From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from albireo.enyo.de (albireo.enyo.de [37.24.231.21]) by sourceware.org (Postfix) with ESMTPS id 8CE903858D35; Fri, 24 Mar 2023 15:15:47 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 8CE903858D35 Authentication-Results: sourceware.org; dmarc=none (p=none dis=none) header.from=deneb.enyo.de Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=deneb.enyo.de Received: from [172.17.203.2] (port=37643 helo=deneb.enyo.de) by albireo.enyo.de ([172.17.140.2]) with esmtps (TLS1.3:ECDHE_SECP256R1__RSA_PSS_RSAE_SHA256__AES_256_GCM:256) id 1pfj8s-00F1rp-2m; Fri, 24 Mar 2023 15:15:46 +0000 Received: from fw by deneb.enyo.de with local (Exim 4.96) (envelope-from ) id 1pfj8r-0018au-35; Fri, 24 Mar 2023 16:15:45 +0100 From: Florian Weimer To: Siddhesh Poyarekar via Libc-alpha Cc: Siddhesh Poyarekar Subject: Re: [PATCH] manual: Document __wur usage under _FORTIFY_SOURCE References: <20230324144005.26782-1-siddhesh@sourceware.org> Date: Fri, 24 Mar 2023 16:15:45 +0100 In-Reply-To: <20230324144005.26782-1-siddhesh@sourceware.org> (Siddhesh Poyarekar via Libc-alpha's message of "Fri, 24 Mar 2023 10:40:05 -0400") Message-ID: <877cv62na6.fsf@mid.deneb.enyo.de> MIME-Version: 1.0 Content-Type: text/plain X-Spam-Status: No, score=-11.8 required=5.0 tests=BAYES_00,GIT_PATCH_0,KAM_DMARC_STATUS,SPF_HELO_NONE,SPF_PASS,TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: * Siddhesh Poyarekar via Libc-alpha: > The __warn_unused_result__ attribute is only enabled when fortification > is enabled. Mention that in the document. The rationale for this is > essentially to mitigate against CWE-252: > > [1] https://cwe.mitre.org/data/definitions/252.html > > Signed-off-by: Siddhesh Poyarekar > --- > manual/maint.texi | 5 ++++- > 1 file changed, 4 insertions(+), 1 deletion(-) > > diff --git a/manual/maint.texi b/manual/maint.texi > index 76d4a1a147..ae651c2a4a 100644 > --- a/manual/maint.texi > +++ b/manual/maint.texi > @@ -206,7 +206,10 @@ to the function call are safe, the call may be replaced by a call to its > hardened variant that does additional safety checks at runtime. Some > hardened variants need the size of the buffer to perform access > validation and this is provided by the @code{__builtin_object_size} or > -the @code{__builtin_dynamic_object_size} builtin functions. > +the @code{__builtin_dynamic_object_size} builtin functions. The macro > +also enables additional compile time diagnostics, such as unchecked > +return values from some functions, to encourage developers to add error > +checking for those functions. Maybe repeat _FORTIFY_SOURCE it's been a while since it's been mentioned? Note that now that GCC supports [[nodiscard]] (with the standard way to suppress it), we could apply that to functions even outside _FORTIFY_SOURCE, I think. That's a separate matter, of course.