mirror of
https://sourceware.org/git/glibc.git
synced 2024-11-09 14:50:05 +00:00
scripts: Fix fortify checks if compiler does not support _FORTIFY_SOURCE=3
The 30379efad1
added _FORTIFY_SOURCE checks without check if compiler
does support all used fortify levels. This patch fixes it by first
checking at configure time the maximum support fortify level and using
it instead of a pre-defined one.
Checked on x86_64 with gcc 11, 12, and 13.
Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
Tested-by: Florian Weimer <fweimer@redhat.com>
This commit is contained in:
parent
6c85c5a177
commit
a3090c2c98
4
Makefile
4
Makefile
@ -545,7 +545,7 @@ tests-special += $(objpfx)check-installed-headers-c.out
|
||||
libof-check-installed-headers-c := testsuite
|
||||
$(objpfx)check-installed-headers-c.out: \
|
||||
scripts/check-installed-headers.sh $(headers)
|
||||
$(SHELL) $(..)scripts/check-installed-headers.sh c \
|
||||
$(SHELL) $(..)scripts/check-installed-headers.sh c $(supported-fortify) \
|
||||
"$(CC) $(filter-out -std=%,$(CFLAGS)) -D_ISOMAC $(+includes)" \
|
||||
$(headers) > $@; \
|
||||
$(evaluate-test)
|
||||
@ -555,7 +555,7 @@ tests-special += $(objpfx)check-installed-headers-cxx.out
|
||||
libof-check-installed-headers-cxx := testsuite
|
||||
$(objpfx)check-installed-headers-cxx.out: \
|
||||
scripts/check-installed-headers.sh $(headers)
|
||||
$(SHELL) $(..)scripts/check-installed-headers.sh c++ \
|
||||
$(SHELL) $(..)scripts/check-installed-headers.sh c++ $(supported-fortify) \
|
||||
"$(CXX) $(filter-out -std=%,$(CXXFLAGS)) -D_ISOMAC $(+includes)" \
|
||||
$(headers) > $@; \
|
||||
$(evaluate-test)
|
||||
|
4
Rules
4
Rules
@ -85,7 +85,7 @@ tests-special += $(objpfx)check-installed-headers-c.out
|
||||
libof-check-installed-headers-c := testsuite
|
||||
$(objpfx)check-installed-headers-c.out: \
|
||||
$(..)scripts/check-installed-headers.sh $(headers)
|
||||
$(SHELL) $(..)scripts/check-installed-headers.sh c \
|
||||
$(SHELL) $(..)scripts/check-installed-headers.sh c $(supported-fortify) \
|
||||
"$(CC) $(filter-out -std=%,$(CFLAGS)) -D_ISOMAC $(+includes)" \
|
||||
$(headers) > $@; \
|
||||
$(evaluate-test)
|
||||
@ -97,7 +97,7 @@ tests-special += $(objpfx)check-installed-headers-cxx.out
|
||||
libof-check-installed-headers-cxx := testsuite
|
||||
$(objpfx)check-installed-headers-cxx.out: \
|
||||
$(..)scripts/check-installed-headers.sh $(headers)
|
||||
$(SHELL) $(..)scripts/check-installed-headers.sh c++ \
|
||||
$(SHELL) $(..)scripts/check-installed-headers.sh c++ $(supported-fortify) \
|
||||
"$(CXX) $(filter-out -std=%,$(CXXFLAGS)) -D_ISOMAC $(+includes)" \
|
||||
$(headers) > $@; \
|
||||
$(evaluate-test)
|
||||
|
28
configure
vendored
28
configure
vendored
@ -7610,9 +7610,9 @@ fi
|
||||
no_fortify_source="-Wp,-U_FORTIFY_SOURCE"
|
||||
fortify_source="${no_fortify_source}"
|
||||
|
||||
{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for __builtin_dynamic_object_size" >&5
|
||||
printf %s "checking for __builtin_dynamic_object_size... " >&6; }
|
||||
if test ${libc_cv___builtin_dynamic_object_size+y}
|
||||
{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for maximum supported _FORTIFY_SOURCE level" >&5
|
||||
printf %s "checking for maximum supported _FORTIFY_SOURCE level... " >&6; }
|
||||
if test ${libc_cv_supported_fortify_source+y}
|
||||
then :
|
||||
printf %s "(cached) " >&6
|
||||
else $as_nop
|
||||
@ -7630,30 +7630,24 @@ __builtin_dynamic_object_size("", 0)
|
||||
_ACEOF
|
||||
if ac_fn_c_try_link "$LINENO"
|
||||
then :
|
||||
libc_cv___builtin_dynamic_object_size=yes
|
||||
if test "$enable_fortify_source" = yes
|
||||
then :
|
||||
enable_fortify_source=3
|
||||
fi
|
||||
libc_cv_supported_fortify_source=3
|
||||
else $as_nop
|
||||
libc_cv___builtin_dynamic_object_size=no
|
||||
if test "$enable_fortify_source" = yes
|
||||
then :
|
||||
enable_fortify_source=2
|
||||
fi
|
||||
libc_cv_supported_fortify_source=2
|
||||
fi
|
||||
rm -f core conftest.err conftest.$ac_objext conftest.beam \
|
||||
conftest$ac_exeext conftest.$ac_ext
|
||||
|
||||
fi
|
||||
{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $libc_cv___builtin_dynamic_object_size" >&5
|
||||
printf "%s\n" "$libc_cv___builtin_dynamic_object_size" >&6; }
|
||||
{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $libc_cv_supported_fortify_source" >&5
|
||||
printf "%s\n" "$libc_cv_supported_fortify_source" >&6; }
|
||||
|
||||
case $enable_fortify_source in #(
|
||||
yes) :
|
||||
libc_cv_fortify_source=yes enable_fortify_source=$libc_cv_supported_fortify_source ;; #(
|
||||
1|2) :
|
||||
libc_cv_fortify_source=yes ;; #(
|
||||
3) :
|
||||
if test "$libc_cv___builtin_dynamic_object_size" = yes
|
||||
if test $libc_cv_supported_fortify_source = 3
|
||||
then :
|
||||
libc_cv_fortify_source=yes
|
||||
else $as_nop
|
||||
@ -7673,6 +7667,8 @@ fi
|
||||
|
||||
|
||||
|
||||
config_vars="$config_vars
|
||||
supported-fortify = $libc_cv_supported_fortify_source"
|
||||
|
||||
{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether the assembler requires one version per symbol" >&5
|
||||
printf %s "checking whether the assembler requires one version per symbol... " >&6; }
|
||||
|
13
configure.ac
13
configure.ac
@ -1578,17 +1578,17 @@ dnl support it
|
||||
no_fortify_source="-Wp,-U_FORTIFY_SOURCE"
|
||||
fortify_source="${no_fortify_source}"
|
||||
|
||||
AC_CACHE_CHECK([for __builtin_dynamic_object_size], [libc_cv___builtin_dynamic_object_size], [
|
||||
AC_CACHE_CHECK([for maximum supported _FORTIFY_SOURCE level],
|
||||
[libc_cv_supported_fortify_source], [
|
||||
AC_LINK_IFELSE([AC_LANG_PROGRAM([], [__builtin_dynamic_object_size("", 0)])],
|
||||
[libc_cv___builtin_dynamic_object_size=yes
|
||||
AS_IF([test "$enable_fortify_source" = yes], [enable_fortify_source=3])],
|
||||
[libc_cv___builtin_dynamic_object_size=no
|
||||
AS_IF([test "$enable_fortify_source" = yes], [enable_fortify_source=2])])
|
||||
[libc_cv_supported_fortify_source=3],
|
||||
[libc_cv_supported_fortify_source=2])
|
||||
])
|
||||
|
||||
AS_CASE([$enable_fortify_source],
|
||||
[yes], [libc_cv_fortify_source=yes enable_fortify_source=$libc_cv_supported_fortify_source],
|
||||
[1|2], [libc_cv_fortify_source=yes],
|
||||
[3], [AS_IF([test "$libc_cv___builtin_dynamic_object_size" = yes],
|
||||
[3], [AS_IF([test $libc_cv_supported_fortify_source = 3],
|
||||
[libc_cv_fortify_source=yes],
|
||||
[AC_MSG_ERROR([Compiler doesn't provide necessary support for _FORTIFY_SOURCE=3])])],
|
||||
[libc_cv_fortify_source=no])
|
||||
@ -1601,6 +1601,7 @@ AC_SUBST(enable_fortify_source)
|
||||
AC_SUBST(libc_cv_fortify_source)
|
||||
AC_SUBST(no_fortify_source)
|
||||
AC_SUBST(fortify_source)
|
||||
LIBC_CONFIG_VAR([supported-fortify], [$libc_cv_supported_fortify_source])
|
||||
|
||||
dnl Starting with binutils 2.35, GAS can attach multiple symbol versions
|
||||
dnl to one symbol (PR 23840).
|
||||
|
@ -29,11 +29,12 @@ cxx_modes="-std=c++98 -std=gnu++98 -std=c++11 -std=gnu++11"
|
||||
# These are probably the most commonly used three.
|
||||
lib_modes="-D_DEFAULT_SOURCE=1 -D_GNU_SOURCE=1 -D_XOPEN_SOURCE=700"
|
||||
|
||||
# Also check for fortify modes, since it might be enabled as default.
|
||||
fortify_modes="1 2 3"
|
||||
# Also check for fortify modes, since it might be enabled as default. The
|
||||
# maximum value to be checked is define by maximum_fortify argument.
|
||||
fortify_modes=""
|
||||
|
||||
if [ $# -lt 3 ]; then
|
||||
echo "usage: $0 c|c++ \"compile command\" header header header..." >&2
|
||||
echo "usage: $0 c|c++ maximum_fortify \"compile command\" header header header..." >&2
|
||||
exit 2
|
||||
fi
|
||||
case "$1" in
|
||||
@ -50,6 +51,8 @@ case "$1" in
|
||||
exit 2;;
|
||||
esac
|
||||
shift
|
||||
fortify_modes=$(seq -s' ' 1 $1)
|
||||
shift
|
||||
cc_cmd="$1"
|
||||
shift
|
||||
trap "rm -f '$cih_test_c'" 0
|
||||
@ -104,7 +107,6 @@ EOF
|
||||
for lang_mode in "" $lang_modes; do
|
||||
for lib_mode in "" $lib_modes; do
|
||||
for fortify_mode in "" $fortify_modes; do
|
||||
echo :::: $lang_mode $lib_mode $fortify_mode
|
||||
if [ -z "$lib_mode" ]; then
|
||||
expanded_lib_mode='/* default library mode */'
|
||||
else
|
||||
@ -114,6 +116,7 @@ EOF
|
||||
if [ ! -z $fortify_mode ]; then
|
||||
fortify_mode="#define _FORTIFY_SOURCE $fortify_mode"
|
||||
fi
|
||||
echo :::: $lang_mode $lib_mode $fortify_mode
|
||||
cat >"$cih_test_c" <<EOF
|
||||
/* These macros may have been defined on the command line. They are
|
||||
inappropriate for this test. */
|
||||
|
Loading…
Reference in New Issue
Block a user