From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from brown.birch.relay.mailchannels.net (brown.birch.relay.mailchannels.net [23.83.209.23]) by sourceware.org (Postfix) with ESMTPS id 1086D3858002 for ; Fri, 8 Apr 2022 06:03:16 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 1086D3858002 Authentication-Results: sourceware.org; dmarc=none (p=none dis=none) header.from=gotplt.org Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=gotplt.org X-Sender-Id: dreamhost|x-authsender|siddhesh@gotplt.org Received: from relay.mailchannels.net (localhost [127.0.0.1]) by relay.mailchannels.net (Postfix) with ESMTP id 6CA781211A5; Fri, 8 Apr 2022 06:03:15 +0000 (UTC) Received: from pdx1-sub0-mail-a304.dreamhost.com (unknown [127.0.0.6]) (Authenticated sender: dreamhost) by relay.mailchannels.net (Postfix) with ESMTPA id E6F5B1211EC; Fri, 8 Apr 2022 06:02:32 +0000 (UTC) ARC-Seal: i=1; s=arc-2022; d=mailchannels.net; t=1649397795; a=rsa-sha256; cv=none; b=Q2nCnIgKPHEYi4n7slYs90zXkXjU2xehkxuO7YkoAcCZKbpJCUbhYgbnp5gzb1BKVuDqV6 Ntl/YNGTgOmO7prc2aIOSWSGFoopTJVhZ+AKz8yZDgeNmXYCAH7sX/+ZFzpeCcTwkgioIR ccJi99fNKwF/gpqNKp1+lfnZwmsTXJIwRLl2ljhTJ2Qeo4sqI8b5ZpJxYVJV8Ki28Y9Rd/ 3Jt/nWNb6oaUhmdMivWK3vA3aZD/srUQ/c63PKz5LZKe77nkmsXLaHosEFqPLmIr1P3zRO 9D3ovh5Qz2zuHtgbykMUaibeBkU6E1RZsTaqeOpgT/XWBGT70mjY6rU1sQ+gkQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=mailchannels.net; s=arc-2022; t=1649397795; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=BX2hzUxBlNjQwqBMFPNe4MStSY4pDgKdvpxi3EOQw7Q=; b=7QaWzlsXI+wNWXx9GJbINC88ZCajeco6OcXNaHUx9zXLLeIHCukKj0+zcZHhKHvSHaLICw 1eGjyHmIMZ6x4vRTz/iYR+7lgPU3Rx4c3Xej94UJyFM4fbCLYNYbjcUfToKZ4ogbf63vaB tFbvJeX4+FXtlYUgXK7R88tuMuJhhkivk+s93hEI0ou2mVldhv+DP79NfC3szkotWM8OP6 wXJpQVptvZ9BugRioH07Qs+fX8CaUUj/MnmnGcJwBmVFIDEsZfBdzWL1XoZxYJoQ28Pngm PD+/b/OAnaPbc7fmHIuQ+Cg6RSNmcB1DZC8KdjRXjJ1wsdl7WlFTQIrtdcsPRQ== ARC-Authentication-Results: i=1; rspamd-68f9d8f9d5-chzkd; auth=pass smtp.auth=dreamhost smtp.mailfrom=siddhesh@gotplt.org X-Sender-Id: dreamhost|x-authsender|siddhesh@gotplt.org Received: from pdx1-sub0-mail-a304.dreamhost.com (pop.dreamhost.com [64.90.62.162]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384) by 100.107.255.155 (trex/6.7.1); Fri, 08 Apr 2022 06:03:15 +0000 X-MC-Relay: Junk X-MailChannels-SenderId: dreamhost|x-authsender|siddhesh@gotplt.org X-MailChannels-Auth-Id: dreamhost X-White-Trade: 299753ce7c4c8960_1649397795258_2940873829 X-MC-Loop-Signature: 1649397795258:3123220190 X-MC-Ingress-Time: 1649397795258 Received: from [192.168.1.174] (unknown [1.186.223.40]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) (Authenticated sender: siddhesh@gotplt.org) by pdx1-sub0-mail-a304.dreamhost.com (Postfix) with ESMTPSA id 4KZSMT1sQkz192; Thu, 7 Apr 2022 23:02:28 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gotplt.org; s=dreamhost; t=1649397751; bh=BX2hzUxBlNjQwqBMFPNe4MStSY4pDgKdvpxi3EOQw7Q=; h=Date:Subject:To:Cc:From:Content-Type:Content-Transfer-Encoding; b=iZcBFFYEeEIgRERlnvt8lzTwCPpqQ2iioqJ0DfbWMu/opLdCz8yf3aTaU+A758XBn k+JUNNZBztwL9O6Nc1Z8F64tpun7aOIhH6fdF+xtNnFt/2lqxuYN+4n3I+wXTT/8pQ A76cAkC+ojgztOpBxLbV3f8JWuJubb3qFVWbQtshZEnj5sUSMGX0AV+cyqyNR3cAVP 9Pvd9lPiyU0S8gYzzh80qPZVVzazRZp9qN597CWXmVrtoYnghgMlvNXfosD8eGkRbB 3gMuwuHlUL5nBRSZhRCyW0BsVX/4n5onXwP/HXkXinLr5t4G5Wo51MfcTPI1LcKFqG JcicTBW00PY9Q== Message-ID: <70cbbf38-2d0f-f12b-43b7-dd9503135da2@gotplt.org> Date: Fri, 8 Apr 2022 11:32:24 +0530 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.7.0 Subject: Re: [RFC] _FORTIFY_SOURCE strictness Content-Language: en-US To: Florian Weimer Cc: libc-alpha@sourceware.org, Adhemerval Zanella , Andreas Schwab , Carlos O'Donell , Jakub Jelinek , =?UTF-8?Q?Martin_Li=c5=a1ka?= References: <87o81cp249.fsf@oldenburg.str.redhat.com> From: Siddhesh Poyarekar In-Reply-To: <87o81cp249.fsf@oldenburg.str.redhat.com> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=-3032.8 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, NICE_REPLY_A, RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, SPF_HELO_NONE, SPF_PASS, TXREP, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.4 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 08 Apr 2022 06:03:20 -0000 On 08/04/2022 11:07, Florian Weimer wrote: > * Siddhesh Poyarekar: > >> This is not limited to the two known examples either; __strncpy_chk >> for example will crash if n is greater than the destination buffer >> size and is similarly prone to such false positives. One could >> envision a situation where an strncpy call is deeply nested and >> through compiler advances and attribute annotations, the callsite now >> gets precise size expressions for the call and not just an upper limit >> estimate or a (size_t)-1. > > Hmm. __strncpy_chk always fills the destination buffer, so the only > thing we can do here is to alias it to strncpy? Hmm, I think I conflated it with something other str* function. You're right, strncpy probably doesn't fall into this category. Thanks, Siddhesh