Commit Graph

28 Commits

Author SHA1 Message Date
Andreas Schwab
39ca997ab3 Fix name space violation in fortify wrappers (bug 32052)
Rename the identifier sz to __sz everywhere.

Fixes: a643f60c53 ("Make sure that the fortified function conditionals are constant")
2024-08-05 16:49:58 +02:00
Adhemerval Zanella
4289b00d43 socket: Improve fortify with clang
It improve fortify checks recv, recvfrom, poll, and ppoll.  The compile
and runtime hecks have similar coverage as with GCC.

Checked on aarch64, armhf, x86_64, and i686.
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
Tested-by: Carlos O'Donell <carlos@redhat.com>
2024-02-27 10:52:59 -03:00
Paul Eggert
dff8da6b3e Update copyright dates with scripts/update-copyrights 2024-01-01 10:53:40 -08:00
Joseph Myers
6d7e8eda9b Update copyright dates with scripts/update-copyrights 2023-01-06 21:14:39 +00:00
Paul Eggert
581c785bf3 Update copyright dates with scripts/update-copyrights
I used these shell commands:

../glibc/scripts/update-copyrights $PWD/../gnulib/build-aux/update-copyright
(cd ../glibc && git commit -am"[this commit message]")

and then ignored the output, which consisted lines saying "FOO: warning:
copyright statement not found" for each of 7061 files FOO.

I then removed trailing white space from math/tgmath.h,
support/tst-support-open-dev-null-range.c, and
sysdeps/x86_64/multiarch/strlen-vec.S, to work around the following
obscure pre-commit check failure diagnostics from Savannah.  I don't
know why I run into these diagnostics whereas others evidently do not.

remote: *** 912-#endif
remote: *** 913:
remote: *** 914-
remote: *** error: lines with trailing whitespace found
...
remote: *** error: sysdeps/unix/sysv/linux/statx_cp.c: trailing lines
2022-01-01 11:40:24 -08:00
Siddhesh Poyarekar
a643f60c53 Make sure that the fortified function conditionals are constant
In _FORTIFY_SOURCE=3, the size expression may be non-constant,
resulting in branches in the inline functions remaining intact and
causing a tiny overhead.  Clang (and in future, gcc) make sure that
the -1 case is always safe, i.e. any comparison of the generated
expression with (size_t)-1 is always false so that bit is taken care
of.  The rest is avoidable since we want the _chk variant whenever we
have a size expression and it's not -1.

Rework the conditionals in a uniform way to clearly indicate two
conditions at compile time:

- Either the size is unknown (-1) or we know at compile time that the
  operation length is less than the object size.  We can call the
  original function in this case.  It could be that either the length,
  object size or both are non-constant, but the compiler, through
  range analysis, is able to fold the *comparison* to a constant.

- The size and length are known and the compiler can see at compile
  time that operation length > object size.  This is valid grounds for
  a warning at compile time, followed by emitting the _chk variant.

For everything else, emit the _chk variant.

This simplifies most of the fortified function implementations and at
the same time, ensures that only one call from _chk or the regular
function is emitted.

Signed-off-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
2021-10-20 18:12:41 +05:30
Paul Eggert
2b778ceb40 Update copyright dates with scripts/update-copyrights
I used these shell commands:

../glibc/scripts/update-copyrights $PWD/../gnulib/build-aux/update-copyright
(cd ../glibc && git commit -am"[this commit message]")

and then ignored the output, which consisted lines saying "FOO: warning:
copyright statement not found" for each of 6694 files FOO.
I then removed trailing white space from benchtests/bench-pthread-locks.c
and iconvdata/tst-iconv-big5-hkscs-to-2ucs4.c, to work around this
diagnostic from Savannah:
remote: *** pre-commit check failed ...
remote: *** error: lines with trailing whitespace found
remote: error: hook declined to update refs/heads/master
2021-01-02 12:17:34 -08:00
Siddhesh Poyarekar
f9de8bfe1a nonstring: Enable __FORTIFY_LEVEL=3
Use __builtin_dynamic_object_size in the remaining functions that
don't have compiler builtins as is the case for string functions.
2020-12-31 16:55:21 +05:30
Joseph Myers
d614a75396 Update copyright dates with scripts/update-copyrights. 2020-01-01 00:14:33 +00:00
Paul Eggert
5a82c74822 Prefer https to http for gnu.org and fsf.org URLs
Also, change sources.redhat.com to sourceware.org.
This patch was automatically generated by running the following shell
script, which uses GNU sed, and which avoids modifying files imported
from upstream:

sed -ri '
  s,(http|ftp)(://(.*\.)?(gnu|fsf|sourceware)\.org($|[^.]|\.[^a-z])),https\2,g
  s,(http|ftp)(://(.*\.)?)sources\.redhat\.com($|[^.]|\.[^a-z]),https\2sourceware.org\4,g
' \
  $(find $(git ls-files) -prune -type f \
      ! -name '*.po' \
      ! -name 'ChangeLog*' \
      ! -path COPYING ! -path COPYING.LIB \
      ! -path manual/fdl-1.3.texi ! -path manual/lgpl-2.1.texi \
      ! -path manual/texinfo.tex ! -path scripts/config.guess \
      ! -path scripts/config.sub ! -path scripts/install-sh \
      ! -path scripts/mkinstalldirs ! -path scripts/move-if-change \
      ! -path INSTALL ! -path  locale/programs/charmap-kw.h \
      ! -path po/libc.pot ! -path sysdeps/gnu/errlist.c \
      ! '(' -name configure \
            -execdir test -f configure.ac -o -f configure.in ';' ')' \
      ! '(' -name preconfigure \
            -execdir test -f preconfigure.ac ';' ')' \
      -print)

and then by running 'make dist-prepare' to regenerate files built
from the altered files, and then executing the following to cleanup:

  chmod a+x sysdeps/unix/sysv/linux/riscv/configure
  # Omit irrelevant whitespace and comment-only changes,
  # perhaps from a slightly-different Autoconf version.
  git checkout -f \
    sysdeps/csky/configure \
    sysdeps/hppa/configure \
    sysdeps/riscv/configure \
    sysdeps/unix/sysv/linux/csky/configure
  # Omit changes that caused a pre-commit check to fail like this:
  # remote: *** error: sysdeps/powerpc/powerpc64/ppc-mcount.S: trailing lines
  git checkout -f \
    sysdeps/powerpc/powerpc64/ppc-mcount.S \
    sysdeps/unix/sysv/linux/s390/s390-64/syscall.S
  # Omit change that caused a pre-commit check to fail like this:
  # remote: *** error: sysdeps/sparc/sparc64/multiarch/memcpy-ultra3.S: last line does not end in newline
  git checkout -f sysdeps/sparc/sparc64/multiarch/memcpy-ultra3.S
2019-09-07 02:43:31 -07:00
Joseph Myers
04277e02d7 Update copyright dates with scripts/update-copyrights.
* All files with FSF copyright notices: Update copyright dates
	using scripts/update-copyrights.
	* locale/programs/charmap-kw.h: Regenerated.
	* locale/programs/locfile-kw.h: Likewise.
2019-01-01 00:11:28 +00:00
Joseph Myers
688903eb3e Update copyright dates with scripts/update-copyrights.
* All files with FSF copyright notices: Update copyright dates
	using scripts/update-copyrights.
	* locale/programs/charmap-kw.h: Regenerated.
	* locale/programs/locfile-kw.h: Likewise.
2018-01-01 00:32:25 +00:00
Joseph Myers
bfff8b1bec Update copyright dates with scripts/update-copyrights. 2017-01-01 00:14:16 +00:00
Joseph Myers
f7a9f785e5 Update copyright dates with scripts/update-copyrights. 2016-01-04 16:05:18 +00:00
Joseph Myers
b168057aaa Update copyright dates with scripts/update-copyrights. 2015-01-02 16:29:47 +00:00
Allan McRae
d4697bc93d Update copyright notices with scripts/update-copyrights 2014-01-01 22:00:23 +10:00
Joseph Myers
568035b787 Update copyright notices with scripts/update-copyrights. 2013-01-02 19:05:09 +00:00
Marek Polacek
5ac3ea17df Fix attributes for fortify functions. 2012-04-29 15:34:20 +02:00
Paul Eggert
59ba27a63a Replace FSF snail mail address with URLs. 2012-02-09 23:18:22 +00:00
Ulrich Drepper
d6cd6bf4de * misc/sys/cdefs.h (__warndecl, __errordecl): For GCC 4.3+ define
with __warning__/__error__ attributes.
	(__warnattr): Define.
	* stdlib/bits/stdlib.h (__realpath_chk_warn, __ptsname_r_chk_warn,
	__mbstowcs_chk_warn, __wcstombs_chk_warn): New aliases with
	__warnattr.
	(realpath, ptsname_r, mbstowcs, wcstombs): Call __*_chk_warn instead
	of __*_chk if compile time detectable overflow is found.
	* libio/bits/stdio2.h (__fgets_chk_warn, __fread_chk_warn,
	__fgets_unlocked_chk_warn, __fread_unlocked_chk_warn): New aliases
	with __warnattr.
	(fgets, fread, fgets_unlocked, fread_unlocked): Call __*_chk_warn
	instead of __*_chk if compile time detectable overflow is found.
	(__gets_alias): Rename to...
	(__gets_warn): ... this.  Add __warnattr.
	(gets): Call __gets_warn instead of __gets_alias.
	* socket/bits/socket2.h (__recv_chk_warn, __recvfrom_chk_warn): New
	aliases with __warnattr.
	(recv, recvfrom): Call __*_chk_warn instead of __*_chk if compile
	time detectable overflow is found.
	* posix/bits/unistd.h (__read_chk_warn, __pread_chk_warn,
	__pread64_chk_warn, __readlink_chk_warn, __readlinkat_chk_warn,
	__getcwd_chk_warn, __confstr_chk_warn, __getgroups_chk_warn,
	__ttyname_r_chk_warn, __getlogin_r_chk_warn, __gethostname_chk_warn,
	__getdomainname_chk_warn): New aliases with __warnattr.
	(read, pread, pread64, readlink, readlinkat, getcwd, confstr,
	getgroups, ttyname_r, getlogin_r, gethostname, getdomainname): Call
	__*_chk_warn instead of __*_chk if compile time detectable overflow
	is found.
	(__getgroups_chk): Rename argument to __listlen from listlen.
	(__getwd_alias): Rename to...
	(__getwd_warn): ... this.  Add __warnattr.
	(getwd): Call __getwd_warn instead of __getwd_alias.
	* wcsmbs/bits/wchar2.h (__wmemcpy_chk_warn, __wmemmove_chk_warn,
	__wmempcpy_chk_warn, __wmemset_chk_warn, __wcsncpy_chk_warn,
	__wcpncpy_chk_warn, __fgetws_chk_warn, __fgetws_unlocked_chk_warn,
	__mbsrtowcs_chk_warn, __wcsrtombs_chk_warn, __mbsnrtowcs_chk_warn,
	__wcsnrtombs_chk_warn): New aliases with __warnattr.
	(wmemcpy, wmemmove, wmempcpy, wmemset, mbsrtowcs, wcsrtombs,
	mbsnrtowcs, wcsnrtombs): Call __*_chk_warn instead of __*_chk if
	compile time detectable overflow is found.
	(wcsncpy, wcpncpy): Likewise.  For constant __n fix check whether
	to use __*_chk or not.
	(fgetws, fgetws_unlocked): Divide __bos by sizeof (wchar_t), both
	in comparisons which function should be called and in __*_chk*
	arguments.  Call __*_chk_warn instead of __*_chk if compile time
	detectable overflow is found.
	(swprintf, vswprintf): Divide __bos by sizeof (wchar_t) in
	__*_chk argument.
	* debug/tst-chk1.c (do_test): Add a few more tests.
2007-09-26 20:45:18 +00:00
Ulrich Drepper
b037a293a4 * configure.in (libc_cv_gnu89_inline): Test for -fgnu89-inline.
* config.make.in (gnu89-inline-CFLAGS): New variable.
	* Makeconfig (CFLAGS): Use $(gnu89-inline-CFLAGS) together with
	-std=gnu99.
	* misc/sys/cdefs.h (__extern_inline, __extern_always_inline): Define.
	* argp/argp.h: Use it.
	* bits/mathinline.h: Likewise.
	* bits/sigset.h: Likewise.
	* bits/string.h: Likewise.
	* ctype/ctype.h: Likewise.
	* hurd/hurd.h: Likewise.
	* hurd/hurd/fd.h: Likewise.
	* hurd/hurd/port.h: Likewise.
	* hurd/hurd/signal.h: Likewise.
	* hurd/hurd/threadvar.h: Likewise.
	* hurd/hurd/userlink.h: Likewise.
	* io/sys/stat.h: Likewise.
	* libio/bits/stdio.h: Likewise.
	* libio/bits/stdio2.h: Likewise.
	* mach/lock-intern.h: Likewise.
	* mach/mach/mig_support.h: Likewise.
	* math/bits/cmathcalls.h: Likewise.
	* posix/bits/unistd.h: Likewise.
	* socket/bits/socket2.h: Likewise.
	* stdlib/bits/stdlib.h: Likewise.
	* stdlib/stdlib.h: Likewise.
	* string/argz.h: Likewise.
	* string/bits/string2.h: Likewise.
	* string/bits/string3.h: Likewise.
	* sysdeps/alpha/fpu/bits/mathinline.h: Likewise.
	* sysdeps/generic/inttypes.h: Likewise.
	* sysdeps/generic/machine-lock.h: Likewise.
	* sysdeps/generic/machine-sp.h: Likewise.
	* sysdeps/i386/fpu/bits/mathinline.h: Likewise.
	* sysdeps/i386/i486/bits/string.h: Likewise.
	* sysdeps/ia64/fpu/bits/mathinline.h: Likewise.
	* sysdeps/mach/alpha/machine-lock.h: Likewise.
	* sysdeps/mach/alpha/machine-sp.h: Likewise.
	* sysdeps/mach/i386/machine-lock.h: Likewise.
	* sysdeps/mach/powerpc/machine-lock.h: Likewise.
	* sysdeps/mach/powerpc/machine-sp.h: Likewise.
	* sysdeps/powerpc/fpu/bits/mathinline.h: Likewise.
	* sysdeps/s390/bits/string.h: Likewise.
	* sysdeps/s390/fpu/bits/mathinline.h: Likewise.
	* sysdeps/sparc/fpu/bits/mathinline.h: Likewise.
	* sysdeps/unix/bsd/bsd4.4/bits/socket.h: Likewise.
	* sysdeps/unix/sysv/linux/bits/sigset.h: Likewise.
	* sysdeps/unix/sysv/linux/bits/socket.h: Likewise.
	* sysdeps/unix/sysv/linux/sys/sysmacros.h: Likewise.
	* sysdeps/x86_64/fpu/bits/mathinline.h: Likewise.
	* wcsmbs/bits/wchar2.h: Likewise.
	* wcsmbs/wchar.h: Likewise.
	* stdlib/gmp.h: Likewise.  Include <features.h> to get
	__extern_inline definition.

	* locale/programs/ld-ctype.c (find_translit): Return NULL if ctype is
	NULL.
2007-03-17 17:04:28 +00:00
Ulrich Drepper
dc4bb1c2be * posix/bits/unistd.h (confstr, getgroups, ttyname_r, gethostname,
getdomainname): Add __NTH.
	* stdlib/bits/stdlib.h (ptsname_r, wctomb, mbstowcs, wcstombs):
	Likewise.
	(realpath): Likewise.  Use __const instead of const.  Add __restrict
	keywords.
	* socket/bits/socket2.h (recvfrom): Add __restrict keyword to __buf.
	* wcsmbs/bits/wchar2.h (wmemcpy, wmemmove, wmempcpy, wmemset,
	wcscpy, wcpcpy, wcsncpy, wcpncpy, wcscat, wcsncat, vswprintf, wcrtomb,
	mbsrtowcs, wcsrtombs, mbsnrtowcs, wcsnrtombs): Add __NTH.
	* string/bits/string3.h (__memset_ichk): Likewise.
	(__memcpy_ichk, __memmove_ichk, __mempcpy_ichk, __strcpy_ichk,
	__stpcpy_ichk, __strncpy_ichk, stpncpy, __strcat_ichk,
	__strncat_ichk): Likewise.  Use __const instead of const.
	(__stpncpy_chk): Use __const instead of const.
	(__stpncpy_alias): Use __REDIRECT_NTH instead of __REDIRECT.

2005-08-08  Ulrich Drepper  <drepper@redhat.com>
	    Jakub Jelinek  <jakub@redhat.com>

	* nscd/mem.c (BLOCK_ALIGN_LOG, BLOCK_ALIGN, BLOCK_ALIGN_M1): Move
	definitions to...
	* nscd/nscd.h (BLOCK_ALIGN_LOG, BLOCK_ALIGN, BLOCK_ALIGN_M1): ...here.
	* nscd/connections.c (usekey): New enum.
	(check_use, verify_persistent_db): New functions.
	(nscd_init): If persistent database is corrupted, unlink it and
	recreate rather than falling back to non-persistent database.
	Call verify_persistent_db.  Avoid overflows in total computation.

2005-08-08  Ulrich Drepper  <drepper@redhat.com>

	* iconvdata/utf-16.c (PREPARE_LOOP): Minor cleanups to make code
	better readable.  Avoid passing var to loop function, it's not
	necessary at all.
2005-08-08 19:04:11 +00:00
Ulrich Drepper
88764ae26a [BZ #779]
2005-03-10  Jakub Jelinek  <jakub@redhat.com>
	* math/test-misc.c (main): Add some more tests.

2005-03-17  Jakub Jelinek  <jakub@redhat.com>

	* posix/regcomp.c (re_compile_fastmap_iter): Fix check for failed
	__wcrtomb.  Check return values of other __wcrtomb calls.
	* posix/regex_internal.c (build_wcs_buffer, re_string_skip_chars):
	Change mbclen type to size_t.
	(build_wcs_upper_buffer): Change mbclen and mbcdlen type to size_t.
	Handle mb chars whose upper case doesn't have multibyte representation
	in locale's charset.

2005-03-15  Jakub Jelinek  <jakub@redhat.com>

	* malloc/malloc.c (_int_icalloc, _int_icomalloc, iALLOc,
	public_iCALLOc, public_iCALLOc, public_iCOMALLOc): Protect with
	#ifndef _LIBC.

	[BZ #779]
	* malloc/malloc.c (public_mTRIm): Initialize malloc if not yet
	initialized.

2005-03-10  Jakub Jelinek  <jakub@redhat.com>

	* misc/sys/cdefs.h (__always_inline): Define.
	* posix/bits/unistd.h (read, pread, pread64, readlink, getcwd, getwd):
	Use __always_inline instead of __inline.
	* socket/bits/socket2.h (recv, recvfrom): Likewise.
	* libio/bits/stdio2.h (gets, fgets, fgets_unlocked): Likewise.
	* string/bits/string3.h (__memcpy_ichk, __memmove_ichk, __mempcpy_ichk,
	__memset_ichk, __strcpy_ichk, __stpcpy_ichk, __strncpy_ichk,
	__strcat_ichk, __strncat_ichk): Use __always_inline instead of
	__inline__ __attribute__ ((__always_inline__)).

2005-03-09  Jakub Jelinek  <jakub@redhat.com>

	* debug/tst-chk1.c: Include sys/socket.h and sys/un.h.
	(do_test): Add new tests for recv, recvfrom, getcwd, getwd and
	readlink.  Add some more tests for read, pread, pread64, fgets and
	fgets_unlocked.

	* posix/bits/unistd.h (read, pread, pread64, readlink,
	getcwd, getwd): Change macros into extern inline functions.
	(__read_alias, __pread_alias, __pread64_alias, __readlink_alias,
	__getcwd_alias, __getwd_alias): New prototypes.
	* socket/bits/socket2.h (recv, recvfrom): Change macros into
	extern inline functions.
	(__recv_alias, __recvfrom_alias): New prototypes.
	* libio/bits/stdio2.h (gets, fgets, fgets_unlocked): Change macros
	into extern inline functions.
	(__gets_alias, __fgets_alias, __fgets_unlocked_alias): New prototypes.

	* debug/pread_chk.c (__pread_chk): Fix order of arguments passed
	to __pread.
	* debug/pread64_chk.c (__pread64_chk): Fix order of arguments passed
	to __pread64.
2005-03-19 00:28:51 +00:00
Ulrich Drepper
4625abbf26 (recv): Avoid calls to the _chk variant if we know the call succeeds. (recvfrom): Likewise. 2005-03-06 20:56:52 +00:00
Roland McGrath
95ca9dd3fc * posix/bits/unistd.h (read, pread, pread64): Use __bos0 instead
of __bos.
	* socket/bits/socket2.h (recv, recvfrom): Likewise.
2005-03-01 21:33:48 +00:00
Ulrich Drepper
553cc5f9ad * sysdeps/unix/sysv/linux/libc_fatal.c: Print backtrace and memory
map if requested.
	* debug/chk_fail.c: Request backtrace and memory map dump.

	* Versions.def: Add GLIBC_2.4 for libc.
	* debug/fgets_chk.c: New file.
	* debug/fgets_u_chk.c: New file.
	* debug/getcwd_chk.c: New file.
	* debug/getwd_chk.c: New file.
	* debug/readlink_chk.c: New file.
	* debug/read_chk.c: New file.
	* debug/pread_chk.c: New file.
	* debug/pread64_chk.c: New file.
	* debug/recv_chk.c: New file.
	* debug/recvfrom_chk.c: New file.
	* debug/Versions: Add all new functions with version GLIBC_2.4.
	* debug/Makefile (routines): Add fgets_chk, fgets_u_chk, read_chk,
	pread_chk, pread64_chk, recv_chk, recvfrom_chk, readlink_chk,
	getwd_chk, and getcwd_chk.  Plus appropriate CFLAGS definitions.
	* debug/tst-chk1.c: Add more tests.
	* libio/bits/stdio2.h: Add macros for fgets and fgets_unlocked.
	* include/stdio.h: Declare __fgets_chk and __fgets_unlocked_chk.
	* posix/unistd.h: Include <bits/unistd.h> for fortification.
	* posix/bits/unistd.h: New file.
	* posix/Makefile (headers): Add bits/unistd.h.
	* socket/sys/socket.h: Include <bits/socket2.h> for fortification.
	* socket/bits/socket2.h: New file.
	* socket/Makefile (headers): Add bits/socket2.h.

	* string/bits/string3.h: Extend memset macro to check for zero 3rd
	parameter and use __memset_zero_constant_len_parameter in that case.
	* sysdeps/generic/memset_chk.c: Add
	__memset_zero_constant_len_parameter alias and linker warning.
	* debug/Versions: Add __memset_zero_constant_len_parameter to libc
	with version GLIBC_2.4.

	* sysdeps/generic/bits/types.h: Don't unnecessarily use __extension__
	in __STD_TYPE definition.

2005-02-21  Jakub Jelinek  <jakub@redhat.com>

	* malloc/malloc.c (malloc_printerr): If MALLOC_CHECK_={5,7}, print
	the error message rather than program name.

2005-02-21  Ulrich Drepper  <drepper@redhat.com>
2005-02-21 23:14:10 +00:00
Ulrich Drepper
a334319f65 (CFLAGS-tst-align.c): Add -mpreferred-stack-boundary=4. 2004-12-22 20:10:10 +00:00
Jakub Jelinek
0ecb606cb6 2.5-18.1 2007-07-12 18:26:36 +00:00