cdefs: Drop access attribute for _FORTIFY_SOURCE=3 (BZ #31383)

When passed a pointer to a zero-sized struct, the access attribute
without the third argument misleads -Wstringop-overflow diagnostics to
think that a function is writing 1 byte into the zero-sized structs.
The attribute doesn't add that much value in this context, so drop it
completely for _FORTIFY_SOURCE=3.

Resolves: BZ #31383
Signed-off-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
This commit is contained in:
Siddhesh Poyarekar 2024-02-15 07:40:56 -05:00
parent b53e73ea80
commit bf9688e623
3 changed files with 44 additions and 3 deletions

View File

@ -215,6 +215,7 @@ tests := \
tst-openat \
tst-posix_fallocate \
tst-posix_fallocate64 \
tst-read-zero \
tst-readlinkat \
tst-renameat \
tst-stat \
@ -290,6 +291,7 @@ CFLAGS-read.c += -fexceptions -fasynchronous-unwind-tables $(config-cflags-wno-i
CFLAGS-write.c += -fexceptions -fasynchronous-unwind-tables $(config-cflags-wno-ignored-attributes)
CFLAGS-close.c += -fexceptions -fasynchronous-unwind-tables
CFLAGS-lseek64.c += $(config-cflags-wno-ignored-attributes)
CFLAGS-tst-read-zero.c += $(no-fortify-source),-D_FORTIFY_SOURCE=$(supported-fortify)
CFLAGS-test-stat.c += -D_FILE_OFFSET_BITS=64 -D_LARGEFILE64_SOURCE
CFLAGS-test-lfs.c += -D_LARGEFILE64_SOURCE

39
io/tst-read-zero.c Normal file
View File

@ -0,0 +1,39 @@
/* read smoke test for 0-sized structures.
Copyright The GNU Toolchain Authors.
This file is part of the GNU C Library.
The GNU C Library is free software; you can redistribute it and/or
modify it under the terms of the GNU Lesser General Public
License as published by the Free Software Foundation; either
version 2.1 of the License, or (at your option) any later version.
The GNU C Library is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
Lesser General Public License for more details.
You should have received a copy of the GNU Lesser General Public
License along with the GNU C Library; if not, see
<https://www.gnu.org/licenses/>. */
/* Zero-sized structures should not result in any overflow warnings or
errors when fortification is enabled. */
#include <fcntl.h>
#include <stdio.h>
#include <unistd.h>
#include <support/check.h>
int
do_test (void)
{
struct test_st {} test_info[16];
int fd = open ("/dev/zero", O_RDONLY, 0);
if (fd == -1)
FAIL_UNSUPPORTED ("Unable to open /dev/zero: %m");
TEST_VERIFY_EXIT (read (fd, test_info, sizeof(test_info)) == 0);
return 0;
}
#include <support/test-driver.c>

View File

@ -837,10 +837,10 @@ _Static_assert (0, "IEEE 128-bits long double requires redirection on this platf
# define __attr_access(x) __attribute__ ((__access__ x))
/* For _FORTIFY_SOURCE == 3 we use __builtin_dynamic_object_size, which may
use the access attribute to get object sizes from function definition
arguments, so we can't use them on functions we fortify. Drop the object
size hints for such functions. */
arguments, so we can't use them on functions we fortify. Drop the access
attribute for such functions. */
# if __USE_FORTIFY_LEVEL == 3
# define __fortified_attr_access(a, o, s) __attribute__ ((__access__ (a, o)))
# define __fortified_attr_access(a, o, s)
# else
# define __fortified_attr_access(a, o, s) __attr_access ((a, o, s))
# endif