From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <corinna@sourceware.org>
Received: by sourceware.org (Postfix, from userid 2155)
	id 47F4F385840B; Mon, 29 Jan 2024 15:29:01 +0000 (GMT)
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 47F4F385840B
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sourceware.org;
	s=default; t=1706542141;
	bh=NlUBkbjrQpUSLA6OBLyuaJNqQhBcTWPE3A97pRlVBtU=;
	h=From:To:Subject:Date:From;
	b=R88DD2X3UljfmYyIy7ZfqSl3nNVCAj49bf5fmtuTdCgBNJ/ivtb+NRdCQS84uHRyT
	 OCk8HcCuTzzdnhBJtOPxUxhXwVZ5gCdZWq4Tf4qMNr5hMTW835YD4N5sOPO5nEbztK
	 0MR/ykKzIxu3g9MLmFC0sYzKbrg7k0NCMKaak3D0=
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
From: Corinna Vinschen <corinna@sourceware.org>
To: newlib-cvs@sourceware.org
Subject: [newlib-cygwin/main] ssp: add support for _FORTIFY_SOURCE=3
X-Act-Checkin: newlib-cygwin
X-Git-Author: Christian Franke <christian.franke@t-online.de>
X-Git-Refname: refs/heads/main
X-Git-Oldrev: 030a762535c1e18bf5a7ecc73b0f49898a30b157
X-Git-Newrev: 497e6eb2c0fadd0d4cb4ed418642832b020b19d4
Message-Id: <20240129152901.47F4F385840B@sourceware.org>
Date: Mon, 29 Jan 2024 15:29:01 +0000 (GMT)
List-Id: <newlib-cvs.sourceware.org>

https://sourceware.org/git/gitweb.cgi?p=3Dnewlib-cygwin.git;h=3D497e6eb2c0f=
add0d4cb4ed418642832b020b19d4

commit 497e6eb2c0fadd0d4cb4ed418642832b020b19d4
Author:     Christian Franke <christian.franke@t-online.de>
AuthorDate: Fri Jan 26 17:20:37 2024 +0100
Commit:     Corinna Vinschen <corinna@vinschen.de>
CommitDate: Mon Jan 29 14:03:37 2024 +0100

    ssp: add support for _FORTIFY_SOURCE=3D3
   =20
    If specified, use __builtin_dynamic_object_size() instead of
    __builtin_object_size() if supported (GCC 12.0 or later).
    This enables buffer overflow checks if the buffer size is non-const
    but known during runtime.
    Use new macro __ssp_bos_known() instead of the (bos(p) !=3D (size_t)-1)
    checks.  The latter is no longer a compile time constant in all cases.
    This avoids the generation of unused code.
   =20
    Signed-off-by: Christian Franke <christian.franke@t-online.de>

Diff:
---
 newlib/libc/include/ssp/ssp.h      | 11 ++++++++++-
 newlib/libc/include/ssp/string.h   |  4 ++--
 newlib/libc/include/ssp/strings.h  |  4 ++--
 newlib/libc/include/sys/features.h | 12 +++++++++---
 4 files changed, 23 insertions(+), 8 deletions(-)

diff --git a/newlib/libc/include/ssp/ssp.h b/newlib/libc/include/ssp/ssp.h
index 9229086599e9..49ea5f2dd8a4 100644
--- a/newlib/libc/include/ssp/ssp.h
+++ b/newlib/libc/include/ssp/ssp.h
@@ -43,11 +43,20 @@
=20
 #define __ssp_inline extern __inline__ __attribute__((__always_inline__, _=
_gnu_inline__))
=20
+#if __SSP_FORTIFY_LEVEL > 2
+#define __ssp_bos(ptr) __builtin_dynamic_object_size(ptr, 1)
+#define __ssp_bos0(ptr) __builtin_dynamic_object_size(ptr, 0)
+#define __ssp_bos_known(ptr) \
+       (__builtin_object_size(ptr, 0) !=3D (size_t)-1 \
+       || !__builtin_constant_p(__ssp_bos(ptr)))
+#else
 #define __ssp_bos(ptr) __builtin_object_size(ptr, __SSP_FORTIFY_LEVEL > 1)
 #define __ssp_bos0(ptr) __builtin_object_size(ptr, 0)
+#define __ssp_bos_known(ptr) (__ssp_bos0(ptr) !=3D (size_t)-1)
+#endif
=20
 #define __ssp_check(buf, len, bos) \
-	if (bos(buf) !=3D (size_t)-1 && len > bos(buf)) \
+	if (__ssp_bos_known(buf) && len > bos(buf)) \
 		__chk_fail()
 #define __ssp_decl(rtype, fun, args) \
 rtype __ssp_real_(fun) args __asm__(__ASMNAME(#fun)); \
diff --git a/newlib/libc/include/ssp/string.h b/newlib/libc/include/ssp/str=
ing.h
index 85c4512acfd3..22b52097cb9b 100644
--- a/newlib/libc/include/ssp/string.h
+++ b/newlib/libc/include/ssp/string.h
@@ -49,12 +49,12 @@ __END_DECLS
 #if __SSP_FORTIFY_LEVEL > 0
=20
 #define __ssp_bos_check3(fun, dst, src, len) \
-    ((__ssp_bos0(dst) !=3D (size_t)-1) ? \
+    (__ssp_bos_known(dst) ? \
     __builtin___ ## fun ## _chk(dst, src, len, __ssp_bos0(dst)) : \
     __ ## fun ## _ichk(dst, src, len))
=20
 #define __ssp_bos_check2(fun, dst, src) \
-    ((__ssp_bos0(dst) !=3D (size_t)-1) ? \
+    (__ssp_bos_known(dst) ? \
     __builtin___ ## fun ## _chk(dst, src, __ssp_bos0(dst)) : \
     __ ## fun ## _ichk(dst, src))
=20
diff --git a/newlib/libc/include/ssp/strings.h b/newlib/libc/include/ssp/st=
rings.h
index 13adba175276..be59882ebc0b 100644
--- a/newlib/libc/include/ssp/strings.h
+++ b/newlib/libc/include/ssp/strings.h
@@ -37,11 +37,11 @@
=20
 #if __BSD_VISIBLE || __POSIX_VISIBLE <=3D 200112
 #define bcopy(src, dst, len) \
-    ((__ssp_bos0(dst) !=3D (size_t)-1) ? \
+    (__ssp_bos_known(dst) ? \
     __builtin___memmove_chk(dst, src, len, __ssp_bos0(dst)) : \
     __memmove_ichk(dst, src, len))
 #define bzero(dst, len) \
-    ((__ssp_bos0(dst) !=3D (size_t)-1) ? \
+    (__ssp_bos_known(dst) ? \
     __builtin___memset_chk(dst, 0, len, __ssp_bos0(dst)) : \
     __memset_ichk(dst, 0, len))
 #endif
diff --git a/newlib/libc/include/sys/features.h b/newlib/libc/include/sys/f=
eatures.h
index a7d4bc52d18f..6a925c87e9ec 100644
--- a/newlib/libc/include/sys/features.h
+++ b/newlib/libc/include/sys/features.h
@@ -104,7 +104,7 @@ extern "C" {
  * _DEFAULT_SOURCE (or none of the above)
  * 	POSIX-1.2008 with BSD and SVr4 extensions
  *
- * _FORTIFY_SOURCE =3D 1 or 2
+ * _FORTIFY_SOURCE =3D 1, 2 or 3
  * 	Object Size Checking function wrappers
  */
=20
@@ -247,7 +247,7 @@ extern "C" {
  * 	GNU extensions; enabled with _GNU_SOURCE.
  *
  * __SSP_FORTIFY_LEVEL
- * 	Object Size Checking; defined to 0 (off), 1, or 2.
+ * 	Object Size Checking; defined to 0 (off), 1, 2 or 3.
  *
  * In all cases above, "enabled by default" means either by defining
  * _DEFAULT_SOURCE, or by not defining any of the public feature test macr=
os.
@@ -335,7 +335,13 @@ extern "C" {
 #if _FORTIFY_SOURCE > 0 && !defined(__cplusplus) && !defined(__lint__) && \
    (__OPTIMIZE__ > 0 || defined(__clang__)) && __GNUC_PREREQ__(4, 1) && \
    !defined(_LIBC)
-#  if _FORTIFY_SOURCE > 1
+#  if _FORTIFY_SOURCE > 2 && defined(__has_builtin)
+#    if __has_builtin(__builtin_dynamic_object_size)
+#      define __SSP_FORTIFY_LEVEL 3
+#    else
+#      define __SSP_FORTIFY_LEVEL 2
+#    endif
+#  elif _FORTIFY_SOURCE > 1
 #    define __SSP_FORTIFY_LEVEL 2
 #  else
 #    define __SSP_FORTIFY_LEVEL 1