[v3,03/10] string: Improve fortify with clang

Message ID	20240208184622.332678-4-adhemerval.zanella@linaro.org
State	Accepted
Commit	5e9696b26540d02639e0d16532e0f3d53c7e5cd0
Headers	show Delivered-To: patch@linaro.org Received-SPF: pass (google.com: domain of libc-alpha-bounces+patch=linaro.org@sourceware.org designates 2620:52:3:1:0:246e:9693:128c as permitted sender) client-ip=2620:52:3:1:0:246e:9693:128c; DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org BFED3385828E From: Adhemerval Zanella <adhemerval.zanella@linaro.org> To: libc-alpha@sourceware.org Cc: Siddhesh Poyarekar <siddhesh@gotplt.org> Subject: [PATCH v3 03/10] string: Improve fortify with clang Date: Thu, 8 Feb 2024 15:46:15 -0300 Message-Id: <20240208184622.332678-4-adhemerval.zanella@linaro.org> In-Reply-To: <20240208184622.332678-1-adhemerval.zanella@linaro.org> References: <20240208184622.332678-1-adhemerval.zanella@linaro.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: list Errors-To: libc-alpha-bounces+patch=linaro.org@sourceware.org
Series	Improve fortify support with clang \| expand [v3,00/10] Improve fortify support with clang [v3,01/10] cdefs.h: Add clang fortify directives [v3,02/10] libio: Improve fortify with clang [v3,03/10] string: Improve fortify with clang [v3,04/10] stdlib: Improve fortify with clang [v3,05/10] unistd: Improve fortify with clang [v3,06/10] socket: Improve fortify with clang [v3,07/10] syslog: Improve fortify with clang [v3,08/10] wcsmbs: Improve fortify with clang [v3,09/10] debug: Improve fcntl.h fortify warnings with clang [v3,10/10] debug: Improve mqueue.h fortify warnings with clang

Message ID

20240208184622.332678-4-adhemerval.zanella@linaro.org

State

Accepted

Commit

5e9696b26540d02639e0d16532e0f3d53c7e5cd0

Headers

Received-SPF: pass (google.com: domain of
 libc-alpha-bounces+patch=linaro.org@sourceware.org designates
 2620:52:3:1:0:246e:9693:128c as permitted sender)
 client-ip=2620:52:3:1:0:246e:9693:128c;
DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org BFED3385828E
From: Adhemerval Zanella <adhemerval.zanella@linaro.org>
To: libc-alpha@sourceware.org
Cc: Siddhesh Poyarekar <siddhesh@gotplt.org>
Subject: [PATCH v3 03/10] string: Improve fortify with clang
Date: Thu,  8 Feb 2024 15:46:15 -0300
Message-Id: <20240208184622.332678-4-adhemerval.zanella@linaro.org>
In-Reply-To: <20240208184622.332678-1-adhemerval.zanella@linaro.org>
References: <20240208184622.332678-1-adhemerval.zanella@linaro.org>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Precedence: list
Errors-To: libc-alpha-bounces+patch=linaro.org@sourceware.org

Series

Improve fortify support with clang | expand

Commit Message

Adhemerval Zanella Netto Feb. 8, 2024, 6:46 p.m. UTC

It improve fortify checks for strcpy, stpcpy, strncpy, stpncpy, strcat,
strncat, strlcpy, and strlcat.  The runtime and compile checks have
similar coverage as with GCC.

Checked on aarch64, armhf, x86_64, and i686.
---
 string/bits/string_fortified.h | 56 +++++++++++++++++++++-------------
 1 file changed, 34 insertions(+), 22 deletions(-)

Comments

Carlos O'Donell Feb. 20, 2024, 10:06 p.m. UTC | #1

On 2/8/24 13:46, Adhemerval Zanella wrote:
> It improve fortify checks for strcpy, stpcpy, strncpy, stpncpy, strcat,
> strncat, strlcpy, and strlcat.  The runtime and compile checks have
> similar coverage as with GCC.

LGTM.

Reviewed-by: Carlos O'Donell <carlos@redhat.com>
Tested-by: Carlos O'Donell <carlos@redhat.com>

> Checked on aarch64, armhf, x86_64, and i686.
> ---
>  string/bits/string_fortified.h | 56 +++++++++++++++++++++-------------
>  1 file changed, 34 insertions(+), 22 deletions(-)
> 
> diff --git a/string/bits/string_fortified.h b/string/bits/string_fortified.h
> index e0714f794c..5c93dd677d 100644
> --- a/string/bits/string_fortified.h
> +++ b/string/bits/string_fortified.h
> @@ -73,24 +73,29 @@ __NTH (explicit_bzero (void *__dest, size_t __len))
>  }
>  #endif
>  
> -__fortify_function char *
> -__NTH (strcpy (char *__restrict __dest, const char *__restrict __src))
> +__fortify_function __attribute_overloadable__ char *
> +__NTH (strcpy (__fortify_clang_overload_arg (char *, __restrict, __dest),
> +	       const char *__restrict __src))
> +     __fortify_clang_warn_if_src_too_large (__dest, __src)

OK.

>  {
>    return __builtin___strcpy_chk (__dest, __src, __glibc_objsize (__dest));
>  }
>  
>  #ifdef __USE_XOPEN2K8
> -__fortify_function char *
> -__NTH (stpcpy (char *__restrict __dest, const char *__restrict __src))
> +__fortify_function __attribute_overloadable__ char *
> +__NTH (stpcpy (__fortify_clang_overload_arg (char *, __restrict, __dest),
> +	       const char *__restrict __src))
> +     __fortify_clang_warn_if_src_too_large (__dest, __src)
>  {
>    return __builtin___stpcpy_chk (__dest, __src, __glibc_objsize (__dest));
>  }
>  #endif
>  
>  
> -__fortify_function char *
> -__NTH (strncpy (char *__restrict __dest, const char *__restrict __src,
> -		size_t __len))
> +__fortify_function __attribute_overloadable__ char *
> +__NTH (strncpy (__fortify_clang_overload_arg (char *, __restrict, __dest),
> +		const char *__restrict __src, size_t __len))
> +     __fortify_clang_warn_if_dest_too_small (__dest, __len)
>  {
>    return __builtin___strncpy_chk (__dest, __src, __len,
>  				  __glibc_objsize (__dest));
> @@ -98,8 +103,10 @@ __NTH (strncpy (char *__restrict __dest, const char *__restrict __src,
>  
>  #ifdef __USE_XOPEN2K8
>  # if __GNUC_PREREQ (4, 7) || __glibc_clang_prereq (2, 6)
> -__fortify_function char *
> -__NTH (stpncpy (char *__dest, const char *__src, size_t __n))
> +__fortify_function __attribute_overloadable__ char *
> +__NTH (stpncpy (__fortify_clang_overload_arg (char *, ,__dest),
> +		const char *__src, size_t __n))
> +     __fortify_clang_warn_if_dest_too_small (__dest, __n)
>  {
>    return __builtin___stpncpy_chk (__dest, __src, __n,
>  				  __glibc_objsize (__dest));
> @@ -112,8 +119,9 @@ extern char *__stpncpy_chk (char *__dest, const char *__src, size_t __n,
>  extern char *__REDIRECT_NTH (__stpncpy_alias, (char *__dest, const char *__src,
>  					       size_t __n), stpncpy);
>  
> -__fortify_function char *
> -__NTH (stpncpy (char *__dest, const char *__src, size_t __n))
> +__fortify_function __attribute_overloadable__ char *
> +__NTH (stpncpy (__fortify_clang_overload_arg (char *, ,__dest),
> +		const char *__src, size_t __n))
>  {
>    if (__bos (__dest) != (size_t) -1
>        && (!__builtin_constant_p (__n) || __n > __bos (__dest)))
> @@ -124,16 +132,19 @@ __NTH (stpncpy (char *__dest, const char *__src, size_t __n))
>  #endif
>  
>  
> -__fortify_function char *
> -__NTH (strcat (char *__restrict __dest, const char *__restrict __src))
> +__fortify_function __attribute_overloadable__ char *
> +__NTH (strcat (__fortify_clang_overload_arg (char *, __restrict, __dest),
> +	       const char *__restrict __src))
> +     __fortify_clang_warn_if_src_too_large (__dest, __src)
>  {
>    return __builtin___strcat_chk (__dest, __src, __glibc_objsize (__dest));
>  }
>  
>  
> -__fortify_function char *
> -__NTH (strncat (char *__restrict __dest, const char *__restrict __src,
> -		size_t __len))
> +__fortify_function __attribute_overloadable__ char *
> +__NTH (strncat (__fortify_clang_overload_arg (char *, __restrict, __dest),
> +		const char *__restrict __src, size_t __len))
> +     __fortify_clang_warn_if_src_too_large (__dest, __src)
>  {
>    return __builtin___strncat_chk (__dest, __src, __len,
>  				  __glibc_objsize (__dest));
> @@ -146,9 +157,10 @@ extern size_t __REDIRECT_NTH (__strlcpy_alias,
>  			      (char *__dest, const char *__src, size_t __n),
>  			      strlcpy);
>  
> -__fortify_function size_t
> -__NTH (strlcpy (char *__restrict __dest, const char *__restrict __src,
> -		size_t __n))
> +__fortify_function __attribute_overloadable__ size_t
> +__NTH (strlcpy (__fortify_clang_overload_arg (char *, __restrict, __dest),
> +		const char *__restrict __src, size_t __n))
> +     __fortify_clang_warn_if_dest_too_small (__dest, __n)
>  {
>    if (__glibc_objsize (__dest) != (size_t) -1
>        && (!__builtin_constant_p (__n > __glibc_objsize (__dest))
> @@ -163,9 +175,9 @@ extern size_t __REDIRECT_NTH (__strlcat_alias,
>  			      (char *__dest, const char *__src, size_t __n),
>  			      strlcat);
>  
> -__fortify_function size_t
> -__NTH (strlcat (char *__restrict __dest, const char *__restrict __src,
> -		size_t __n))
> +__fortify_function __attribute_overloadable__ size_t
> +__NTH (strlcat (__fortify_clang_overload_arg (char *, __restrict, __dest),
> +		const char *__restrict __src, size_t __n))
>  {
>    if (__glibc_objsize (__dest) != (size_t) -1
>        && (!__builtin_constant_p (__n > __glibc_objsize (__dest))

diff --git a/string/bits/string_fortified.h b/string/bits/string_fortified.h
index e0714f794c..5c93dd677d 100644
--- a/string/bits/string_fortified.h
+++ b/string/bits/string_fortified.h
@@ -73,24 +73,29 @@  __NTH (explicit_bzero (void *__dest, size_t __len))
 }
 #endif
 
-__fortify_function char *
-__NTH (strcpy (char *__restrict __dest, const char *__restrict __src))
+__fortify_function __attribute_overloadable__ char *
+__NTH (strcpy (__fortify_clang_overload_arg (char *, __restrict, __dest),
+	       const char *__restrict __src))
+     __fortify_clang_warn_if_src_too_large (__dest, __src)
 {
   return __builtin___strcpy_chk (__dest, __src, __glibc_objsize (__dest));
 }
 
 #ifdef __USE_XOPEN2K8
-__fortify_function char *
-__NTH (stpcpy (char *__restrict __dest, const char *__restrict __src))
+__fortify_function __attribute_overloadable__ char *
+__NTH (stpcpy (__fortify_clang_overload_arg (char *, __restrict, __dest),
+	       const char *__restrict __src))
+     __fortify_clang_warn_if_src_too_large (__dest, __src)
 {
   return __builtin___stpcpy_chk (__dest, __src, __glibc_objsize (__dest));
 }
 #endif
 
 
-__fortify_function char *
-__NTH (strncpy (char *__restrict __dest, const char *__restrict __src,
-		size_t __len))
+__fortify_function __attribute_overloadable__ char *
+__NTH (strncpy (__fortify_clang_overload_arg (char *, __restrict, __dest),
+		const char *__restrict __src, size_t __len))
+     __fortify_clang_warn_if_dest_too_small (__dest, __len)
 {
   return __builtin___strncpy_chk (__dest, __src, __len,
 				  __glibc_objsize (__dest));
@@ -98,8 +103,10 @@  __NTH (strncpy (char *__restrict __dest, const char *__restrict __src,
 
 #ifdef __USE_XOPEN2K8
 # if __GNUC_PREREQ (4, 7) || __glibc_clang_prereq (2, 6)
-__fortify_function char *
-__NTH (stpncpy (char *__dest, const char *__src, size_t __n))
+__fortify_function __attribute_overloadable__ char *
+__NTH (stpncpy (__fortify_clang_overload_arg (char *, ,__dest),
+		const char *__src, size_t __n))
+     __fortify_clang_warn_if_dest_too_small (__dest, __n)
 {
   return __builtin___stpncpy_chk (__dest, __src, __n,
 				  __glibc_objsize (__dest));
@@ -112,8 +119,9 @@  extern char *__stpncpy_chk (char *__dest, const char *__src, size_t __n,
 extern char *__REDIRECT_NTH (__stpncpy_alias, (char *__dest, const char *__src,
 					       size_t __n), stpncpy);
 
-__fortify_function char *
-__NTH (stpncpy (char *__dest, const char *__src, size_t __n))
+__fortify_function __attribute_overloadable__ char *
+__NTH (stpncpy (__fortify_clang_overload_arg (char *, ,__dest),
+		const char *__src, size_t __n))
 {
   if (__bos (__dest) != (size_t) -1
       && (!__builtin_constant_p (__n) || __n > __bos (__dest)))
@@ -124,16 +132,19 @@  __NTH (stpncpy (char *__dest, const char *__src, size_t __n))
 #endif
 
 
-__fortify_function char *
-__NTH (strcat (char *__restrict __dest, const char *__restrict __src))
+__fortify_function __attribute_overloadable__ char *
+__NTH (strcat (__fortify_clang_overload_arg (char *, __restrict, __dest),
+	       const char *__restrict __src))
+     __fortify_clang_warn_if_src_too_large (__dest, __src)
 {
   return __builtin___strcat_chk (__dest, __src, __glibc_objsize (__dest));
 }
 
 
-__fortify_function char *
-__NTH (strncat (char *__restrict __dest, const char *__restrict __src,
-		size_t __len))
+__fortify_function __attribute_overloadable__ char *
+__NTH (strncat (__fortify_clang_overload_arg (char *, __restrict, __dest),
+		const char *__restrict __src, size_t __len))
+     __fortify_clang_warn_if_src_too_large (__dest, __src)
 {
   return __builtin___strncat_chk (__dest, __src, __len,
 				  __glibc_objsize (__dest));
@@ -146,9 +157,10 @@  extern size_t __REDIRECT_NTH (__strlcpy_alias,
 			      (char *__dest, const char *__src, size_t __n),
 			      strlcpy);
 
-__fortify_function size_t
-__NTH (strlcpy (char *__restrict __dest, const char *__restrict __src,
-		size_t __n))
+__fortify_function __attribute_overloadable__ size_t
+__NTH (strlcpy (__fortify_clang_overload_arg (char *, __restrict, __dest),
+		const char *__restrict __src, size_t __n))
+     __fortify_clang_warn_if_dest_too_small (__dest, __n)
 {
   if (__glibc_objsize (__dest) != (size_t) -1
       && (!__builtin_constant_p (__n > __glibc_objsize (__dest))
@@ -163,9 +175,9 @@  extern size_t __REDIRECT_NTH (__strlcat_alias,
 			      (char *__dest, const char *__src, size_t __n),
 			      strlcat);
 
-__fortify_function size_t
-__NTH (strlcat (char *__restrict __dest, const char *__restrict __src,
-		size_t __n))
+__fortify_function __attribute_overloadable__ size_t
+__NTH (strlcat (__fortify_clang_overload_arg (char *, __restrict, __dest),
+		const char *__restrict __src, size_t __n))
 {
   if (__glibc_objsize (__dest) != (size_t) -1
       && (!__builtin_constant_p (__n > __glibc_objsize (__dest))

[v3,03/10] string: Improve fortify with clang

Commit Message

Comments

Patch