r called with bigger buflen "
+ "than size of destination buffer")
{
return __glibc_fortify (getlogin_r, __buflen, sizeof (char),
__glibc_objsize (__buf),
@@ -139,8 +185,12 @@ getlogin_r (char *__buf, size_t __buflen)
#if defined __USE_MISC || defined __USE_UNIX98
-__fortify_function int
-__NTH (gethostname (char *__buf, size_t __buflen))
+__fortify_function __attribute_overloadable__ int
+__NTH (gethostname (__fortify_clang_overload_arg (char *, ,__buf),
+ size_t __buflen))
+ __fortify_clang_warning_only_if_bos_lt (__buflen, __buf,
+ "gethostname called with bigger buflen "
+ "than size of destination buffer")
{
return __glibc_fortify (gethostname, __buflen, sizeof (char),
__glibc_objsize (__buf),
@@ -150,8 +200,12 @@ __NTH (gethostname (char *__buf, size_t __buflen))
#if defined __USE_MISC || (defined __USE_XOPEN && !defined __USE_UNIX98)
-__fortify_function int
-__NTH (getdomainname (char *__buf, size_t __buflen))
+__fortify_function __attribute_overloadable__ int
+__NTH (getdomainname (__fortify_clang_overload_arg (char *, ,__buf),
+ size_t __buflen))
+ __fortify_clang_warning_only_if_bos_lt (__buflen, __buf,
+ "getdomainname called with bigger "
+ "buflen than size of destination buffer")
{
return __glibc_fortify (getdomainname, __buflen, sizeof (char),
__glibc_objsize (__buf),
^ permalink raw reply [flat|nested] 4+ messages in thread
* [glibc/azanella/clang] unistd: Improve fortify with clang
@ 2023-12-21 18:50 Adhemerval Zanella
0 siblings, 0 replies; 4+ messages in thread
From: Adhemerval Zanella @ 2023-12-21 18:50 UTC (permalink / raw)
To: glibc-cvs
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=0403e35c83ef047f22c2d754461657410f297a92
commit 0403e35c83ef047f22c2d754461657410f297a92
Author: Adhemerval Zanella <adhemerval.zanella@linaro.org>
Date: Tue Dec 5 10:37:25 2023 -0300
unistd: Improve fortify with clang
It improve fortify checks for read, pread, pread64, readlink,
readlinkat, getcwd, getwd, confstr, getgroups, ttyname_r, getlogin_r,
gethostname, and getdomainname. The compile and runtime checks have
similar coverage as with GCC.
Checked on aarch64, armhf, x86_64, and i686.
Diff:
---
posix/bits/unistd.h | 110 +++++++++++++++++++++++++++++++++++++++-------------
1 file changed, 82 insertions(+), 28 deletions(-)
diff --git a/posix/bits/unistd.h b/posix/bits/unistd.h
index 6a381116a9..cc19865348 100644
--- a/posix/bits/unistd.h
+++ b/posix/bits/unistd.h
@@ -22,8 +22,12 @@
# include <bits/unistd-decl.h>
-__fortify_function __wur ssize_t
-read (int __fd, void *__buf, size_t __nbytes)
+__fortify_function __attribute_overloadable__ __wur ssize_t
+read (int __fd, __fortify_clang_overload_arg0 (void *, ,__buf), size_t __nbytes)
+ __fortify_clang_warning_only_if_bos0_lt (__nbytes, __buf,
+ "read called with bigger length than "
+ "size of the destination buffer")
+
{
return __glibc_fortify (read, __nbytes, sizeof (char),
__glibc_objsize0 (__buf),
@@ -32,16 +36,24 @@ read (int __fd, void *__buf, size_t __nbytes)
#if defined __USE_UNIX98 || defined __USE_XOPEN2K8
# ifndef __USE_FILE_OFFSET64
-__fortify_function __wur ssize_t
-pread (int __fd, void *__buf, size_t __nbytes, __off_t __offset)
+__fortify_function __attribute_overloadable__ __wur ssize_t
+pread (int __fd, __fortify_clang_overload_arg0 (void *, ,__buf),
+ size_t __nbytes, __off_t __offset)
+ __fortify_clang_warning_only_if_bos0_lt (__nbytes, __buf,
+ "pread called with bigger length than "
+ "size of the destination buffer")
{
return __glibc_fortify (pread, __nbytes, sizeof (char),
__glibc_objsize0 (__buf),
__fd, __buf, __nbytes, __offset);
}
# else
-__fortify_function __wur ssize_t
-pread (int __fd, void *__buf, size_t __nbytes, __off64_t __offset)
+__fortify_function __attribute_overloadable__ __wur ssize_t
+pread (int __fd, __fortify_clang_overload_arg0 (void *, ,__buf),
+ size_t __nbytes, __off64_t __offset)
+ __fortify_clang_warning_only_if_bos0_lt (__nbytes, __buf,
+ "pread called with bigger length than "
+ "size of the destination buffer")
{
return __glibc_fortify (pread64, __nbytes, sizeof (char),
__glibc_objsize0 (__buf),
@@ -50,8 +62,12 @@ pread (int __fd, void *__buf, size_t __nbytes, __off64_t __offset)
# endif
# ifdef __USE_LARGEFILE64
-__fortify_function __wur ssize_t
-pread64 (int __fd, void *__buf, size_t __nbytes, __off64_t __offset)
+__fortify_function __attribute_overloadable__ __wur ssize_t
+pread64 (int __fd, __fortify_clang_overload_arg0 (void *, ,__buf),
+ size_t __nbytes, __off64_t __offset)
+ __fortify_clang_warning_only_if_bos0_lt (__nbytes, __buf,
+ "pread64 called with bigger length than "
+ "size of the destination buffer")
{
return __glibc_fortify (pread64, __nbytes, sizeof (char),
__glibc_objsize0 (__buf),
@@ -61,9 +77,14 @@ pread64 (int __fd, void *__buf, size_t __nbytes, __off64_t __offset)
#endif
#if defined __USE_XOPEN_EXTENDED || defined __USE_XOPEN2K
-__fortify_function __nonnull ((1, 2)) __wur ssize_t
-__NTH (readlink (const char *__restrict __path, char *__restrict __buf,
+__fortify_function __attribute_overloadable__ __nonnull ((1, 2)) __wur ssize_t
+__NTH (readlink (const char *__restrict __path,
+ __fortify_clang_overload_arg0 (char *, __restrict, __buf),
size_t __len))
+ __fortify_clang_warning_only_if_bos_lt (__len, __buf,
+ "readlink called with bigger length "
+ "than size of destination buffer")
+
{
return __glibc_fortify (readlink, __len, sizeof (char),
__glibc_objsize (__buf),
@@ -72,9 +93,13 @@ __NTH (readlink (const char *__restrict __path, char *__restrict __buf,
#endif
#ifdef __USE_ATFILE
-__fortify_function __nonnull ((2, 3)) __wur ssize_t
+__fortify_function __attribute_overloadable__ __nonnull ((2, 3)) __wur ssize_t
__NTH (readlinkat (int __fd, const char *__restrict __path,
- char *__restrict __buf, size_t __len))
+ __fortify_clang_overload_arg0 (char *, __restrict, __buf),
+ size_t __len))
+ __fortify_clang_warning_only_if_bos_lt (__len, __buf,
+ "readlinkat called with bigger length "
+ "than size of destination buffer")
{
return __glibc_fortify (readlinkat, __len, sizeof (char),
__glibc_objsize (__buf),
@@ -82,8 +107,11 @@ __NTH (readlinkat (int __fd, const char *__restrict __path,
}
#endif
-__fortify_function __wur char *
-__NTH (getcwd (char *__buf, size_t __size))
+__fortify_function __attribute_overloadable__ __wur char *
+__NTH (getcwd (__fortify_clang_overload_arg (char *, , __buf), size_t __size))
+ __fortify_clang_warning_only_if_bos_lt (__size, __buf,
+ "getcwd called with bigger length "
+ "than size of destination buffer")
{
return __glibc_fortify (getcwd, __size, sizeof (char),
__glibc_objsize (__buf),
@@ -91,8 +119,9 @@ __NTH (getcwd (char *__buf, size_t __size))
}
#if defined __USE_MISC || defined __USE_XOPEN_EXTENDED
-__fortify_function __nonnull ((1)) __attribute_deprecated__ __wur char *
-__NTH (getwd (char *__buf))
+__fortify_function __attribute_overloadable__ __nonnull ((1))
+__attribute_deprecated__ __wur char *
+__NTH (getwd (__fortify_clang_overload_arg (char *,, __buf)))
{
if (__glibc_objsize (__buf) != (size_t) -1)
return __getwd_chk (__buf, __glibc_objsize (__buf));
@@ -100,8 +129,12 @@ __NTH (getwd (char *__buf))
}
#endif
-__fortify_function size_t
-__NTH (confstr (int __name, char *__buf, size_t __len))
+__fortify_function __attribute_overloadable__ size_t
+__NTH (confstr (int __name, __fortify_clang_overload_arg (char *, ,__buf),
+ size_t __len))
+ __fortify_clang_warning_only_if_bos_lt (__len, __buf,
+ "confstr called with bigger length than "
+ "size of destination buffer")
{
return __glibc_fortify (confstr, __len, sizeof (char),
__glibc_objsize (__buf),
@@ -109,8 +142,13 @@ __NTH (confstr (int __name, char *__buf, size_t __len))
}
-__fortify_function int
-__NTH (getgroups (int __size, __gid_t __list[]))
+__fortify_function __attribute_overloadable__ int
+__NTH (getgroups (int __size,
+ __fortify_clang_overload_arg (__gid_t *, , __list)))
+ __fortify_clang_warning_only_if_bos_lt (__size * sizeof (__gid_t), __list,
+ "getgroups called with bigger group "
+ "count than what can fit into "
+ "destination buffer")
{
return __glibc_fortify (getgroups, __size, sizeof (__gid_t),
__glibc_objsize (__list),
@@ -118,8 +156,13 @@ __NTH (getgroups (int __size, __gid_t __list[]))
}
-__fortify_function int
-__NTH (ttyname_r (int __fd, char *__buf, size_t __buflen))
+__fortify_function __attribute_overloadable__ int
+__NTH (ttyname_r (int __fd,
+ __fortify_clang_overload_arg (char *, ,__buf),
+ size_t __buflen))
+ __fortify_clang_warning_only_if_bos_lt (__buflen, __buf,
+ "ttyname_r called with bigger buflen "
+ "than size of destination buffer")
{
return __glibc_fortify (ttyname_r, __buflen, sizeof (char),
__glibc_objsize (__buf),
@@ -128,8 +171,11 @@ __NTH (ttyname_r (int __fd, char *__buf, size_t __buflen))
#ifdef __USE_POSIX199506
-__fortify_function int
-getlogin_r (char *__buf, size_t __buflen)
+__fortify_function __attribute_overloadable__ int
+getlogin_r (__fortify_clang_overload_arg (char *, ,__buf), size_t __buflen)
+ __fortify_clang_warning_only_if_bos_lt (__buflen, __buf,
+ "getlogin_r called with bigger buflen "
+ "than size of destination buffer")
{
return __glibc_fortify (getlogin_r, __buflen, sizeof (char),
__glibc_objsize (__buf),
@@ -139,8 +185,12 @@ getlogin_r (char *__buf, size_t __buflen)
#if defined __USE_MISC || defined __USE_UNIX98
-__fortify_function int
-__NTH (gethostname (char *__buf, size_t __buflen))
+__fortify_function __attribute_overloadable__ int
+__NTH (gethostname (__fortify_clang_overload_arg (char *, ,__buf),
+ size_t __buflen))
+ __fortify_clang_warning_only_if_bos_lt (__buflen, __buf,
+ "gethostname called with bigger buflen "
+ "than size of destination buffer")
{
return __glibc_fortify (gethostname, __buflen, sizeof (char),
__glibc_objsize (__buf),
@@ -150,8 +200,12 @@ __NTH (gethostname (char *__buf, size_t __buflen))
#if defined __USE_MISC || (defined __USE_XOPEN && !defined __USE_UNIX98)
-__fortify_function int
-__NTH (getdomainname (char *__buf, size_t __buflen))
+__fortify_function __attribute_overloadable__ int
+__NTH (getdomainname (__fortify_clang_overload_arg (char *, ,__buf),
+ size_t __buflen))
+ __fortify_clang_warning_only_if_bos_lt (__buflen, __buf,
+ "getdomainname called with bigger "
+ "buflen than size of destination buffer")
{
return __glibc_fortify (getdomainname, __buflen, sizeof (char),
__glibc_objsize (__buf),
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2024-02-09 17:28 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2024-02-09 17:28 [glibc/azanella/clang] unistd: Improve fortify with clang Adhemerval Zanella
-- strict thread matches above, loose matches on Subject: below --
2024-02-07 14:03 Adhemerval Zanella
2024-01-29 17:53 Adhemerval Zanella
2023-12-21 18:50 Adhemerval Zanella
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).