From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from insect.birch.relay.mailchannels.net (insect.birch.relay.mailchannels.net [23.83.209.93]) by sourceware.org (Postfix) with ESMTPS id 0FC773857C49 for ; Fri, 11 Mar 2022 15:13:06 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 0FC773857C49 X-Sender-Id: dreamhost|x-authsender|siddhesh@gotplt.org Received: from relay.mailchannels.net (localhost [127.0.0.1]) by relay.mailchannels.net (Postfix) with ESMTP id BC2FA621504; Fri, 11 Mar 2022 15:13:04 +0000 (UTC) Received: from pdx1-sub0-mail-a304.dreamhost.com (unknown [127.0.0.6]) (Authenticated sender: dreamhost) by relay.mailchannels.net (Postfix) with ESMTPA id 4A7F36200F8; Fri, 11 Mar 2022 15:12:56 +0000 (UTC) ARC-Seal: i=1; s=arc-2022; d=mailchannels.net; t=1647011584; a=rsa-sha256; cv=none; b=f1ohwYo8AJPMwojor0kKGw/0eGrnmFPz7osqjOI+4ET09v50Kwl2S4d8gApJuKMZFT/hNM hIpaetjkuU3oMYm86F0HJn8gOHUBpyPce1ObuwlRJ9MPuYxDTRdo6T3l6PesJPvHjPfZFS MEMc3QyivQrepTbnD4txmlqoYhht/nQ8CBM51sWGMLgw7rO+feXxVNHsVrnctQ/G5+DnLD l2oElE6eFyRtA2txKT1pBewwKxU0usrsEHcaTia3Oe/UkSmKVcb5+MLX2oFDYPM6nDooui CVFwNijJpbeRJNHx06h3Hr99QBhMTF0d1SkfXt4QmZLi/GK1WuLCv+Ed+7fRMg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=mailchannels.net; s=arc-2022; t=1647011584; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=wi5XkSkMZZ+w+sm9T2fltTu6OQoBd0IRYO+aGTjBPFU=; b=VqgL3hhJHc1tOFkiE9Z0hg7TJ99b6CIqH+Cik9MSFQ3sFYdn1J9aBLz1mznU+iHeSpa2MO ZJbD8gfUvzhbb62Pl223ObrVTQ9JOmAkQWzN7I0Nweirnq0aQPzujQ3ktASxzcJPLAeyj2 gfvJwUsXoSW2v2wpn2nH3z9d8mVqk0wgaFxyUS6l7ppmY6T5Pp/DijsGigYTV6webJWVJj gF4tmSb4xAwSZHJF9DHQOVn2UdQflDFyUXh3VYyHXm/US2tFZytVRCnKq84TUVn8j8vFlT WhyPQj3IJRhkXRNMUGQJ1feznmkJQMnYI1YdSVsgUpRCKdo4bDrKBMfI+2b3kA== ARC-Authentication-Results: i=1; rspamd-c9cb649d9-djkwb; auth=pass smtp.auth=dreamhost smtp.mailfrom=siddhesh@sourceware.org X-Sender-Id: dreamhost|x-authsender|siddhesh@gotplt.org Received: from pdx1-sub0-mail-a304.dreamhost.com (pop.dreamhost.com [64.90.62.162]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384) by 100.119.141.198 (trex/6.5.3); Fri, 11 Mar 2022 15:13:04 +0000 X-MC-Relay: Neutral X-MailChannels-SenderId: dreamhost|x-authsender|siddhesh@gotplt.org X-MailChannels-Auth-Id: dreamhost X-Macabre-Hysterical: 5fe88d3d12b98d52_1647011584571_2424191060 X-MC-Loop-Signature: 1647011584571:1551169412 X-MC-Ingress-Time: 1647011584571 Received: from rhbox.redhat.com (unknown [1.186.122.132]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) (Authenticated sender: siddhesh@gotplt.org) by pdx1-sub0-mail-a304.dreamhost.com (Postfix) with ESMTPSA id 4KFTv96Ck0z1Pd; Fri, 11 Mar 2022 07:12:37 -0800 (PST) From: Siddhesh Poyarekar To: libc-stable@sourceware.org Cc: carlos@redhat.com, fweimer@redhat.com, Adhemerval Zanella Subject: [committed 2.34 8/8] debug: Synchronize feature guards in fortified functions [BZ #28746] Date: Fri, 11 Mar 2022 20:42:03 +0530 Message-Id: <20220311151203.3585163-9-siddhesh@sourceware.org> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220311151203.3585163-1-siddhesh@sourceware.org> References: <20220311151203.3585163-1-siddhesh@sourceware.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-3494.3 required=5.0 tests=BAYES_00, GIT_PATCH_0, JMQ_SPF_NEUTRAL, KAM_DMARC_NONE, KAM_DMARC_STATUS, RCVD_IN_BARRACUDACENTRAL, RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H2, RCVD_IN_SBL, SPF_HELO_NONE, SPF_NEUTRAL, TXREP, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.4 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on server2.sourceware.org X-BeenThere: libc-stable@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Libc-stable mailing list List-Unsubscribe: , List-Archive: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 11 Mar 2022 15:13:09 -0000 Some functions (e.g. stpcpy, pread64, etc.) had moved to POSIX in the main headers as they got incorporated into the standard, but their fortified variants remained under __USE_GNU. As a result, these functions did not get fortified when _GNU_SOURCE was not defined. Add test wrappers that check all functions tested in tst-chk0 at all levels with _GNU_SOURCE undefined and then use the failures to (1) exclude checks for _GNU_SOURCE functions in these tests and (2) Fix feature macro guards in the fortified function headers so that they're the same as the ones in the main headers. This fixes BZ #28746. Signed-off-by: Siddhesh Poyarekar Reviewed-by: Adhemerval Zanella (cherry picked from commit fcfc9086815bf0d277ad47a90ee3fda4c37acca8) --- debug/Makefile | 10 +++++-- debug/tst-fortify.c | 51 ++++++++++++++++++++++++++++------ posix/bits/unistd.h | 2 +- string/bits/string_fortified.h | 8 ++++-- support/xsignal.h | 2 ++ wcsmbs/bits/wchar2.h | 2 +- 6 files changed, 59 insertions(+), 16 deletions(-) diff --git a/debug/Makefile b/debug/Makefile index acc1b8f6ad..71248e0d45 100644 --- a/debug/Makefile +++ b/debug/Makefile @@ -132,6 +132,12 @@ define cflags-lfs CFLAGS-tst-fortify-$(1)-lfs-$(2).$(1) += -D_FILE_OFFSET_BITS=64 endef +define cflags-nongnu +CFLAGS-tst-fortify-$(1)-nongnu-$(2).$(1) += -D_LARGEFILE64_SOURCE=1 +endef + +src-chk-nongnu = \#undef _GNU_SOURCE + # We know these tests have problems with format strings, this is what # we are testing. Disable that warning. They are also testing # deprecated functions (notably gets) so disable that warning as well. @@ -145,13 +151,13 @@ CFLAGS-tst-fortify-$(1)-$(2)-$(3).$(1) += -D_FORTIFY_SOURCE=$(3) -Wno-format \ $(eval $(call cflags-$(2),$(1),$(3))) $(objpfx)tst-fortify-$(1)-$(2)-$(3).$(1): tst-fortify.c Makefile ( echo "/* Autogenerated from Makefile. */"; \ - echo ""; \ + echo "$(src-chk-$(2))"; \ echo "#include \"tst-fortify.c\"" ) > $$@.tmp mv $$@.tmp $$@ endef chk-extensions = c cc -chk-types = default lfs +chk-types = default lfs nongnu chk-levels = 1 2 3 $(foreach e,$(chk-extensions), \ diff --git a/debug/tst-fortify.c b/debug/tst-fortify.c index 68ac00d180..8b5902423c 100644 --- a/debug/tst-fortify.c +++ b/debug/tst-fortify.c @@ -1,4 +1,5 @@ -/* Copyright (C) 2004-2021 Free Software Foundation, Inc. +/* Copyright (C) 2004-2022 Free Software Foundation, Inc. + Copyright The GNU Toolchain Authors. This file is part of the GNU C Library. Contributed by Jakub Jelinek , 2004. @@ -37,6 +38,17 @@ #include #include +#ifndef _GNU_SOURCE +# define MEMPCPY memcpy +# define WMEMPCPY wmemcpy +# define MEMPCPY_RET(x) 0 +# define WMEMPCPY_RET(x) 0 +#else +# define MEMPCPY mempcpy +# define WMEMPCPY wmempcpy +# define MEMPCPY_RET(x) __builtin_strlen (x) +# define WMEMPCPY_RET(x) wcslen (x) +#endif #define obstack_chunk_alloc malloc #define obstack_chunk_free free @@ -163,7 +175,7 @@ do_test (void) if (memcmp (buf, "aabcdefghi", 10)) FAIL (); - if (mempcpy (buf + 5, "abcde", 5) != buf + 10 + if (MEMPCPY (buf + 5, "abcde", 5) != buf + 5 + MEMPCPY_RET ("abcde") || memcmp (buf, "aabcdabcde", 10)) FAIL (); @@ -208,7 +220,7 @@ do_test (void) if (memcmp (buf, "aabcdefghi", 10)) FAIL (); - if (mempcpy (buf + 5, "abcde", l0 + 5) != buf + 10 + if (MEMPCPY (buf + 5, "abcde", l0 + 5) != buf + 5 + MEMPCPY_RET ("abcde") || memcmp (buf, "aabcdabcde", 10)) FAIL (); @@ -267,7 +279,8 @@ do_test (void) if (memcmp (a.buf1, "aabcdefghi", 10)) FAIL (); - if (mempcpy (a.buf1 + 5, "abcde", l0 + 5) != a.buf1 + 10 + if (MEMPCPY (a.buf1 + 5, "abcde", l0 + 5) + != a.buf1 + 5 + MEMPCPY_RET ("abcde") || memcmp (a.buf1, "aabcdabcde", 10)) FAIL (); @@ -348,6 +361,7 @@ do_test (void) bcopy (buf + 1, buf + 2, l0 + 9); CHK_FAIL_END +#ifdef _GNU_SOURCE CHK_FAIL_START p = (char *) mempcpy (buf + 6, "abcde", 5); CHK_FAIL_END @@ -355,6 +369,7 @@ do_test (void) CHK_FAIL_START p = (char *) mempcpy (buf + 6, "abcde", l0 + 5); CHK_FAIL_END +#endif CHK_FAIL_START memset (buf + 9, 'j', 2); @@ -465,6 +480,7 @@ do_test (void) bcopy (a.buf1 + 1, a.buf1 + 2, l0 + 9); CHK_FAIL_END +#ifdef _GNU_SOURCE CHK_FAIL_START p = (char *) mempcpy (a.buf1 + 6, "abcde", 5); CHK_FAIL_END @@ -472,6 +488,7 @@ do_test (void) CHK_FAIL_START p = (char *) mempcpy (a.buf1 + 6, "abcde", l0 + 5); CHK_FAIL_END +#endif CHK_FAIL_START memset (a.buf1 + 9, 'j', 2); @@ -551,7 +568,7 @@ do_test (void) if (wmemcmp (wbuf, L"aabcdefghi", 10)) FAIL (); - if (wmempcpy (wbuf + 5, L"abcde", 5) != wbuf + 10 + if (WMEMPCPY (wbuf + 5, L"abcde", 5) != wbuf + 5 + WMEMPCPY_RET (L"abcde") || wmemcmp (wbuf, L"aabcdabcde", 10)) FAIL (); @@ -584,7 +601,8 @@ do_test (void) if (wmemcmp (wbuf, L"aabcdefghi", 10)) FAIL (); - if (wmempcpy (wbuf + 5, L"abcde", l0 + 5) != wbuf + 10 + if (WMEMPCPY (wbuf + 5, L"abcde", l0 + 5) + != wbuf + 5 + WMEMPCPY_RET (L"abcde") || wmemcmp (wbuf, L"aabcdabcde", 10)) FAIL (); @@ -626,7 +644,8 @@ do_test (void) if (wmemcmp (wa.buf1, L"aabcdefghi", 10)) FAIL (); - if (wmempcpy (wa.buf1 + 5, L"abcde", l0 + 5) != wa.buf1 + 10 + if (WMEMPCPY (wa.buf1 + 5, L"abcde", l0 + 5) + != wa.buf1 + 5 + WMEMPCPY_RET (L"abcde") || wmemcmp (wa.buf1, L"aabcdabcde", 10)) FAIL (); @@ -695,6 +714,7 @@ do_test (void) wmemmove (wbuf + 2, wbuf + 1, l0 + 9); CHK_FAIL_END +#ifdef _GNU_SOURCE CHK_FAIL_START wp = wmempcpy (wbuf + 6, L"abcde", 5); CHK_FAIL_END @@ -702,6 +722,7 @@ do_test (void) CHK_FAIL_START wp = wmempcpy (wbuf + 6, L"abcde", l0 + 5); CHK_FAIL_END +#endif CHK_FAIL_START wmemset (wbuf + 9, L'j', 2); @@ -769,6 +790,7 @@ do_test (void) wmemmove (wa.buf1 + 2, wa.buf1 + 1, l0 + 9); CHK_FAIL_END +#ifdef _GNU_SOURCE CHK_FAIL_START wp = wmempcpy (wa.buf1 + 6, L"abcde", 5); CHK_FAIL_END @@ -776,6 +798,7 @@ do_test (void) CHK_FAIL_START wp = wmempcpy (wa.buf1 + 6, L"abcde", l0 + 5); CHK_FAIL_END +#endif CHK_FAIL_START wmemset (wa.buf1 + 9, L'j', 2); @@ -907,6 +930,7 @@ do_test (void) if (fprintf (fp, buf2 + 4, str5) != 7) FAIL (); +#ifdef _GNU_SOURCE char *my_ptr = NULL; strcpy (buf2 + 2, "%n%s%n"); /* When the format string is writable and contains %n, @@ -936,6 +960,7 @@ do_test (void) if (obstack_printf (&obs, "%s%n%s%n", str4, &n1, str5, &n1) != 14) FAIL (); obstack_free (&obs, NULL); +#endif if (freopen (temp_filename, "r", stdin) == NULL) { @@ -983,6 +1008,7 @@ do_test (void) rewind (stdin); +#ifdef _GNU_SOURCE if (fgets_unlocked (buf, buf_size, stdin) != buf || memcmp (buf, "abcdefgh\n", 10)) FAIL (); @@ -1009,6 +1035,7 @@ do_test (void) #endif rewind (stdin); +#endif if (fread (buf, 1, buf_size, stdin) != buf_size || memcmp (buf, "abcdefgh\nA", 10)) @@ -1579,7 +1606,10 @@ do_test (void) ret = 1; } - int fd = posix_openpt (O_RDWR); + int fd; + +#ifdef _GNU_SOURCE + fd = posix_openpt (O_RDWR); if (fd != -1) { char enough[1000]; @@ -1595,6 +1625,7 @@ do_test (void) #endif close (fd); } +#endif #if PATH_MAX > 0 confstr (_CS_GNU_LIBC_VERSION, largebuf, sizeof (largebuf)); @@ -1712,8 +1743,9 @@ do_test (void) poll (fds, l0 + 2, 0); CHK_FAIL_END #endif +#ifdef _GNU_SOURCE ppoll (fds, 1, NULL, NULL); -#if __USE_FORTIFY_LEVEL >= 1 +# if __USE_FORTIFY_LEVEL >= 1 CHK_FAIL_START ppoll (fds, 2, NULL, NULL); CHK_FAIL_END @@ -1721,6 +1753,7 @@ do_test (void) CHK_FAIL_START ppoll (fds, l0 + 2, NULL, NULL); CHK_FAIL_END +# endif #endif return ret; diff --git a/posix/bits/unistd.h b/posix/bits/unistd.h index 697dcbbf7b..1df7e5ceef 100644 --- a/posix/bits/unistd.h +++ b/posix/bits/unistd.h @@ -40,7 +40,7 @@ read (int __fd, void *__buf, size_t __nbytes) __fd, __buf, __nbytes); } -#ifdef __USE_UNIX98 +#if defined __USE_UNIX98 || defined __USE_XOPEN2K8 extern ssize_t __pread_chk (int __fd, void *__buf, size_t __nbytes, __off_t __offset, size_t __bufsize) __wur __attr_access ((__write_only__, 2, 3)); diff --git a/string/bits/string_fortified.h b/string/bits/string_fortified.h index 5731274848..218006c9ba 100644 --- a/string/bits/string_fortified.h +++ b/string/bits/string_fortified.h @@ -79,7 +79,7 @@ __NTH (strcpy (char *__restrict __dest, const char *__restrict __src)) return __builtin___strcpy_chk (__dest, __src, __glibc_objsize (__dest)); } -#ifdef __USE_GNU +#ifdef __USE_XOPEN2K8 __fortify_function char * __NTH (stpcpy (char *__restrict __dest, const char *__restrict __src)) { @@ -96,14 +96,15 @@ __NTH (strncpy (char *__restrict __dest, const char *__restrict __src, __glibc_objsize (__dest)); } -#if __GNUC_PREREQ (4, 7) || __glibc_clang_prereq (2, 6) +#ifdef __USE_XOPEN2K8 +# if __GNUC_PREREQ (4, 7) || __glibc_clang_prereq (2, 6) __fortify_function char * __NTH (stpncpy (char *__dest, const char *__src, size_t __n)) { return __builtin___stpncpy_chk (__dest, __src, __n, __glibc_objsize (__dest)); } -#else +# else extern char *__stpncpy_chk (char *__dest, const char *__src, size_t __n, size_t __destlen) __THROW __fortified_attr_access ((__write_only__, 1, 3)) @@ -119,6 +120,7 @@ __NTH (stpncpy (char *__dest, const char *__src, size_t __n)) return __stpncpy_chk (__dest, __src, __n, __bos (__dest)); return __stpncpy_alias (__dest, __src, __n); } +# endif #endif diff --git a/support/xsignal.h b/support/xsignal.h index 8ee1fa6b4d..692e0f2c42 100644 --- a/support/xsignal.h +++ b/support/xsignal.h @@ -28,7 +28,9 @@ __BEGIN_DECLS terminate the process on error. */ void xraise (int sig); +#ifdef _GNU_SOURCE sighandler_t xsignal (int sig, sighandler_t handler); +#endif void xsigaction (int sig, const struct sigaction *newact, struct sigaction *oldact); diff --git a/wcsmbs/bits/wchar2.h b/wcsmbs/bits/wchar2.h index 26012ef936..88c1fdfcd3 100644 --- a/wcsmbs/bits/wchar2.h +++ b/wcsmbs/bits/wchar2.h @@ -457,7 +457,7 @@ __NTH (wcsrtombs (char *__restrict __dst, const wchar_t **__restrict __src, } -#ifdef __USE_GNU +#ifdef __USE_XOPEN2K8 extern size_t __mbsnrtowcs_chk (wchar_t *__restrict __dst, const char **__restrict __src, size_t __nmc, size_t __len, mbstate_t *__restrict __ps, -- 2.35.1