From patchwork Thu Dec 21 18:59:22 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Adhemerval Zanella Netto X-Patchwork-Id: 757035 Delivered-To: patch@linaro.org Received: by 2002:a5d:67c6:0:b0:336:6142:bf13 with SMTP id n6csp1054775wrw; Thu, 21 Dec 2023 11:01:17 -0800 (PST) X-Google-Smtp-Source: AGHT+IElHEJfmKB2pluxazvQvi7e4Y9rk/R9aC2th1ou5C4DlbmZ+Zyl3k7YHIHdlIzcHko5BkmL X-Received: by 2002:a05:6122:d07:b0:4b6:c9fa:d8e4 with SMTP id az7-20020a0561220d0700b004b6c9fad8e4mr136470vkb.31.1703185277418; Thu, 21 Dec 2023 11:01:17 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1703185277; cv=pass; d=google.com; s=arc-20160816; b=TBUEeLLOOwowKsGxHChr83pmCCM0ciLpZfqBOkFu1/UpHSM1ViV6YXhGWqj6x16bqF 1gMK2QoR/IO3sisjueVQCXCoDirv3NOLluK1fvh/wPrKY41emkURY2s/KPs4Pke+ahXd WpMhmbyGlw1ONV3t7GeZ2lZ4txVQAh/TTmQQwu4QWAJmGk6lK8XMSy3HWFxliTP30UPG nXYdWp8wjIZZvZiUyGPBQTTDC/XHXq5QIGzneWL8WTVhzCLW7Y8v4Myut5gXBkncn5Vj vfapJm5/lmCT2XaEpinQCMwIdrQnhRVpPy5y+gnYMF07EsE7fPS6xHkv3AUTJWoxwogS Bzwg== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:to:from :dkim-signature:arc-filter:dmarc-filter:delivered-to; bh=kka7j/sdnm7KuaH4xKqFvU6wFsZxUMTEffpjhif+4Tw=; fh=JNN3k7BRNI1OnWdIBK9jlpNeitGd8uBm02dHI75AGcg=; b=AvfRfjvTlAdsgp8a4VL2QKKT2Kt+4I4pbzNURjCPjtM8qgyMpf9QEdnULcTwxJQq2T aZwmJq/acxwCOorAoTQtpF6rc6kA+jo0Ir6KZUjzRdnPF2iD0LrZFFJDvftDPQZzie86 Q5RxpO17EltrXMsra+mWVzadtZViDtPgkTRqcFfitJl0McC+KiDX1uDB5HqkQUuyUfU8 vSrzbg2Bl+B5W6EjyTtmIOvN65Qn2lRKXV/9DfxXmMZgnYllBZX9Fm6GCiWmlR4jIbWC MTmFwrpUpLK4RJZvdFMC/pXAQeWZ5x2YL/WPebuBIIdNvWrXZJgdShzHcYbP4IiG7D53 Av/w== ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=rMSdNDzN; arc=pass (i=1); spf=pass (google.com: domain of libc-alpha-bounces+patch=linaro.org@sourceware.org designates 8.43.85.97 as permitted sender) smtp.mailfrom="libc-alpha-bounces+patch=linaro.org@sourceware.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from server2.sourceware.org (server2.sourceware.org. [8.43.85.97]) by mx.google.com with ESMTPS id v187-20020a1f48c4000000b004b6cdedc474si565533vka.267.2023.12.21.11.01.17 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 21 Dec 2023 11:01:17 -0800 (PST) Received-SPF: pass (google.com: domain of libc-alpha-bounces+patch=linaro.org@sourceware.org designates 8.43.85.97 as permitted sender) client-ip=8.43.85.97; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=rMSdNDzN; arc=pass (i=1); spf=pass (google.com: domain of libc-alpha-bounces+patch=linaro.org@sourceware.org designates 8.43.85.97 as permitted sender) smtp.mailfrom="libc-alpha-bounces+patch=linaro.org@sourceware.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 168FB38708C2 for ; Thu, 21 Dec 2023 19:01:10 +0000 (GMT) X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from mail-pf1-x435.google.com (mail-pf1-x435.google.com [IPv6:2607:f8b0:4864:20::435]) by sourceware.org (Postfix) with ESMTPS id BB51C3858436 for ; Thu, 21 Dec 2023 18:59:58 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org BB51C3858436 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=linaro.org ARC-Filter: OpenARC Filter v1.0.0 sourceware.org BB51C3858436 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=2607:f8b0:4864:20::435 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1703185200; cv=none; b=HouUFwoSPH8ECInmn3iJMiU/kETrIRDkMFIFQilsd9IQCh7hoRaQby7nd8texEgm+hSLdskiQal94fQGx+gr4TaY+1CQ14Mi2d7K+Ebp4apeR5YKasNwxjt/w9Epii/1MFD+Lc1iMCkb7EmHivRQeRaLsq2x5srUtSuzsn7XdUc= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1703185200; c=relaxed/simple; bh=3/b1tO21Q36coU5OqzUrl8JcRZYYJ/PidqujGYb3NwY=; h=DKIM-Signature:From:To:Subject:Date:Message-Id:MIME-Version; b=kAnh+MqJ5m68fWyNVliNeDg9StaImv5CRu4onjsI/UtTX77eksr+zHm0wgcr9U7K/htASArVTXA3f9wUGNLdLaLch9w1ge2ENadAQZfNiSXmnTR6AQ1jIZGxhmdl/kzrtwSPvXw0p+EniVcCFW6unYlbsJVkq6/sg3c3v7CWC5I= ARC-Authentication-Results: i=1; server2.sourceware.org Received: by mail-pf1-x435.google.com with SMTP id d2e1a72fcca58-6d5c4cb8a4cso615299b3a.3 for ; Thu, 21 Dec 2023 10:59:58 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1703185197; x=1703789997; darn=sourceware.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=kka7j/sdnm7KuaH4xKqFvU6wFsZxUMTEffpjhif+4Tw=; b=rMSdNDzNEx9vNPcYzKdQQOE5Pv3SgejSo8b7qzX/ectqzofKHjXiewT6qbMdyjeGA+ sjgR4YigJg6xjjXh8bPrsRxWGrqT+rssjuWnx5M3ggOSy1JjBQ2QFXt6IN8e5zhQRW2H Ts6iqEdj/lRQGRJe4La2ynjp+IWvXe5+WnKR60/ofS27NxrEAP1K2vGrqVIvbrlQe25H YVjKh735Vb4MA9LegvK7h9Z3V1CMdT4bDWlvNXBZi0kdMVo6m0YQHEsJkTmaGhu7GmG1 G6rjnDpKRQW5wVWaKbXJ3KoLNSO3LbcxDMCGkzNLMaaxNN/svoJ80S6qdX0ozeB5Btci 2Wlg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1703185197; x=1703789997; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=kka7j/sdnm7KuaH4xKqFvU6wFsZxUMTEffpjhif+4Tw=; b=JYlD5Q+BvbhiuZCOW85Fp8eichPmCm2P1AxmJzWgH4O3aeNzqeTFr0sYjJ/Ttzwc+N pz9SjuJTs/NTtA6dqz4Nd49id42Is40+AzSFXTLxYSJVhm2JfaOhN3F3E10EaLLxri25 FezI+YVkHfgUf/2I6MXbMvY1SLFKCfesIsDxirLqNLXBy1TSVc0hd6u8EGPv2bdTr1fn GAc4abjWekbQjtbkpviyvJbqWZThZpwFPAqhsjyKtTvVdBOkuGiQdHH/p+1xU/HqzxDy xwpVa2QgRqyW/xwxSd5WetcIrNXyj+dtSWe+4xJwlOZraX784yKTqfJ4I5MNZT2+g0g9 2h/Q== X-Gm-Message-State: AOJu0Yyjw1+42Yn/8KeQ6c346r4DpxudQzgEXHMsJ5JjQlV+Aantksf5 7gLY1G6QbAvZeswR31yY+XEbES8XERDIDjB9kW1ZKZdg6ho= X-Received: by 2002:a05:6a00:2a8:b0:6d8:6abc:ca17 with SMTP id q8-20020a056a0002a800b006d86abcca17mr125903pfs.15.1703185197284; Thu, 21 Dec 2023 10:59:57 -0800 (PST) Received: from mandiga.. ([2804:1b3:a7c0:8192:ecd7:d327:bea0:14dc]) by smtp.gmail.com with ESMTPSA id a9-20020a63e409000000b005cdbebd61d8sm1946165pgi.9.2023.12.21.10.59.55 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 21 Dec 2023 10:59:56 -0800 (PST) From: Adhemerval Zanella To: libc-alpha@sourceware.org, Siddhesh Poyarekar Subject: [PATCH 08/15] string: Improve fortify with clang Date: Thu, 21 Dec 2023 15:59:22 -0300 Message-Id: <20231221185929.1307116-9-adhemerval.zanella@linaro.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20231221185929.1307116-1-adhemerval.zanella@linaro.org> References: <20231221185929.1307116-1-adhemerval.zanella@linaro.org> MIME-Version: 1.0 X-Spam-Status: No, score=-12.7 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libc-alpha-bounces+patch=linaro.org@sourceware.org It improve fortify checks for strcpy, stpcpy, strncpy, stpncpy, strcat, strncat, strlcpy, and strlcat. The runtime and compile checks have similar coverage as with GCC. Checked on aarch64, armhf, x86_64, and i686. --- string/bits/string_fortified.h | 57 +++++++++++++++++++++------------- 1 file changed, 35 insertions(+), 22 deletions(-) diff --git a/string/bits/string_fortified.h b/string/bits/string_fortified.h index 23ef064168..d3ee250642 100644 --- a/string/bits/string_fortified.h +++ b/string/bits/string_fortified.h @@ -73,24 +73,29 @@ __NTH (explicit_bzero (void *__dest, size_t __len)) } #endif -__fortify_function char * -__NTH (strcpy (char *__restrict __dest, const char *__restrict __src)) +__fortify_function __attribute_overloadable__ char * +__NTH (strcpy (__fortify_clang_overload_arg (char *, __restrict, __dest), + const char *__restrict __src)) + __fortify_clang_warn_if_src_too_large (__dest, __src) { return __builtin___strcpy_chk (__dest, __src, __glibc_objsize (__dest)); } #ifdef __USE_XOPEN2K8 -__fortify_function char * -__NTH (stpcpy (char *__restrict __dest, const char *__restrict __src)) +__fortify_function __attribute_overloadable__ char * +__NTH (stpcpy (__fortify_clang_overload_arg (char *, __restrict, __dest), + const char *__restrict __src)) + __fortify_clang_warn_if_src_too_large (__dest, __src) { return __builtin___stpcpy_chk (__dest, __src, __glibc_objsize (__dest)); } #endif -__fortify_function char * -__NTH (strncpy (char *__restrict __dest, const char *__restrict __src, - size_t __len)) +__fortify_function __attribute_overloadable__ char * +__NTH (strncpy (__fortify_clang_overload_arg (char *, __restrict, __dest), + const char *__restrict __src, size_t __len)) + __fortify_clang_warn_if_dest_too_small (__dest, __len) { return __builtin___strncpy_chk (__dest, __src, __len, __glibc_objsize (__dest)); @@ -98,8 +103,10 @@ __NTH (strncpy (char *__restrict __dest, const char *__restrict __src, #ifdef __USE_XOPEN2K8 # if __GNUC_PREREQ (4, 7) || __glibc_clang_prereq (2, 6) -__fortify_function char * -__NTH (stpncpy (char *__dest, const char *__src, size_t __n)) +__fortify_function __attribute_overloadable__ char * +__NTH (stpncpy (__fortify_clang_overload_arg (char *, ,__dest), + const char *__src, size_t __n)) + __fortify_clang_warn_if_dest_too_small (__dest, __n) { return __builtin___stpncpy_chk (__dest, __src, __n, __glibc_objsize (__dest)); @@ -112,8 +119,9 @@ extern char *__stpncpy_chk (char *__dest, const char *__src, size_t __n, extern char *__REDIRECT_NTH (__stpncpy_alias, (char *__dest, const char *__src, size_t __n), stpncpy); -__fortify_function char * -__NTH (stpncpy (char *__dest, const char *__src, size_t __n)) +__fortify_function __attribute_overloadable__ char * +__NTH (stpncpy (__fortify_clang_overload_arg (char *, ,__dest), + const char *__src, size_t __n)) { if (__bos (__dest) != (size_t) -1 && (!__builtin_constant_p (__n) || __n > __bos (__dest))) @@ -124,16 +132,19 @@ __NTH (stpncpy (char *__dest, const char *__src, size_t __n)) #endif -__fortify_function char * -__NTH (strcat (char *__restrict __dest, const char *__restrict __src)) +__fortify_function __attribute_overloadable__ char * +__NTH (strcat (__fortify_clang_overload_arg (char *, __restrict, __dest), + const char *__restrict __src)) + __fortify_clang_warn_if_src_too_large (__dest, __src) { return __builtin___strcat_chk (__dest, __src, __glibc_objsize (__dest)); } -__fortify_function char * -__NTH (strncat (char *__restrict __dest, const char *__restrict __src, - size_t __len)) +__fortify_function __attribute_overloadable__ char * +__NTH (strncat (__fortify_clang_overload_arg (char *, __restrict, __dest), + const char *__restrict __src, size_t __len)) + __fortify_clang_warn_if_src_too_large (__dest, __src) { return __builtin___strncat_chk (__dest, __src, __len, __glibc_objsize (__dest)); @@ -146,9 +157,10 @@ extern size_t __REDIRECT_NTH (__strlcpy_alias, (char *__dest, const char *__src, size_t __n), strlcpy); -__fortify_function size_t -__NTH (strlcpy (char *__restrict __dest, const char *__restrict __src, - size_t __n)) +__fortify_function __attribute_overloadable__ size_t +__NTH (strlcpy (__fortify_clang_overload_arg (char *, __restrict, __dest), + const char *__restrict __src, size_t __n)) + __fortify_clang_warn_if_dest_too_small (__dest, __n) { if (__glibc_objsize (__dest) != (size_t) -1 && (!__builtin_constant_p (__n > __glibc_objsize (__dest)) @@ -163,9 +175,10 @@ extern size_t __REDIRECT_NTH (__strlcat_alias, (char *__dest, const char *__src, size_t __n), strlcat); -__fortify_function size_t -__NTH (strlcat (char *__restrict __dest, const char *__restrict __src, - size_t __n)) +__fortify_function __attribute_overloadable__ size_t +__NTH (strlcat (__fortify_clang_overload_arg (char *, __restrict, __dest), + const char *__restrict __src, size_t __n)) + __fortify_clang_warn_if_src_too_large (__dest, __src) { if (__glibc_objsize (__dest) != (size_t) -1 && (!__builtin_constant_p (__n > __glibc_objsize (__dest))