* [PATCH] cdefs: Drop access attribute for _FORTIFY_SOURCE=3 (BZ #31383)
@ 2024-02-15 17:15 Siddhesh Poyarekar
2024-02-16 16:44 ` [PATCH v2] " Siddhesh Poyarekar
2024-02-26 16:03 ` [PATCH v3] " Siddhesh Poyarekar
0 siblings, 2 replies; 6+ messages in thread
From: Siddhesh Poyarekar @ 2024-02-15 17:15 UTC (permalink / raw)
To: libc-alpha
When passed a pointer to a zero-sized struct, the access attribute
without the third argument misleads -Wstringop-overflow diagnostics to
think that a function is writing 1 byte into the zero-sized structs.
The attribute doesn't add that much value in this context, so drop it
completely for _FORTIFY_SOURCE=3.
Resolves: BZ #31383
Signed-off-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
---
Tested on x86_64
io/Makefile | 1 +
io/tst-read-zero.c | 35 +++++++++++++++++++++++++++++++++++
misc/sys/cdefs.h | 6 +++---
3 files changed, 39 insertions(+), 3 deletions(-)
create mode 100644 io/tst-read-zero.c
diff --git a/io/Makefile b/io/Makefile
index 54d950d51f..2a52b66255 100644
--- a/io/Makefile
+++ b/io/Makefile
@@ -215,6 +215,7 @@ tests := \
tst-openat \
tst-posix_fallocate \
tst-posix_fallocate64 \
+ tst-read-zero \
tst-readlinkat \
tst-renameat \
tst-stat \
diff --git a/io/tst-read-zero.c b/io/tst-read-zero.c
new file mode 100644
index 0000000000..b7657837e2
--- /dev/null
+++ b/io/tst-read-zero.c
@@ -0,0 +1,35 @@
+/* read smoke test for 0-sized structures.
+ Copyright The GNU Toolchain Authors.
+ This file is part of the GNU C Library.
+
+ The GNU C Library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+
+ The GNU C Library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with the GNU C Library; if not, see
+ <https://www.gnu.org/licenses/>. */
+
+/* Zero-sized structures should not result in any overflow warnings or
+ errors when fortification is enabled. */
+#define _FORTIFY_SOURCE 3
+#include <stdio.h>
+#include <unistd.h>
+#include <support/check.h>
+
+int
+do_test (void)
+{
+ struct test_st {} test_info[16];
+
+ TEST_VERIFY_EXIT (read (0, test_info, sizeof(test_info)) == 0);
+ return 0;
+}
+
+#include <support/test-driver.c>
diff --git a/misc/sys/cdefs.h b/misc/sys/cdefs.h
index 520231dbea..800c44640f 100644
--- a/misc/sys/cdefs.h
+++ b/misc/sys/cdefs.h
@@ -683,10 +683,10 @@ _Static_assert (0, "IEEE 128-bits long double requires redirection on this platf
# define __attr_access(x) __attribute__ ((__access__ x))
/* For _FORTIFY_SOURCE == 3 we use __builtin_dynamic_object_size, which may
use the access attribute to get object sizes from function definition
- arguments, so we can't use them on functions we fortify. Drop the object
- size hints for such functions. */
+ arguments, so we can't use them on functions we fortify. Drop the access
+ attribute for such functions. */
# if __USE_FORTIFY_LEVEL == 3
-# define __fortified_attr_access(a, o, s) __attribute__ ((__access__ (a, o)))
+# define __fortified_attr_access(a, o, s)
# else
# define __fortified_attr_access(a, o, s) __attr_access ((a, o, s))
# endif
--
2.43.0
^ permalink raw reply [flat|nested] 6+ messages in thread
* [PATCH v2] cdefs: Drop access attribute for _FORTIFY_SOURCE=3 (BZ #31383)
2024-02-15 17:15 [PATCH] cdefs: Drop access attribute for _FORTIFY_SOURCE=3 (BZ #31383) Siddhesh Poyarekar
@ 2024-02-16 16:44 ` Siddhesh Poyarekar
2024-02-20 14:44 ` Adhemerval Zanella Netto
2024-02-26 16:03 ` [PATCH v3] " Siddhesh Poyarekar
1 sibling, 1 reply; 6+ messages in thread
From: Siddhesh Poyarekar @ 2024-02-16 16:44 UTC (permalink / raw)
To: libc-alpha
When passed a pointer to a zero-sized struct, the access attribute
without the third argument misleads -Wstringop-overflow diagnostics to
think that a function is writing 1 byte into the zero-sized structs.
The attribute doesn't add that much value in this context, so drop it
completely for _FORTIFY_SOURCE=3.
Resolves: BZ #31383
Signed-off-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
---
Changes from v1:
- Adjust test to read from /dev/zero
io/Makefile | 1 +
io/tst-read-zero.c | 40 ++++++++++++++++++++++++++++++++++++++++
misc/sys/cdefs.h | 6 +++---
3 files changed, 44 insertions(+), 3 deletions(-)
create mode 100644 io/tst-read-zero.c
diff --git a/io/Makefile b/io/Makefile
index 54d950d51f..2a52b66255 100644
--- a/io/Makefile
+++ b/io/Makefile
@@ -215,6 +215,7 @@ tests := \
tst-openat \
tst-posix_fallocate \
tst-posix_fallocate64 \
+ tst-read-zero \
tst-readlinkat \
tst-renameat \
tst-stat \
diff --git a/io/tst-read-zero.c b/io/tst-read-zero.c
new file mode 100644
index 0000000000..9442f94e5d
--- /dev/null
+++ b/io/tst-read-zero.c
@@ -0,0 +1,40 @@
+/* read smoke test for 0-sized structures.
+ Copyright The GNU Toolchain Authors.
+ This file is part of the GNU C Library.
+
+ The GNU C Library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+
+ The GNU C Library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with the GNU C Library; if not, see
+ <https://www.gnu.org/licenses/>. */
+
+/* Zero-sized structures should not result in any overflow warnings or
+ errors when fortification is enabled. */
+#define _FORTIFY_SOURCE 3
+#include <fcntl.h>
+#include <stdio.h>
+#include <unistd.h>
+#include <support/check.h>
+
+int
+do_test (void)
+{
+ struct test_st {} test_info[16];
+ int fd = open ("/dev/zero", O_RDONLY, 0);
+
+ if (fd == -1)
+ FAIL_UNSUPPORTED ("Unable to open /dev/zero: %m");
+
+ TEST_VERIFY_EXIT (read (fd, test_info, sizeof(test_info)) == 0);
+ return 0;
+}
+
+#include <support/test-driver.c>
diff --git a/misc/sys/cdefs.h b/misc/sys/cdefs.h
index 520231dbea..800c44640f 100644
--- a/misc/sys/cdefs.h
+++ b/misc/sys/cdefs.h
@@ -683,10 +683,10 @@ _Static_assert (0, "IEEE 128-bits long double requires redirection on this platf
# define __attr_access(x) __attribute__ ((__access__ x))
/* For _FORTIFY_SOURCE == 3 we use __builtin_dynamic_object_size, which may
use the access attribute to get object sizes from function definition
- arguments, so we can't use them on functions we fortify. Drop the object
- size hints for such functions. */
+ arguments, so we can't use them on functions we fortify. Drop the access
+ attribute for such functions. */
# if __USE_FORTIFY_LEVEL == 3
-# define __fortified_attr_access(a, o, s) __attribute__ ((__access__ (a, o)))
+# define __fortified_attr_access(a, o, s)
# else
# define __fortified_attr_access(a, o, s) __attr_access ((a, o, s))
# endif
--
2.43.0
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH v2] cdefs: Drop access attribute for _FORTIFY_SOURCE=3 (BZ #31383)
2024-02-16 16:44 ` [PATCH v2] " Siddhesh Poyarekar
@ 2024-02-20 14:44 ` Adhemerval Zanella Netto
2024-02-20 14:53 ` Siddhesh Poyarekar
0 siblings, 1 reply; 6+ messages in thread
From: Adhemerval Zanella Netto @ 2024-02-20 14:44 UTC (permalink / raw)
To: Siddhesh Poyarekar, libc-alpha
On 16/02/24 13:44, Siddhesh Poyarekar wrote:
> When passed a pointer to a zero-sized struct, the access attribute
> without the third argument misleads -Wstringop-overflow diagnostics to
> think that a function is writing 1 byte into the zero-sized structs.
> The attribute doesn't add that much value in this context, so drop it
> completely for _FORTIFY_SOURCE=3.
>
> Resolves: BZ #31383
> Signed-off-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
It fails to build with aarch64/armhf buildbot [1]. The bots uses the
ubuntu 22 system compiler (gcc 11.4), and the tests fails:
* with --enable-fortify-source=2
$ make test t=io/tst-read-zero
[...]
tst-read-zero.c:21: error: "_FORTIFY_SOURCE" redefined [-Werror]
21 | #define _FORTIFY_SOURCE 3
|
<command-line>: note: this is the location of the previous definition
In file included from ../io/fcntl.h:25,
from ../include/fcntl.h:2,
from tst-read-zero.c:22:
../include/features.h:434:5: error: #warning _FORTIFY_SOURCE > 2 is treated like 2 on this platform [-Werror=cpp]
434 | # warning _FORTIFY_SOURCE > 2 is treated like 2 on this platform
| ^~~~~~~
cc1: all warnings being treated as errors
* with --enable-fortify-source=no
In file included from ../io/fcntl.h:25,
from ../include/fcntl.h:2,
from tst-read-zero.c:22:
../include/features.h:434:5: error: #warning _FORTIFY_SOURCE > 2 is treated like 2 on this platform [-Werror=cpp]
434 | # warning _FORTIFY_SOURCE > 2 is treated like 2 on this platform
| ^~~~~~~
cc1: all warnings being treated as errors
https://patchwork.sourceware.org/project/glibc/patch/20240216164401.3184063-1-siddhesh@sourceware.org/
> ---
> Changes from v1:
> - Adjust test to read from /dev/zero
>
> io/Makefile | 1 +
> io/tst-read-zero.c | 40 ++++++++++++++++++++++++++++++++++++++++
> misc/sys/cdefs.h | 6 +++---
> 3 files changed, 44 insertions(+), 3 deletions(-)
> create mode 100644 io/tst-read-zero.c
>
> diff --git a/io/Makefile b/io/Makefile
> index 54d950d51f..2a52b66255 100644
> --- a/io/Makefile
> +++ b/io/Makefile
> @@ -215,6 +215,7 @@ tests := \
> tst-openat \
> tst-posix_fallocate \
> tst-posix_fallocate64 \
> + tst-read-zero \
> tst-readlinkat \
> tst-renameat \
> tst-stat \
> diff --git a/io/tst-read-zero.c b/io/tst-read-zero.c
> new file mode 100644
> index 0000000000..9442f94e5d
> --- /dev/null
> +++ b/io/tst-read-zero.c
> @@ -0,0 +1,40 @@
> +/* read smoke test for 0-sized structures.
> + Copyright The GNU Toolchain Authors.
> + This file is part of the GNU C Library.
> +
> + The GNU C Library is free software; you can redistribute it and/or
> + modify it under the terms of the GNU Lesser General Public
> + License as published by the Free Software Foundation; either
> + version 2.1 of the License, or (at your option) any later version.
> +
> + The GNU C Library is distributed in the hope that it will be useful,
> + but WITHOUT ANY WARRANTY; without even the implied warranty of
> + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> + Lesser General Public License for more details.
> +
> + You should have received a copy of the GNU Lesser General Public
> + License along with the GNU C Library; if not, see
> + <https://www.gnu.org/licenses/>. */
> +
> +/* Zero-sized structures should not result in any overflow warnings or
> + errors when fortification is enabled. */
> +#define _FORTIFY_SOURCE 3
> +#include <fcntl.h>
> +#include <stdio.h>
> +#include <unistd.h>
> +#include <support/check.h>
> +
> +int
> +do_test (void)
> +{
> + struct test_st {} test_info[16];
> + int fd = open ("/dev/zero", O_RDONLY, 0);
> +
> + if (fd == -1)
> + FAIL_UNSUPPORTED ("Unable to open /dev/zero: %m");
> +
> + TEST_VERIFY_EXIT (read (fd, test_info, sizeof(test_info)) == 0);
> + return 0;
> +}
> +
> +#include <support/test-driver.c>
> diff --git a/misc/sys/cdefs.h b/misc/sys/cdefs.h
> index 520231dbea..800c44640f 100644
> --- a/misc/sys/cdefs.h
> +++ b/misc/sys/cdefs.h
> @@ -683,10 +683,10 @@ _Static_assert (0, "IEEE 128-bits long double requires redirection on this platf
> # define __attr_access(x) __attribute__ ((__access__ x))
> /* For _FORTIFY_SOURCE == 3 we use __builtin_dynamic_object_size, which may
> use the access attribute to get object sizes from function definition
> - arguments, so we can't use them on functions we fortify. Drop the object
> - size hints for such functions. */
> + arguments, so we can't use them on functions we fortify. Drop the access
> + attribute for such functions. */
> # if __USE_FORTIFY_LEVEL == 3
> -# define __fortified_attr_access(a, o, s) __attribute__ ((__access__ (a, o)))
> +# define __fortified_attr_access(a, o, s)
> # else
> # define __fortified_attr_access(a, o, s) __attr_access ((a, o, s))
> # endif
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH v2] cdefs: Drop access attribute for _FORTIFY_SOURCE=3 (BZ #31383)
2024-02-20 14:44 ` Adhemerval Zanella Netto
@ 2024-02-20 14:53 ` Siddhesh Poyarekar
0 siblings, 0 replies; 6+ messages in thread
From: Siddhesh Poyarekar @ 2024-02-20 14:53 UTC (permalink / raw)
To: Adhemerval Zanella Netto, libc-alpha
On 2024-02-20 09:44, Adhemerval Zanella Netto wrote:
>
>
> On 16/02/24 13:44, Siddhesh Poyarekar wrote:
>> When passed a pointer to a zero-sized struct, the access attribute
>> without the third argument misleads -Wstringop-overflow diagnostics to
>> think that a function is writing 1 byte into the zero-sized structs.
>> The attribute doesn't add that much value in this context, so drop it
>> completely for _FORTIFY_SOURCE=3.
>>
>> Resolves: BZ #31383
>> Signed-off-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
>
> It fails to build with aarch64/armhf buildbot [1]. The bots uses the
> ubuntu 22 system compiler (gcc 11.4), and the tests fails:
>
> * with --enable-fortify-source=2
Ah, I see. I'll fix this; I've hard-coded _FORTIFY_SOURCE=3 in there
and maybe I should set it only to the maximum supported fortification
level. I'll send an updated patch.
Thanks,
Sid
>
> $ make test t=io/tst-read-zero
> [...]
> tst-read-zero.c:21: error: "_FORTIFY_SOURCE" redefined [-Werror]
> 21 | #define _FORTIFY_SOURCE 3
> |
> <command-line>: note: this is the location of the previous definition
> In file included from ../io/fcntl.h:25,
> from ../include/fcntl.h:2,
> from tst-read-zero.c:22:
> ../include/features.h:434:5: error: #warning _FORTIFY_SOURCE > 2 is treated like 2 on this platform [-Werror=cpp]
> 434 | # warning _FORTIFY_SOURCE > 2 is treated like 2 on this platform
> | ^~~~~~~
> cc1: all warnings being treated as errors
>
> * with --enable-fortify-source=no
>
> In file included from ../io/fcntl.h:25,
> from ../include/fcntl.h:2,
> from tst-read-zero.c:22:
> ../include/features.h:434:5: error: #warning _FORTIFY_SOURCE > 2 is treated like 2 on this platform [-Werror=cpp]
> 434 | # warning _FORTIFY_SOURCE > 2 is treated like 2 on this platform
> | ^~~~~~~
> cc1: all warnings being treated as errors
>
> https://patchwork.sourceware.org/project/glibc/patch/20240216164401.3184063-1-siddhesh@sourceware.org/
>
>> ---
>> Changes from v1:
>> - Adjust test to read from /dev/zero
>>
>> io/Makefile | 1 +
>> io/tst-read-zero.c | 40 ++++++++++++++++++++++++++++++++++++++++
>> misc/sys/cdefs.h | 6 +++---
>> 3 files changed, 44 insertions(+), 3 deletions(-)
>> create mode 100644 io/tst-read-zero.c
>>
>> diff --git a/io/Makefile b/io/Makefile
>> index 54d950d51f..2a52b66255 100644
>> --- a/io/Makefile
>> +++ b/io/Makefile
>> @@ -215,6 +215,7 @@ tests := \
>> tst-openat \
>> tst-posix_fallocate \
>> tst-posix_fallocate64 \
>> + tst-read-zero \
>> tst-readlinkat \
>> tst-renameat \
>> tst-stat \
>> diff --git a/io/tst-read-zero.c b/io/tst-read-zero.c
>> new file mode 100644
>> index 0000000000..9442f94e5d
>> --- /dev/null
>> +++ b/io/tst-read-zero.c
>> @@ -0,0 +1,40 @@
>> +/* read smoke test for 0-sized structures.
>> + Copyright The GNU Toolchain Authors.
>> + This file is part of the GNU C Library.
>> +
>> + The GNU C Library is free software; you can redistribute it and/or
>> + modify it under the terms of the GNU Lesser General Public
>> + License as published by the Free Software Foundation; either
>> + version 2.1 of the License, or (at your option) any later version.
>> +
>> + The GNU C Library is distributed in the hope that it will be useful,
>> + but WITHOUT ANY WARRANTY; without even the implied warranty of
>> + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
>> + Lesser General Public License for more details.
>> +
>> + You should have received a copy of the GNU Lesser General Public
>> + License along with the GNU C Library; if not, see
>> + <https://www.gnu.org/licenses/>. */
>> +
>> +/* Zero-sized structures should not result in any overflow warnings or
>> + errors when fortification is enabled. */
>> +#define _FORTIFY_SOURCE 3
>> +#include <fcntl.h>
>> +#include <stdio.h>
>> +#include <unistd.h>
>> +#include <support/check.h>
>> +
>> +int
>> +do_test (void)
>> +{
>> + struct test_st {} test_info[16];
>> + int fd = open ("/dev/zero", O_RDONLY, 0);
>> +
>> + if (fd == -1)
>> + FAIL_UNSUPPORTED ("Unable to open /dev/zero: %m");
>> +
>> + TEST_VERIFY_EXIT (read (fd, test_info, sizeof(test_info)) == 0);
>> + return 0;
>> +}
>> +
>> +#include <support/test-driver.c>
>> diff --git a/misc/sys/cdefs.h b/misc/sys/cdefs.h
>> index 520231dbea..800c44640f 100644
>> --- a/misc/sys/cdefs.h
>> +++ b/misc/sys/cdefs.h
>> @@ -683,10 +683,10 @@ _Static_assert (0, "IEEE 128-bits long double requires redirection on this platf
>> # define __attr_access(x) __attribute__ ((__access__ x))
>> /* For _FORTIFY_SOURCE == 3 we use __builtin_dynamic_object_size, which may
>> use the access attribute to get object sizes from function definition
>> - arguments, so we can't use them on functions we fortify. Drop the object
>> - size hints for such functions. */
>> + arguments, so we can't use them on functions we fortify. Drop the access
>> + attribute for such functions. */
>> # if __USE_FORTIFY_LEVEL == 3
>> -# define __fortified_attr_access(a, o, s) __attribute__ ((__access__ (a, o)))
>> +# define __fortified_attr_access(a, o, s)
>> # else
>> # define __fortified_attr_access(a, o, s) __attr_access ((a, o, s))
>> # endif
>
^ permalink raw reply [flat|nested] 6+ messages in thread
* [PATCH v3] cdefs: Drop access attribute for _FORTIFY_SOURCE=3 (BZ #31383)
2024-02-15 17:15 [PATCH] cdefs: Drop access attribute for _FORTIFY_SOURCE=3 (BZ #31383) Siddhesh Poyarekar
2024-02-16 16:44 ` [PATCH v2] " Siddhesh Poyarekar
@ 2024-02-26 16:03 ` Siddhesh Poyarekar
2024-02-28 13:23 ` Adhemerval Zanella Netto
1 sibling, 1 reply; 6+ messages in thread
From: Siddhesh Poyarekar @ 2024-02-26 16:03 UTC (permalink / raw)
To: libc-alpha
When passed a pointer to a zero-sized struct, the access attribute
without the third argument misleads -Wstringop-overflow diagnostics to
think that a function is writing 1 byte into the zero-sized structs.
The attribute doesn't add that much value in this context, so drop it
completely for _FORTIFY_SOURCE=3.
Resolves: BZ #31383
Signed-off-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
---
Changes from v2:
- Use supported-fortify to set the right fortification level for the
compiler.
Changes from v1:
- Adjust test to read from /dev/zero
io/Makefile | 2 ++
io/tst-read-zero.c | 39 +++++++++++++++++++++++++++++++++++++++
misc/sys/cdefs.h | 6 +++---
3 files changed, 44 insertions(+), 3 deletions(-)
create mode 100644 io/tst-read-zero.c
diff --git a/io/Makefile b/io/Makefile
index 54d950d51f..19932d50f7 100644
--- a/io/Makefile
+++ b/io/Makefile
@@ -215,6 +215,7 @@ tests := \
tst-openat \
tst-posix_fallocate \
tst-posix_fallocate64 \
+ tst-read-zero \
tst-readlinkat \
tst-renameat \
tst-stat \
@@ -290,6 +291,7 @@ CFLAGS-read.c += -fexceptions -fasynchronous-unwind-tables $(config-cflags-wno-i
CFLAGS-write.c += -fexceptions -fasynchronous-unwind-tables $(config-cflags-wno-ignored-attributes)
CFLAGS-close.c += -fexceptions -fasynchronous-unwind-tables
CFLAGS-lseek64.c += $(config-cflags-wno-ignored-attributes)
+CFLAGS-tst-read-zero.c += $(no-fortify-source),-D_FORTIFY_SOURCE=$(supported-fortify)
CFLAGS-test-stat.c += -D_FILE_OFFSET_BITS=64 -D_LARGEFILE64_SOURCE
CFLAGS-test-lfs.c += -D_LARGEFILE64_SOURCE
diff --git a/io/tst-read-zero.c b/io/tst-read-zero.c
new file mode 100644
index 0000000000..8d1d30a543
--- /dev/null
+++ b/io/tst-read-zero.c
@@ -0,0 +1,39 @@
+/* read smoke test for 0-sized structures.
+ Copyright The GNU Toolchain Authors.
+ This file is part of the GNU C Library.
+
+ The GNU C Library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+
+ The GNU C Library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with the GNU C Library; if not, see
+ <https://www.gnu.org/licenses/>. */
+
+/* Zero-sized structures should not result in any overflow warnings or
+ errors when fortification is enabled. */
+#include <fcntl.h>
+#include <stdio.h>
+#include <unistd.h>
+#include <support/check.h>
+
+int
+do_test (void)
+{
+ struct test_st {} test_info[16];
+ int fd = open ("/dev/zero", O_RDONLY, 0);
+
+ if (fd == -1)
+ FAIL_UNSUPPORTED ("Unable to open /dev/zero: %m");
+
+ TEST_VERIFY_EXIT (read (fd, test_info, sizeof(test_info)) == 0);
+ return 0;
+}
+
+#include <support/test-driver.c>
diff --git a/misc/sys/cdefs.h b/misc/sys/cdefs.h
index 520231dbea..800c44640f 100644
--- a/misc/sys/cdefs.h
+++ b/misc/sys/cdefs.h
@@ -683,10 +683,10 @@ _Static_assert (0, "IEEE 128-bits long double requires redirection on this platf
# define __attr_access(x) __attribute__ ((__access__ x))
/* For _FORTIFY_SOURCE == 3 we use __builtin_dynamic_object_size, which may
use the access attribute to get object sizes from function definition
- arguments, so we can't use them on functions we fortify. Drop the object
- size hints for such functions. */
+ arguments, so we can't use them on functions we fortify. Drop the access
+ attribute for such functions. */
# if __USE_FORTIFY_LEVEL == 3
-# define __fortified_attr_access(a, o, s) __attribute__ ((__access__ (a, o)))
+# define __fortified_attr_access(a, o, s)
# else
# define __fortified_attr_access(a, o, s) __attr_access ((a, o, s))
# endif
--
2.43.0
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH v3] cdefs: Drop access attribute for _FORTIFY_SOURCE=3 (BZ #31383)
2024-02-26 16:03 ` [PATCH v3] " Siddhesh Poyarekar
@ 2024-02-28 13:23 ` Adhemerval Zanella Netto
0 siblings, 0 replies; 6+ messages in thread
From: Adhemerval Zanella Netto @ 2024-02-28 13:23 UTC (permalink / raw)
To: Siddhesh Poyarekar, libc-alpha
On 26/02/24 13:03, Siddhesh Poyarekar wrote:
> When passed a pointer to a zero-sized struct, the access attribute
> without the third argument misleads -Wstringop-overflow diagnostics to
> think that a function is writing 1 byte into the zero-sized structs.
> The attribute doesn't add that much value in this context, so drop it
> completely for _FORTIFY_SOURCE=3.
>
> Resolves: BZ #31383
> Signed-off-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
LGTM, thanks.
Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
> ---
> Changes from v2:
> - Use supported-fortify to set the right fortification level for the
> compiler.
>
> Changes from v1:
> - Adjust test to read from /dev/zero
>
> io/Makefile | 2 ++
> io/tst-read-zero.c | 39 +++++++++++++++++++++++++++++++++++++++
> misc/sys/cdefs.h | 6 +++---
> 3 files changed, 44 insertions(+), 3 deletions(-)
> create mode 100644 io/tst-read-zero.c
>
> diff --git a/io/Makefile b/io/Makefile
> index 54d950d51f..19932d50f7 100644
> --- a/io/Makefile
> +++ b/io/Makefile
> @@ -215,6 +215,7 @@ tests := \
> tst-openat \
> tst-posix_fallocate \
> tst-posix_fallocate64 \
> + tst-read-zero \
> tst-readlinkat \
> tst-renameat \
> tst-stat \
Maybe it makes more sense to add this test on debug subfolder, but I don't
have a strong preference.
> @@ -290,6 +291,7 @@ CFLAGS-read.c += -fexceptions -fasynchronous-unwind-tables $(config-cflags-wno-i
> CFLAGS-write.c += -fexceptions -fasynchronous-unwind-tables $(config-cflags-wno-ignored-attributes)
> CFLAGS-close.c += -fexceptions -fasynchronous-unwind-tables
> CFLAGS-lseek64.c += $(config-cflags-wno-ignored-attributes)
> +CFLAGS-tst-read-zero.c += $(no-fortify-source),-D_FORTIFY_SOURCE=$(supported-fortify)
>
> CFLAGS-test-stat.c += -D_FILE_OFFSET_BITS=64 -D_LARGEFILE64_SOURCE
> CFLAGS-test-lfs.c += -D_LARGEFILE64_SOURCE
> diff --git a/io/tst-read-zero.c b/io/tst-read-zero.c
> new file mode 100644
> index 0000000000..8d1d30a543
> --- /dev/null
> +++ b/io/tst-read-zero.c
> @@ -0,0 +1,39 @@
> +/* read smoke test for 0-sized structures.
> + Copyright The GNU Toolchain Authors.
> + This file is part of the GNU C Library.
> +
> + The GNU C Library is free software; you can redistribute it and/or
> + modify it under the terms of the GNU Lesser General Public
> + License as published by the Free Software Foundation; either
> + version 2.1 of the License, or (at your option) any later version.
> +
> + The GNU C Library is distributed in the hope that it will be useful,
> + but WITHOUT ANY WARRANTY; without even the implied warranty of
> + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> + Lesser General Public License for more details.
> +
> + You should have received a copy of the GNU Lesser General Public
> + License along with the GNU C Library; if not, see
> + <https://www.gnu.org/licenses/>. */
> +
> +/* Zero-sized structures should not result in any overflow warnings or
> + errors when fortification is enabled. */
> +#include <fcntl.h>
> +#include <stdio.h>
> +#include <unistd.h>
> +#include <support/check.h>
> +
> +int
> +do_test (void)
> +{
> + struct test_st {} test_info[16];
> + int fd = open ("/dev/zero", O_RDONLY, 0);
> +
> + if (fd == -1)
> + FAIL_UNSUPPORTED ("Unable to open /dev/zero: %m");
> +
> + TEST_VERIFY_EXIT (read (fd, test_info, sizeof(test_info)) == 0);
> + return 0;
> +}
> +
> +#include <support/test-driver.c>
> diff --git a/misc/sys/cdefs.h b/misc/sys/cdefs.h
> index 520231dbea..800c44640f 100644
> --- a/misc/sys/cdefs.h
> +++ b/misc/sys/cdefs.h
> @@ -683,10 +683,10 @@ _Static_assert (0, "IEEE 128-bits long double requires redirection on this platf
> # define __attr_access(x) __attribute__ ((__access__ x))
> /* For _FORTIFY_SOURCE == 3 we use __builtin_dynamic_object_size, which may
> use the access attribute to get object sizes from function definition
> - arguments, so we can't use them on functions we fortify. Drop the object
> - size hints for such functions. */
> + arguments, so we can't use them on functions we fortify. Drop the access
> + attribute for such functions. */
> # if __USE_FORTIFY_LEVEL == 3
> -# define __fortified_attr_access(a, o, s) __attribute__ ((__access__ (a, o)))
> +# define __fortified_attr_access(a, o, s)
> # else
> # define __fortified_attr_access(a, o, s) __attr_access ((a, o, s))
> # endif
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2024-02-28 13:23 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2024-02-15 17:15 [PATCH] cdefs: Drop access attribute for _FORTIFY_SOURCE=3 (BZ #31383) Siddhesh Poyarekar
2024-02-16 16:44 ` [PATCH v2] " Siddhesh Poyarekar
2024-02-20 14:44 ` Adhemerval Zanella Netto
2024-02-20 14:53 ` Siddhesh Poyarekar
2024-02-26 16:03 ` [PATCH v3] " Siddhesh Poyarekar
2024-02-28 13:23 ` Adhemerval Zanella Netto
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).