From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <siddhesh@sourceware.org>
Received: by sourceware.org (Postfix, from userid 2206)
	id 7DF173858C52; Wed, 28 Feb 2024 13:35:48 +0000 (GMT)
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 7DF173858C52
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sourceware.org;
	s=default; t=1709127348;
	bh=mvFjlJ8HQxRRDog4nWNkKfsDdfAbc6nSj0JPRdHgcUM=;
	h=From:To:Subject:Date:From;
	b=E1snfVhRybPsDbNamkwnQKSYEy4nf+6RpXBaHwuOFegJwbzYwWJqGamImvR0/qQzp
	 9usUXP+T31gOYY2/or5ZUXIJyDLi5aHkNhhkcuNWhXWUmPkr7QTtvW5vBI5fn+YOfr
	 EWmcwkIYbmoVeMToIx+IjQHkTllhgta28XoEsd1s=
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: Siddhesh Poyarekar <siddhesh@sourceware.org>
To: glibc-cvs@sourceware.org
Subject: [glibc] cdefs: Drop access attribute for _FORTIFY_SOURCE=3 (BZ #31383)
X-Act-Checkin: glibc
X-Git-Author: Siddhesh Poyarekar <siddhesh@sourceware.org>
X-Git-Refname: refs/heads/master
X-Git-Oldrev: b53e73ea809adac9be6b7808299f6741ea798e50
X-Git-Newrev: bf9688e623262c5fa9f91e4de0e84db45025076f
Message-Id: <20240228133548.7DF173858C52@sourceware.org>
Date: Wed, 28 Feb 2024 13:35:48 +0000 (GMT)
List-Id: <glibc-cvs.sourceware.org>

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=bf9688e623262c5fa9f91e4de0e84db45025076f

commit bf9688e623262c5fa9f91e4de0e84db45025076f
Author: Siddhesh Poyarekar <siddhesh@sourceware.org>
Date:   Thu Feb 15 07:40:56 2024 -0500

    cdefs: Drop access attribute for _FORTIFY_SOURCE=3 (BZ #31383)
    
    When passed a pointer to a zero-sized struct, the access attribute
    without the third argument misleads -Wstringop-overflow diagnostics to
    think that a function is writing 1 byte into the zero-sized structs.
    The attribute doesn't add that much value in this context, so drop it
    completely for _FORTIFY_SOURCE=3.
    
    Resolves: BZ #31383
    Signed-off-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
    Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>

Diff:
---
 io/Makefile        |  2 ++
 io/tst-read-zero.c | 39 +++++++++++++++++++++++++++++++++++++++
 misc/sys/cdefs.h   |  6 +++---
 3 files changed, 44 insertions(+), 3 deletions(-)

diff --git a/io/Makefile b/io/Makefile
index 54d950d51f..19932d50f7 100644
--- a/io/Makefile
+++ b/io/Makefile
@@ -215,6 +215,7 @@ tests := \
   tst-openat \
   tst-posix_fallocate \
   tst-posix_fallocate64 \
+  tst-read-zero \
   tst-readlinkat \
   tst-renameat \
   tst-stat \
@@ -290,6 +291,7 @@ CFLAGS-read.c += -fexceptions -fasynchronous-unwind-tables $(config-cflags-wno-i
 CFLAGS-write.c += -fexceptions -fasynchronous-unwind-tables $(config-cflags-wno-ignored-attributes)
 CFLAGS-close.c += -fexceptions -fasynchronous-unwind-tables
 CFLAGS-lseek64.c += $(config-cflags-wno-ignored-attributes)
+CFLAGS-tst-read-zero.c += $(no-fortify-source),-D_FORTIFY_SOURCE=$(supported-fortify)
 
 CFLAGS-test-stat.c += -D_FILE_OFFSET_BITS=64 -D_LARGEFILE64_SOURCE
 CFLAGS-test-lfs.c += -D_LARGEFILE64_SOURCE
diff --git a/io/tst-read-zero.c b/io/tst-read-zero.c
new file mode 100644
index 0000000000..8d1d30a543
--- /dev/null
+++ b/io/tst-read-zero.c
@@ -0,0 +1,39 @@
+/* read smoke test for 0-sized structures.
+   Copyright The GNU Toolchain Authors.
+   This file is part of the GNU C Library.
+
+   The GNU C Library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Lesser General Public
+   License as published by the Free Software Foundation; either
+   version 2.1 of the License, or (at your option) any later version.
+
+   The GNU C Library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Lesser General Public License for more details.
+
+   You should have received a copy of the GNU Lesser General Public
+   License along with the GNU C Library; if not, see
+   <https://www.gnu.org/licenses/>.  */
+
+/* Zero-sized structures should not result in any overflow warnings or
+   errors when fortification is enabled.  */
+#include <fcntl.h>
+#include <stdio.h>
+#include <unistd.h>
+#include <support/check.h>
+
+int
+do_test (void)
+{
+  struct test_st {} test_info[16];
+  int fd = open ("/dev/zero", O_RDONLY, 0);
+
+  if (fd == -1)
+    FAIL_UNSUPPORTED ("Unable to open /dev/zero: %m");
+
+  TEST_VERIFY_EXIT (read (fd, test_info, sizeof(test_info)) == 0);
+  return 0;
+}
+
+#include <support/test-driver.c>
diff --git a/misc/sys/cdefs.h b/misc/sys/cdefs.h
index 6b03417453..2e8279a2c7 100644
--- a/misc/sys/cdefs.h
+++ b/misc/sys/cdefs.h
@@ -837,10 +837,10 @@ _Static_assert (0, "IEEE 128-bits long double requires redirection on this platf
 #  define __attr_access(x) __attribute__ ((__access__ x))
 /* For _FORTIFY_SOURCE == 3 we use __builtin_dynamic_object_size, which may
    use the access attribute to get object sizes from function definition
-   arguments, so we can't use them on functions we fortify.  Drop the object
-   size hints for such functions.  */
+   arguments, so we can't use them on functions we fortify.  Drop the access
+   attribute for such functions.  */
 #  if __USE_FORTIFY_LEVEL == 3
-#    define __fortified_attr_access(a, o, s) __attribute__ ((__access__ (a, o)))
+#    define __fortified_attr_access(a, o, s)
 #  else
 #    define __fortified_attr_access(a, o, s) __attr_access ((a, o, s))
 #  endif