Add range checking for FD_SET, FD_CLR, and FD_ISSET

ChangeLog

@@ -1,9 +1,19 @@
 2011-09-08  Ulrich Drepper  <drepper@gmail.com>
 
+	* misc/Makefile (headers): Add bits/select2.h.
+	* misc/sys/select.h: Include bits/select2.h for _FORTIFY_SOURCE.
+	* misc/bits/select2.h: New file.
+	* include/bits/select2.h: New file.
+	* debug/Makefile (routines): Add fdelt_chk.
+	* debug/Versions: Export __fdelt_chk and __fdelt_warn for GLIBC_2.15.
+	* debug/tst-chk1.c (do_test): Add tests for FD_SET, FD_CLR, and
+	FD_ISSET.
+	* debug/fdelt_chk.c: New file.
+
 	* wcsmbs/test-wcscmp.c: Moved from string/*.  Adjust.
 	* wcsmbs/test-wmemcmp.c: Likewise.
 	* string/Makefile (strop-tests): Remove wcscmp and wmemcmp.
-	* wcsmbs/Makefile (strop-tests): Add  wcscmp and wmemcmp.
+	* wcsmbs/Makefile (strop-tests): Add wcscmp and wmemcmp.
 
 2011-09-08  Liubov Dmitrieva  <liubov.dmitrieva@gmail.com>
 

NEWS

@@ -1,4 +1,4 @@
-GNU C Library NEWS -- history of user-visible changes.  2011-9-7
+GNU C Library NEWS -- history of user-visible changes.  2011-9-8
 Copyright (C) 1992-2009, 2010, 2011 Free Software Foundation, Inc.
 See the end for copying conditions.
 
@@ -34,6 +34,9 @@ Version 2.15
 
 * New interfaces: scandirat, scandirat64
   Implemented by Ulrich Drepper.
+
+* Checking versions of FD_SET, FD_CLR, and FD_ISSET added.
+  Implemented by Ulrich Drepper.
 
 Version 2.14
 

debug/Makefile

@@ -1,4 +1,4 @@
-# Copyright (C) 1998-2001,2004-2008, 2009 Free Software Foundation, Inc.
+# Copyright (C) 1998-2001,2004-2008, 2009, 2011 Free Software Foundation, Inc.
 # This file is part of the GNU C Library.
 
 # The GNU C Library is free software; you can redistribute it and/or
@@ -44,6 +44,7 @@ routines  = backtrace backtracesyms backtracesymsfd noophooks \
 	    wcstombs_chk asprintf_chk vasprintf_chk dprintf_chk \
 	    vdprintf_chk obprintf_chk \
 	    longjmp_chk ____longjmp_chk \
+	    fdelt_chk \
 	    stack_chk_fail fortify_fail \
 	    $(static-only-routines)
 static-only-routines := warning-nop stack_chk_fail_local

debug/Versions

@@ -49,6 +49,9 @@ libc {
   GLIBC_2.11 {
     __longjmp_chk;
   }
+  GLIBC_2.15 {
+    __fdelt_chk; __fdelt_warn;
+  }
   GLIBC_PRIVATE {
     __fortify_fail;
   }

debug/fdelt_chk.c

@@ -0,0 +1,30 @@
+/* Copyright (C) 2011 Free Software Foundation, Inc.
+   This file is part of the GNU C Library.
+
+   The GNU C Library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Lesser General Public
+   License as published by the Free Software Foundation; either
+   version 2.1 of the License, or (at your option) any later version.
+
+   The GNU C Library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Lesser General Public License for more details.
+
+   You should have received a copy of the GNU Lesser General Public
+   License along with the GNU C Library; if not, write to the Free
+   Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+   02111-1307 USA.  */
+
+#include <sys/select.h>
+
+
+unsigned long int
+__fdelt_chk (unsigned long int d)
+{
+  if (d >= FD_SETSIZE)
+    __chk_fail ();
+
+  return d / __NFDBITS;
+}
+strong_alias (__fdelt_chk, __fdelt_warn)

debug/tst-chk1.c

@@ -1,4 +1,4 @@
-/* Copyright (C) 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc.
+/* Copyright (C) 2004,2005,2006,2007,2008,2011 Free Software Foundation, Inc.
    This file is part of the GNU C Library.
    Contributed by Jakub Jelinek <jakub@redhat.com>, 2004.
 
@@ -29,6 +29,7 @@
 #include <string.h>
 #include <unistd.h>
 #include <wchar.h>
+#include <sys/select.h>
 #include <sys/socket.h>
 #include <sys/un.h>
 
@@ -107,11 +108,11 @@ int num2 = 987654;
       FAIL ();					\
     }
 #if __USE_FORTIFY_LEVEL >= 2 && (!defined __cplusplus || defined __va_arg_pack)
-#define CHK_FAIL2_START CHK_FAIL_START
-#define CHK_FAIL2_END CHK_FAIL_END
+# define CHK_FAIL2_START CHK_FAIL_START
+# define CHK_FAIL2_END CHK_FAIL_END
 #else
-#define CHK_FAIL2_START
-#define CHK_FAIL2_END
+# define CHK_FAIL2_START
+# define CHK_FAIL2_END
 #endif
 
 static int
@@ -1448,5 +1449,26 @@ do_test (void)
   CHK_FAIL_END
 #endif
 
+  fd_set s;
+  FD_ZERO (&s);
+  FD_SET (FD_SETSIZE - 1, &s);
+#if __USE_FORTIFY_LEVEL >= 1
+  CHK_FAIL_START
+  FD_SET (FD_SETSIZE, &s);
+  CHK_FAIL_END
+#endif
+  FD_CLR (FD_SETSIZE - 1, &s);
+#if __USE_FORTIFY_LEVEL >= 1
+  CHK_FAIL_START
+  FD_CLR (FD_SETSIZE, &s);
+  CHK_FAIL_END
+#endif
+  FD_ISSET (FD_SETSIZE - 1, &s);
+#if __USE_FORTIFY_LEVEL >= 1
+  CHK_FAIL_START
+  FD_ISSET (FD_SETSIZE, &s);
+  CHK_FAIL_END
+#endif
+
   return ret;
 }

include/bits/select2.h

@@ -0,0 +1 @@
+#include "../../misc/bits/select2.h"

misc/Makefile

@@ -31,7 +31,8 @@ headers	:= sys/uio.h bits/uio.h sys/ioctl.h bits/ioctls.h bits/ioctl-types.h \
 	   sys/select.h ustat.h sys/ustat.h bits/ustat.h sys/sysinfo.h \
 	   regexp.h bits/select.h bits/mman.h sys/xattr.h \
 	   syslog.h sys/syslog.h \
-	   bits/syslog.h bits/syslog-ldbl.h bits/syslog-path.h bits/error.h
+	   bits/syslog.h bits/syslog-ldbl.h bits/syslog-path.h bits/error.h \
+	   bits/select2.h
 
 routines := brk sbrk sstk ioctl \
 	    readv writev preadv preadv64 pwritev pwritev64 \

misc/bits/select2.h

@@ -0,0 +1,34 @@
+/* Checking macros for select functions.
+   Copyright (C) 2011 Free Software Foundation, Inc.
+   This file is part of the GNU C Library.
+
+   The GNU C Library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Lesser General Public
+   License as published by the Free Software Foundation; either
+   version 2.1 of the License, or (at your option) any later version.
+
+   The GNU C Library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Lesser General Public License for more details.
+
+   You should have received a copy of the GNU Lesser General Public
+   License along with the GNU C Library; if not, write to the Free
+   Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+   02111-1307 USA.  */
+
+#ifndef _SYS_SELECT_H
+# error "Never include <bits/select2.h> directly; use <sys/select.h> instead."
+#endif
+
+/* Helper functions to issue warnings and errors when needed.  */
+extern unsigned long int __fdelt_chk (unsigned long int __d);
+extern unsigned long int __fdelt_warn (unsigned long int __d)
+  __warnattr ("bit outside of fd_set selected");
+#undef __FDELT
+#define	__FDELT(d) \
+  ({ unsigned long int __d = d;						    \
+     (__builtin_constant_p (__d)					    \
+      ? (__d >= __FD_SETSIZE						    \
+	 ? __fdelt_warn (__d) : (__d / __NFDBITS))			    \
+      : __fdelt_chk (__d)); })

misc/sys/select.h

@@ -1,5 +1,5 @@
 /* `fd_set' type and related macros, and `select'/`pselect' declarations.
-   Copyright (C) 1996-2003, 2009 Free Software Foundation, Inc.
+   Copyright (C) 1996-2003, 2009, 2011 Free Software Foundation, Inc.
    This file is part of the GNU C Library.
 
    The GNU C Library is free software; you can redistribute it and/or
@@ -125,6 +125,12 @@ extern int pselect (int __nfds, fd_set *__restrict __readfds,
 		    const __sigset_t *__restrict __sigmask);
 #endif
 
+
+/* Define some inlines helping to catch common problems.  */
+#if __USE_FORTIFY_LEVEL > 0 && defined __GNUC__
+# include <bits/select2.h>
+#endif
+
 __END_DECLS
 
 #endif /* sys/select.h */