* [PATCH] scripts: Add fortify checks on installed headers
@ 2023-06-20 19:55 Adhemerval Zanella
2023-07-10 14:10 ` Carlos O'Donell
0 siblings, 1 reply; 2+ messages in thread
From: Adhemerval Zanella @ 2023-06-20 19:55 UTC (permalink / raw)
To: libc-alpha
The _FORTIFY_SOURCE is used as default by some system compilers,
and there is no way to check if some fortify extension does not
trigger any conformance issue.
Checked on x86_64-linux-gnu.
---
| 36 +++++++++++++++++++-----------
1 file changed, 23 insertions(+), 13 deletions(-)
--git a/scripts/check-installed-headers.sh b/scripts/check-installed-headers.sh
index 5a50a491ca..23506a2514 100644
--- a/scripts/check-installed-headers.sh
+++ b/scripts/check-installed-headers.sh
@@ -29,6 +29,9 @@ cxx_modes="-std=c++98 -std=gnu++98 -std=c++11 -std=gnu++11"
# These are probably the most commonly used three.
lib_modes="-D_DEFAULT_SOURCE=1 -D_GNU_SOURCE=1 -D_XOPEN_SOURCE=700"
+# Also check for fortify modes, since it might be enabled as default.
+fortify_modes="1 2 3"
+
if [ $# -lt 3 ]; then
echo "usage: $0 c|c++ \"compile command\" header header header..." >&2
exit 2
@@ -100,29 +103,36 @@ EOF
echo :: "$header"
for lang_mode in "" $lang_modes; do
for lib_mode in "" $lib_modes; do
- echo :::: $lang_mode $lib_mode
- if [ -z "$lib_mode" ]; then
- expanded_lib_mode='/* default library mode */'
- else
- expanded_lib_mode=$(echo : $lib_mode | \
- sed 's/^: -D/#define /; s/=/ /')
- fi
- cat >"$cih_test_c" <<EOF
+ for fortify_mode in "" $fortify_modes; do
+ echo :::: $lang_mode $lib_mode $fortify_mode
+ if [ -z "$lib_mode" ]; then
+ expanded_lib_mode='/* default library mode */'
+ else
+ expanded_lib_mode=$(echo : $lib_mode | \
+ sed 's/^: -D/#define /; s/=/ /')
+ fi
+ if [ ! -z $fortify_mode ]; then
+ fortify_mode="#define _FORTIFY_SOURCE $fortify_mode"
+ fi
+ cat >"$cih_test_c" <<EOF
/* These macros may have been defined on the command line. They are
inappropriate for this test. */
#undef _LIBC
#undef _GNU_SOURCE
+#undef _FORTIFY_SOURCE
+$fortify_mode
/* The library mode is selected here rather than on the command line to
ensure that this selection wins. */
$expanded_lib_mode
#include <$header>
int avoid_empty_translation_unit;
EOF
- if $cc_cmd -finput-charset=ascii -fsyntax-only $lang_mode \
- "$cih_test_c" 2>&1
- then :
- else failed=1
- fi
+ if $cc_cmd -finput-charset=ascii -fsyntax-only $lang_mode \
+ "$cih_test_c" 2>&1
+ then :
+ else failed=1
+ fi
+ done
done
done
done
--
2.34.1
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: [PATCH] scripts: Add fortify checks on installed headers
2023-06-20 19:55 [PATCH] scripts: Add fortify checks on installed headers Adhemerval Zanella
@ 2023-07-10 14:10 ` Carlos O'Donell
0 siblings, 0 replies; 2+ messages in thread
From: Carlos O'Donell @ 2023-07-10 14:10 UTC (permalink / raw)
To: Adhemerval Zanella, libc-alpha
On 6/20/23 15:55, Adhemerval Zanella via Libc-alpha wrote:
> The _FORTIFY_SOURCE is used as default by some system compilers,
> and there is no way to check if some fortify extension does not
> trigger any conformance issue.
>
> Checked on x86_64-linux-gnu.
LGTM. Increases coverage. Thank you!
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
> ---
> scripts/check-installed-headers.sh | 36 +++++++++++++++++++-----------
> 1 file changed, 23 insertions(+), 13 deletions(-)
>
> diff --git a/scripts/check-installed-headers.sh b/scripts/check-installed-headers.sh
> index 5a50a491ca..23506a2514 100644
> --- a/scripts/check-installed-headers.sh
> +++ b/scripts/check-installed-headers.sh
> @@ -29,6 +29,9 @@ cxx_modes="-std=c++98 -std=gnu++98 -std=c++11 -std=gnu++11"
> # These are probably the most commonly used three.
> lib_modes="-D_DEFAULT_SOURCE=1 -D_GNU_SOURCE=1 -D_XOPEN_SOURCE=700"
>
> +# Also check for fortify modes, since it might be enabled as default.
> +fortify_modes="1 2 3"
OK. Great idea. I agree we should be checking the installed headers against 1, 2, and 3.
> +
> if [ $# -lt 3 ]; then
> echo "usage: $0 c|c++ \"compile command\" header header header..." >&2
> exit 2
> @@ -100,29 +103,36 @@ EOF
> echo :: "$header"
> for lang_mode in "" $lang_modes; do
> for lib_mode in "" $lib_modes; do
> - echo :::: $lang_mode $lib_mode
> - if [ -z "$lib_mode" ]; then
> - expanded_lib_mode='/* default library mode */'
> - else
> - expanded_lib_mode=$(echo : $lib_mode | \
> - sed 's/^: -D/#define /; s/=/ /')
> - fi
> - cat >"$cih_test_c" <<EOF
> + for fortify_mode in "" $fortify_modes; do
OK. Iterate the fortify mode.
> + echo :::: $lang_mode $lib_mode $fortify_mode
> + if [ -z "$lib_mode" ]; then
> + expanded_lib_mode='/* default library mode */'
> + else
> + expanded_lib_mode=$(echo : $lib_mode | \
> + sed 's/^: -D/#define /; s/=/ /')
> + fi
> + if [ ! -z $fortify_mode ]; then
> + fortify_mode="#define _FORTIFY_SOURCE $fortify_mode"
OK. Set $fortify_mode.
> + fi
> + cat >"$cih_test_c" <<EOF
> /* These macros may have been defined on the command line. They are
> inappropriate for this test. */
> #undef _LIBC
> #undef _GNU_SOURCE
> +#undef _FORTIFY_SOURCE
> +$fortify_mode
OK. Use $fortify_mode.
> /* The library mode is selected here rather than on the command line to
> ensure that this selection wins. */
> $expanded_lib_mode
> #include <$header>
> int avoid_empty_translation_unit;
> EOF
> - if $cc_cmd -finput-charset=ascii -fsyntax-only $lang_mode \
> - "$cih_test_c" 2>&1
> - then :
> - else failed=1
> - fi
> + if $cc_cmd -finput-charset=ascii -fsyntax-only $lang_mode \
> + "$cih_test_c" 2>&1
> + then :
> + else failed=1
> + fi
> + done
OK. Nested +1 due to iteration over fortify check.
> done
> done
> done
--
Cheers,
Carlos.
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2023-07-10 14:10 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-06-20 19:55 [PATCH] scripts: Add fortify checks on installed headers Adhemerval Zanella
2023-07-10 14:10 ` Carlos O'Donell
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).