* [PATCH] Fix read etc. with -D_FORTIFY_SOURCE=2
@ 2005-03-01 9:50 Jakub Jelinek
2005-03-01 21:34 ` Roland McGrath
0 siblings, 1 reply; 2+ messages in thread
From: Jakub Jelinek @ 2005-03-01 9:50 UTC (permalink / raw)
To: Ulrich Drepper, Roland McGrath; +Cc: Glibc hackers
Hi!
read/pread/pread64/recv/recvfrom do not read operate with strings, but
arbitrary data. Therefore it is inappropriate to use
__builtin_object_size (, 1) for them, they should behave like
memcpy/memset and other memory operations rather than strcpy/fgets etc.
The difference is if
struct A { char buf[10]; char buf2[10]; } a;
read (1, &a.buf[0], 4);
read (1, &a.buf[4], sizeof (a) - 4);
is supposed to be valid under -D_FORTIFY_SOURCE=2. IMHO it ought to be.
2005-03-01 Jakub Jelinek <jakub@redhat.com>
* posix/bits/unistd.h (read, pread, pread64): Use __bos0 instead
of __bos.
* socket/bits/socket2.h (recv, recvfrom): Likewise.
--- libc/posix/bits/unistd.h.jj 2005-03-01 10:34:44.000000000 +0100
+++ libc/posix/bits/unistd.h 2005-03-01 10:40:47.859365519 +0100
@@ -24,9 +24,9 @@
extern ssize_t __read_chk (int __fd, void *__buf, size_t __nbytes,
size_t __buflen) __wur;
#define read(fd, buf, nbytes) \
- (__bos (buf) != (size_t) -1 \
- && (!__builtin_constant_p (nbytes) || (nbytes) > __bos (buf)) \
- ? __read_chk (fd, buf, nbytes, __bos (buf)) \
+ (__bos0 (buf) != (size_t) -1 \
+ && (!__builtin_constant_p (nbytes) || (nbytes) > __bos0 (buf)) \
+ ? __read_chk (fd, buf, nbytes, __bos0 (buf)) \
: read (fd, buf, nbytes))
#ifdef __USE_UNIX98
@@ -36,23 +36,23 @@ extern ssize_t __pread64_chk (int __fd,
__off64_t __offset, size_t __bufsize) __wur;
# ifndef __USE_FILE_OFFSET64
# define pread(fd, buf, nbytes, offset) \
- (__bos (buf) != (size_t) -1 \
- && (!__builtin_constant_p (nbytes) || (nbytes) > __bos (buf)) \
- ? __pread64_chk (fd, buf, nbytes, offset, __bos (buf)) \
+ (__bos0 (buf) != (size_t) -1 \
+ && (!__builtin_constant_p (nbytes) || (nbytes) > __bos0 (buf)) \
+ ? __pread64_chk (fd, buf, nbytes, offset, __bos0 (buf)) \
: pread (fd, buf, offset, nbytes))
# else
# define pread(fd, buf, nbytes, offset) \
- (__bos (buf) != (size_t) -1 \
- && (!__builtin_constant_p (nbytes) || (nbytes) > __bos (buf)) \
- ? __pread_chk (fd, buf, nbytes, offset, __bos (buf)) \
+ (__bos0 (buf) != (size_t) -1 \
+ && (!__builtin_constant_p (nbytes) || (nbytes) > __bos0 (buf)) \
+ ? __pread_chk (fd, buf, nbytes, offset, __bos0 (buf)) \
: pread (fd, buf, offset, nbytes))
# endif
# ifdef __USE_LARGEFILE64
# define pread64(fd, buf, nbytes, offset) \
- (__bos (buf) != (size_t) -1 \
- && (!__builtin_constant_p (nbytes) || (nbytes) > __bos (buf)) \
- ? __pread64_chk (fd, buf, nbytes, offset, __bos (buf)) \
+ (__bos0 (buf) != (size_t) -1 \
+ && (!__builtin_constant_p (nbytes) || (nbytes) > __bos0 (buf)) \
+ ? __pread64_chk (fd, buf, nbytes, offset, __bos0 (buf)) \
: pread64 (fd, buf, offset, nbytes))
# endif
#endif
--- libc/socket/bits/socket2.h.jj 2005-02-21 23:47:46.000000000 +0100
+++ libc/socket/bits/socket2.h 2005-03-01 10:41:19.169759831 +0100
@@ -24,8 +24,8 @@
extern ssize_t __recv_chk (int __fd, void *__buf, size_t __n, size_t __buflen,
int __flags);
#define recv(fd, buf, n, flags) \
- (__bos (buf) != (size_t) -1 \
- ? __recv_chk (fd, buf, n, __bos (buf), flags) \
+ (__bos0 (buf) != (size_t) -1 \
+ ? __recv_chk (fd, buf, n, __bos0 (buf), flags) \
: recv (fd, buf, n, flags))
extern ssize_t __recvfrom_chk (int __fd, void *__restrict __buf, size_t __n,
@@ -33,6 +33,6 @@ extern ssize_t __recvfrom_chk (int __fd,
__SOCKADDR_ARG __addr,
socklen_t *__restrict __addr_len);
#define recvfrom(fd, buf, n, flags, addr, addr_len) \
- (__bos (buf) != (size_t) -1 \
- ? __recvfrom_chk (fd, buf, n, __bos (buf), flags, addr, addr_len) \
+ (__bos0 (buf) != (size_t) -1 \
+ ? __recvfrom_chk (fd, buf, n, __bos0 (buf), flags, addr, addr_len) \
: recvfrom (fd, buf, n, flags, addr, addr_len))
Jakub
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: [PATCH] Fix read etc. with -D_FORTIFY_SOURCE=2
2005-03-01 9:50 [PATCH] Fix read etc. with -D_FORTIFY_SOURCE=2 Jakub Jelinek
@ 2005-03-01 21:34 ` Roland McGrath
0 siblings, 0 replies; 2+ messages in thread
From: Roland McGrath @ 2005-03-01 21:34 UTC (permalink / raw)
To: Jakub Jelinek; +Cc: Ulrich Drepper, Glibc hackers
> read/pread/pread64/recv/recvfrom do not read operate with strings, but
> arbitrary data. Therefore it is inappropriate to use
> __builtin_object_size (, 1) for them, they should behave like
> memcpy/memset and other memory operations rather than strcpy/fgets etc.
Quite right. I put the change in.
Thanks,
Roland
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2005-03-01 21:34 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2005-03-01 9:50 [PATCH] Fix read etc. with -D_FORTIFY_SOURCE=2 Jakub Jelinek
2005-03-01 21:34 ` Roland McGrath
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).