From patchwork Mon Jan 8 20:21:42 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Adhemerval Zanella Netto X-Patchwork-Id: 760782 Delivered-To: patch@linaro.org Received: by 2002:a5d:6e02:0:b0:337:62d3:c6d5 with SMTP id h2csp1062110wrz; Mon, 8 Jan 2024 12:22:40 -0800 (PST) X-Google-Smtp-Source: AGHT+IGC8szeumIvB+q2lo+Y3tY54hn9tGUbmFKugU9xAjG++iYQII+ibne2PnZPxQkZXn9Lt3My X-Received: by 2002:a05:6808:f93:b0:3bd:3a70:de82 with SMTP id o19-20020a0568080f9300b003bd3a70de82mr252912oiw.64.1704745359832; Mon, 08 Jan 2024 12:22:39 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1704745359; cv=pass; d=google.com; s=arc-20160816; b=x9Si6gSVtbQ30w9t4JivMsVNQxIlPl0jHs2ClsbQY6KID1q9K7pwPwg66r8A9+7O49 n3TnESuw4k+eVT7Z1mxsq3Dwt9zqmI+2XgVNjO1AxqjpqXBoXGczOpjmSz3e5qHrfGr9 S3x1QbYn+BlDAr51gUahl+Pz3mAUxgg9Z61RmhD2OjjAy8PTDbLY7r9jcVR755Ye0ZAr GoOHxw3iI0LXNEF9nUmGvBIvZLh0yARWVZz1HYQg/Vkf6JcZ/LU/8//4dOMtLWB+eB29 KCq+Ys/hh2orFvflzTMYle3prsARoswtTfNQ5Dq0qS+3AWGhbvO6TRNeyOBM6N184MWh knaQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:to:from :dkim-signature:arc-filter:dmarc-filter:delivered-to; bh=DAbnqmVvxJ2qaueylYzIa9RxY26OjdD8tznagCXqGC4=; fh=dHLBnA+MhGtNtN2B2JMAELi4oD+gmgMg7DL8H0jYbkI=; b=I2g+UW7NJFHfrjNcXXYksmXrJv7jmTAUCv7za915IH45XZG82OnxABKAZI/k6JIk3H ClFMsDwWmPymvnNHcV0n9DzyZzBA5SyZjEe0F1KdFT4QY7FJ1K+dRgLDfgRSBtSegA/X h2w4WPcINBqGN0B4ffE+y8iltZz16fjxukzP/J97gYoQldKr+eIY6QEwQkwg1+XTtxWz od8A5LmhjdDKIZFEe8oybEUrsFHzQ1z1OMW06fUm8yi+dsevMrSYgx6mPrMpCjBtWqQR NSZyvt1zvQ+P65Y9IgR7KJg7dCumrU2657rGpW1BcPrghlSilRbOJc4qSWPFcxhV0ZjJ mdsw== ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=CUmeb3La; arc=pass (i=1); spf=pass (google.com: domain of libc-alpha-bounces+patch=linaro.org@sourceware.org designates 2620:52:3:1:0:246e:9693:128c as permitted sender) smtp.mailfrom="libc-alpha-bounces+patch=linaro.org@sourceware.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from server2.sourceware.org (server2.sourceware.org. [2620:52:3:1:0:246e:9693:128c]) by mx.google.com with ESMTPS id x1-20020a0cc501000000b0067f3c4a99ffsi646808qvi.317.2024.01.08.12.22.39 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 08 Jan 2024 12:22:39 -0800 (PST) Received-SPF: pass (google.com: domain of libc-alpha-bounces+patch=linaro.org@sourceware.org designates 2620:52:3:1:0:246e:9693:128c as permitted sender) client-ip=2620:52:3:1:0:246e:9693:128c; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=CUmeb3La; arc=pass (i=1); spf=pass (google.com: domain of libc-alpha-bounces+patch=linaro.org@sourceware.org designates 2620:52:3:1:0:246e:9693:128c as permitted sender) smtp.mailfrom="libc-alpha-bounces+patch=linaro.org@sourceware.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 736A53857013 for ; Mon, 8 Jan 2024 20:22:39 +0000 (GMT) X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from mail-pf1-x431.google.com (mail-pf1-x431.google.com [IPv6:2607:f8b0:4864:20::431]) by sourceware.org (Postfix) with ESMTPS id 0207C3858C2C for ; Mon, 8 Jan 2024 20:22:00 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 0207C3858C2C Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=linaro.org ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 0207C3858C2C Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=2607:f8b0:4864:20::431 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1704745324; cv=none; b=anRU6/kwTzSbvCFQoQ0evz2Ic1EpM+sk10cZcqHiaqr7MOo2q4S12ZhhGXLnGvANxvyXhY6sjbR7B8vCxY36F7+5eiq+xy2QSEoCTsuNOFcD+CLD2TlPlX9rd2YgfropyfegytLwsBy74zOo1oHoXC24Gieg+W7h5QeNDEGo0zU= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1704745324; c=relaxed/simple; bh=Y92yiU0VNaIJHdyTradk6VcH0pN+frH5YWjwm3UveQc=; h=DKIM-Signature:From:To:Subject:Date:Message-Id:MIME-Version; b=r3R55R/Qh8GkEuFM2eTAqe2N7R3pL44Y8ArJ4nQekd0fGw5NdAV2pXL0Ni7Q2UBqWSCjqkb1CH13Dr24xHV7BNjChZVQKR8MOatJQJqRcjogJn+FHkS+ziljzqXd8fPpQ+QV1C+Lk1xl0GS+UGMvq8wXfIgpeuBuXwbiUf71Tp4= ARC-Authentication-Results: i=1; server2.sourceware.org Received: by mail-pf1-x431.google.com with SMTP id d2e1a72fcca58-6d9bee259c5so1145071b3a.1 for ; Mon, 08 Jan 2024 12:22:00 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1704745319; x=1705350119; darn=sourceware.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=DAbnqmVvxJ2qaueylYzIa9RxY26OjdD8tznagCXqGC4=; b=CUmeb3LaRNRs5gtzrZbp4rwavp3zkhBxbvXPSXgMsWA96VsF+itNAbaCo1KzWTukGy cGuC5bsEFg7YUvWfp/BMQcJJJPp+T4E+ixYaxa0ugcOMw5LzR6Qzi8X97oMBpKSEd1s6 6lADRTfJmqJ4DMk30kdpQRTzfchE72QtgQ1imXRi7cyzd+O0k9xbTxBH9cWPU+G39sd0 MuNNxaMYZYhzYeot2Clk9l2dNwJlW0HIiAQY6vEXlIHjeTVcMNHzttZvhls/efBW4z99 2zIeb1XwI1kjwcO1h8tQ2HNIQQMHoX3QXCC16tzld1YuI7PPhnkcFqtkbeNbyF/qoW1l LpQA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1704745319; x=1705350119; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=DAbnqmVvxJ2qaueylYzIa9RxY26OjdD8tznagCXqGC4=; b=fZ0F68YVDOABRjIQxx8FCu7YEyGtidrhgadXpN89jjA/OPyEMDw4CiICWEM3cdE3Ny MdauolrQx7cdjEjYlql4Qb1czQKO1/OVcu8f6kN5JYQBwCm/TwBCruvfDf7LtCpAzt3L VEKlR5xHkdFso0uonZuo8Lv1fVnANhY2uW88RwmVALKAR5UI8G7GXqh+BHZZE55sxmFu Ei4cjL02a5WNbVY96qDj97isHn5TTInRt8sHZpVkj+vS26SDkkDZfi7dShHLwsLdQU/t SiU4CmwaPhi+O2fRZUCHG90O8Lfe8TYvXhT+EIWghMJ0Vm9klIlG3KGP1s0paVseLHng ZiXQ== X-Gm-Message-State: AOJu0YyMXV/g4fItUuZqhvh1p7amTwsxskWomeMAdQflCFOvfsMCjL5h t7PcU5wUXi1RcML5Zi9mEV//vhF25ihOpYuRYShP45ndAYM= X-Received: by 2002:aa7:8887:0:b0:6d9:bc39:e5ac with SMTP id z7-20020aa78887000000b006d9bc39e5acmr2103041pfe.6.1704745319545; Mon, 08 Jan 2024 12:21:59 -0800 (PST) Received: from mandiga.. ([2804:1b3:a7c1:9dd2:7f25:c108:2fff:5f8e]) by smtp.gmail.com with ESMTPSA id z13-20020a62d10d000000b006d9bdc0f765sm287936pfg.53.2024.01.08.12.21.58 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 08 Jan 2024 12:21:58 -0800 (PST) From: Adhemerval Zanella To: libc-alpha@sourceware.org Subject: [PATCH v2 03/10] string: Improve fortify with clang Date: Mon, 8 Jan 2024 17:21:42 -0300 Message-Id: <20240108202149.335305-4-adhemerval.zanella@linaro.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240108202149.335305-1-adhemerval.zanella@linaro.org> References: <20240108202149.335305-1-adhemerval.zanella@linaro.org> MIME-Version: 1.0 X-Spam-Status: No, score=-12.4 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libc-alpha-bounces+patch=linaro.org@sourceware.org It improve fortify checks for strcpy, stpcpy, strncpy, stpncpy, strcat, strncat, strlcpy, and strlcat. The runtime and compile checks have similar coverage as with GCC. Checked on aarch64, armhf, x86_64, and i686. --- string/bits/string_fortified.h | 57 +++++++++++++++++++++------------- 1 file changed, 35 insertions(+), 22 deletions(-) diff --git a/string/bits/string_fortified.h b/string/bits/string_fortified.h index e0714f794c..83b80184a8 100644 --- a/string/bits/string_fortified.h +++ b/string/bits/string_fortified.h @@ -73,24 +73,29 @@ __NTH (explicit_bzero (void *__dest, size_t __len)) } #endif -__fortify_function char * -__NTH (strcpy (char *__restrict __dest, const char *__restrict __src)) +__fortify_function __attribute_overloadable__ char * +__NTH (strcpy (__fortify_clang_overload_arg (char *, __restrict, __dest), + const char *__restrict __src)) + __fortify_clang_warn_if_src_too_large (__dest, __src) { return __builtin___strcpy_chk (__dest, __src, __glibc_objsize (__dest)); } #ifdef __USE_XOPEN2K8 -__fortify_function char * -__NTH (stpcpy (char *__restrict __dest, const char *__restrict __src)) +__fortify_function __attribute_overloadable__ char * +__NTH (stpcpy (__fortify_clang_overload_arg (char *, __restrict, __dest), + const char *__restrict __src)) + __fortify_clang_warn_if_src_too_large (__dest, __src) { return __builtin___stpcpy_chk (__dest, __src, __glibc_objsize (__dest)); } #endif -__fortify_function char * -__NTH (strncpy (char *__restrict __dest, const char *__restrict __src, - size_t __len)) +__fortify_function __attribute_overloadable__ char * +__NTH (strncpy (__fortify_clang_overload_arg (char *, __restrict, __dest), + const char *__restrict __src, size_t __len)) + __fortify_clang_warn_if_dest_too_small (__dest, __len) { return __builtin___strncpy_chk (__dest, __src, __len, __glibc_objsize (__dest)); @@ -98,8 +103,10 @@ __NTH (strncpy (char *__restrict __dest, const char *__restrict __src, #ifdef __USE_XOPEN2K8 # if __GNUC_PREREQ (4, 7) || __glibc_clang_prereq (2, 6) -__fortify_function char * -__NTH (stpncpy (char *__dest, const char *__src, size_t __n)) +__fortify_function __attribute_overloadable__ char * +__NTH (stpncpy (__fortify_clang_overload_arg (char *, ,__dest), + const char *__src, size_t __n)) + __fortify_clang_warn_if_dest_too_small (__dest, __n) { return __builtin___stpncpy_chk (__dest, __src, __n, __glibc_objsize (__dest)); @@ -112,8 +119,9 @@ extern char *__stpncpy_chk (char *__dest, const char *__src, size_t __n, extern char *__REDIRECT_NTH (__stpncpy_alias, (char *__dest, const char *__src, size_t __n), stpncpy); -__fortify_function char * -__NTH (stpncpy (char *__dest, const char *__src, size_t __n)) +__fortify_function __attribute_overloadable__ char * +__NTH (stpncpy (__fortify_clang_overload_arg (char *, ,__dest), + const char *__src, size_t __n)) { if (__bos (__dest) != (size_t) -1 && (!__builtin_constant_p (__n) || __n > __bos (__dest))) @@ -124,16 +132,19 @@ __NTH (stpncpy (char *__dest, const char *__src, size_t __n)) #endif -__fortify_function char * -__NTH (strcat (char *__restrict __dest, const char *__restrict __src)) +__fortify_function __attribute_overloadable__ char * +__NTH (strcat (__fortify_clang_overload_arg (char *, __restrict, __dest), + const char *__restrict __src)) + __fortify_clang_warn_if_src_too_large (__dest, __src) { return __builtin___strcat_chk (__dest, __src, __glibc_objsize (__dest)); } -__fortify_function char * -__NTH (strncat (char *__restrict __dest, const char *__restrict __src, - size_t __len)) +__fortify_function __attribute_overloadable__ char * +__NTH (strncat (__fortify_clang_overload_arg (char *, __restrict, __dest), + const char *__restrict __src, size_t __len)) + __fortify_clang_warn_if_src_too_large (__dest, __src) { return __builtin___strncat_chk (__dest, __src, __len, __glibc_objsize (__dest)); @@ -146,9 +157,10 @@ extern size_t __REDIRECT_NTH (__strlcpy_alias, (char *__dest, const char *__src, size_t __n), strlcpy); -__fortify_function size_t -__NTH (strlcpy (char *__restrict __dest, const char *__restrict __src, - size_t __n)) +__fortify_function __attribute_overloadable__ size_t +__NTH (strlcpy (__fortify_clang_overload_arg (char *, __restrict, __dest), + const char *__restrict __src, size_t __n)) + __fortify_clang_warn_if_dest_too_small (__dest, __n) { if (__glibc_objsize (__dest) != (size_t) -1 && (!__builtin_constant_p (__n > __glibc_objsize (__dest)) @@ -163,9 +175,10 @@ extern size_t __REDIRECT_NTH (__strlcat_alias, (char *__dest, const char *__src, size_t __n), strlcat); -__fortify_function size_t -__NTH (strlcat (char *__restrict __dest, const char *__restrict __src, - size_t __n)) +__fortify_function __attribute_overloadable__ size_t +__NTH (strlcat (__fortify_clang_overload_arg (char *, __restrict, __dest), + const char *__restrict __src, size_t __n)) + __fortify_clang_warn_if_src_too_large (__dest, __src) { if (__glibc_objsize (__dest) != (size_t) -1 && (!__builtin_constant_p (__n > __glibc_objsize (__dest))