From patchwork Thu Feb 8 18:46:15 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Adhemerval Zanella X-Patchwork-Id: 770873 Delivered-To: patch@linaro.org Received: by 2002:adf:9dca:0:b0:33b:4db1:f5b3 with SMTP id q10csp479540wre; Thu, 8 Feb 2024 10:49:15 -0800 (PST) X-Forwarded-Encrypted: i=3; AJvYcCXtMSKUVc5o4G3o1LeiO4sskYBOCp7a2rUzHz5mZt/UfP0AJmdghRamMmvl2WhQFd++7JwtO6qMjbvA6YvyiH2I X-Google-Smtp-Source: AGHT+IEW2JCqSpX6BS1zf1ELnWB9eXNDqY3R2uHyfxCHJ+nVTjCeecj6tqVkokV5JBkWG6TH9FF6 X-Received: by 2002:a0c:e213:0:b0:68c:5b95:10e0 with SMTP id q19-20020a0ce213000000b0068c5b9510e0mr105915qvl.51.1707418155163; Thu, 08 Feb 2024 10:49:15 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1707418155; cv=pass; d=google.com; s=arc-20160816; b=qFgwE5KeOmzrHiEgSrUmoir0zCXHdsh9yeatTyUMPaPppCsoa3+91FOk6W0D7BpBMy LsXHjQpYd9GOqC1wOrjH6wzkQywDQcMrM02vJLRh43vs3M3FUeHTflmOWdXEUJrOJim6 yAt4pSaEfZMJFgE2hpeDxdXfmlNOFPm0r8w5r00IV0D2KEXO/qM+GTr9h2jTd3k1fUkN zlAqSkT7dlbHD/ToYe0pLXg3m/+4uIgabw1q9TyxhnNccNwnmi8alLPEdACODeQDOsx9 R2MWxzmuLKsUSdh6oaCdMlNsxuouN/Ja+B3qORrQygnvODhV+7oFxkhY47JUzBmeHeVJ 3V/Q== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature:arc-filter:dmarc-filter:delivered-to; bh=LdzLlBNJeCkEbeYKXcEkks6OKTNX0VMqX1CCzbSF0So=; fh=vYFcZvXbfO5YtoPOeCHTegN6Jpuw2NjRvNRkA2onti4=; b=ckbeWq8Rm5Rcrv+2CQ3n08HnznvqJIZ+ppkOhLZhjSj4CQnLUliLwxBCoJD8JyFdBO PnEYdljp2nrQcrCjvuwSieL24G+nZxNwF7WwPRo+JtqfD6B1QrFRiU1Dk4jdAgXp0HTw ZbK+MHZZqJySQUXywkKlWf9kIr2A378ajatX0uBvt2hZeh32qw0l/aBAEOoOYFGhnTu0 mZjIMtHE7wFPaw5462Cew0WGCari3vV4QGWwHRpM1qclYFS1SxVkMU5PObTB8z6ta86w dnxjbxa3s5lyJkwrKxWDt4BrTRwl5jYnwXGbc7/+/p1lnICBF4BuvqjH8hDdrbmMW+/8 Z3mQ==; darn=linaro.org ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=qQgFEeq2; arc=pass (i=1); spf=pass (google.com: domain of libc-alpha-bounces+patch=linaro.org@sourceware.org designates 2620:52:3:1:0:246e:9693:128c as permitted sender) smtp.mailfrom="libc-alpha-bounces+patch=linaro.org@sourceware.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org X-Forwarded-Encrypted: i=2; AJvYcCWyC0ZyLcB97ySvN9MR9NJIb054LqIpmog8ToNcXc+zms4ZQ4Ktrj0sZLiEQhkiN3NTOJfgxQQlZciZD9mbPyld Return-Path: Received: from server2.sourceware.org (server2.sourceware.org. [2620:52:3:1:0:246e:9693:128c]) by mx.google.com with ESMTPS id gi7-20020a056214248700b0068cbab014absi123446qvb.595.2024.02.08.10.49.15 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 08 Feb 2024 10:49:15 -0800 (PST) Received-SPF: pass (google.com: domain of libc-alpha-bounces+patch=linaro.org@sourceware.org designates 2620:52:3:1:0:246e:9693:128c as permitted sender) client-ip=2620:52:3:1:0:246e:9693:128c; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=qQgFEeq2; arc=pass (i=1); spf=pass (google.com: domain of libc-alpha-bounces+patch=linaro.org@sourceware.org designates 2620:52:3:1:0:246e:9693:128c as permitted sender) smtp.mailfrom="libc-alpha-bounces+patch=linaro.org@sourceware.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id CFF6C38582B9 for ; Thu, 8 Feb 2024 18:49:14 +0000 (GMT) X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from mail-oa1-x31.google.com (mail-oa1-x31.google.com [IPv6:2001:4860:4864:20::31]) by sourceware.org (Postfix) with ESMTPS id BFED3385828E for ; Thu, 8 Feb 2024 18:46:34 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org BFED3385828E Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=linaro.org ARC-Filter: OpenARC Filter v1.0.0 sourceware.org BFED3385828E Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=2001:4860:4864:20::31 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1707417997; cv=none; b=LgWAf0bL/RvxrrmTtnPR/F++V6oRa0uUcM7T3WOD+xZQsr5p8ft+BFd9Bhhkvj/CxzPFiJqNA2NdRAXMdWMoFNW9LXTjiKYmfu69lCz8VDyE3t7zGO+z3h6BKr4sQqO7eYB/rOuXavoLbchaEPA3nDWYlu7XhLli/mFugp4OJfc= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1707417997; c=relaxed/simple; bh=nEqEFrACg8WteZxdPTGXS7NrEkDvv+loPEsi1nicD4Y=; h=DKIM-Signature:From:To:Subject:Date:Message-Id:MIME-Version; b=Fmqw7jHJ6nw7HBgcbQUR3cRBaZlay2h2/qTnaXitLUfDy/+mC99l2iCXmxD3wW91bglWwuTKNRkMy5YBTAzkVdcGv66uKoPVa8kfzTwywxMcZfi3ovz+Hu+tsMOfG96F6/1ZGVEY9xKthyLKHki6RXJVyJ9ZLyXdGoAqmg1bg4o= ARC-Authentication-Results: i=1; server2.sourceware.org Received: by mail-oa1-x31.google.com with SMTP id 586e51a60fabf-21946b0f3f1so37247fac.0 for ; Thu, 08 Feb 2024 10:46:34 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1707417993; x=1708022793; darn=sourceware.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=LdzLlBNJeCkEbeYKXcEkks6OKTNX0VMqX1CCzbSF0So=; b=qQgFEeq2rV4z6/CXVoeRcNlYVZBtUmQVfiCTNINvT8UF6eeMww31itZAU8kqY9Pmun PLTXSHHE+J2qyRbdbhDFxjbPtwHyn4D6GwcBwFAXzAh7nR4HMMn/RdXZuiEkTRCP/jbc Sx1aD/8Bt2ZAxawPjoWtVQwdW+18iTJnQIpGJZVb6abqyoy9FHpvGS0eL1gxr5ngPTLg Mu1LpiZfUh2OkXbVyDfT+4jVXTq6KEYctHhInC4dJH9AxrlPnmUOSKzIiT0uFaM3DD/V igWUbz+oM6+wAuF9OOoH916VVJg4PBxI72t29wVSFsSzpSlomsTMiBG5P0B/9UNQ5AiP kg1Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1707417993; x=1708022793; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=LdzLlBNJeCkEbeYKXcEkks6OKTNX0VMqX1CCzbSF0So=; b=ftaHiNmATbpTjhUD2f/ZbmP17tY3Dtjku+h0RRhbU3L7RwYmV5doU13BvNbUCNY53J WGtuFudnapHj7YtEU0xubCgvSmXJ/RzSXEuNaIwuu6TvKQMOGLZFKqj+2VWufyHaIw1A G5q62GxEiwmYV6yEgajzLeGOXmktCZT26dgoVPTIMr8Hx06iForvVYfnS0eXm+uCcjc2 uF0HW+O8x1EgCr7owru79ZZjIXdnf9Dmvwm6STvzIfm+psbyJsU92SZwiZ4CM1IgdoSc Cw7yrmmbVWOqFea0JwJ7WbsZIHsM3Xcp/bPJpXfBHW+APRyBAbKmv5cSt5Q4dXdvYI2x 63DA== X-Gm-Message-State: AOJu0Yxgg2jTPFHETsFuKq2REXcXqBO7+mGsj+cTplJBw6Rz9KE6i2Zm Xub9jiroDfX+uuYF26VkVnXOJXgbhGVL072tl/udIJaGM80diXjbMPZsH2kA6cfxraVkWiHwEjw e X-Received: by 2002:a05:6870:8a14:b0:219:8c2a:9ec3 with SMTP id p20-20020a0568708a1400b002198c2a9ec3mr329157oaq.31.1707417993242; Thu, 08 Feb 2024 10:46:33 -0800 (PST) Received: from mandiga.. ([2804:1b3:a7c0:378:6793:1dc3:1346:d6d6]) by smtp.gmail.com with ESMTPSA id n26-20020a638f1a000000b005d7994a08dcsm156408pgd.36.2024.02.08.10.46.31 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 08 Feb 2024 10:46:32 -0800 (PST) From: Adhemerval Zanella To: libc-alpha@sourceware.org Cc: Siddhesh Poyarekar Subject: [PATCH v3 03/10] string: Improve fortify with clang Date: Thu, 8 Feb 2024 15:46:15 -0300 Message-Id: <20240208184622.332678-4-adhemerval.zanella@linaro.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240208184622.332678-1-adhemerval.zanella@linaro.org> References: <20240208184622.332678-1-adhemerval.zanella@linaro.org> MIME-Version: 1.0 X-Spam-Status: No, score=-12.5 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libc-alpha-bounces+patch=linaro.org@sourceware.org It improve fortify checks for strcpy, stpcpy, strncpy, stpncpy, strcat, strncat, strlcpy, and strlcat. The runtime and compile checks have similar coverage as with GCC. Checked on aarch64, armhf, x86_64, and i686. Reviewed-by: Carlos O'Donell Tested-by: Carlos O'Donell --- string/bits/string_fortified.h | 56 +++++++++++++++++++++------------- 1 file changed, 34 insertions(+), 22 deletions(-) diff --git a/string/bits/string_fortified.h b/string/bits/string_fortified.h index e0714f794c..5c93dd677d 100644 --- a/string/bits/string_fortified.h +++ b/string/bits/string_fortified.h @@ -73,24 +73,29 @@ __NTH (explicit_bzero (void *__dest, size_t __len)) } #endif -__fortify_function char * -__NTH (strcpy (char *__restrict __dest, const char *__restrict __src)) +__fortify_function __attribute_overloadable__ char * +__NTH (strcpy (__fortify_clang_overload_arg (char *, __restrict, __dest), + const char *__restrict __src)) + __fortify_clang_warn_if_src_too_large (__dest, __src) { return __builtin___strcpy_chk (__dest, __src, __glibc_objsize (__dest)); } #ifdef __USE_XOPEN2K8 -__fortify_function char * -__NTH (stpcpy (char *__restrict __dest, const char *__restrict __src)) +__fortify_function __attribute_overloadable__ char * +__NTH (stpcpy (__fortify_clang_overload_arg (char *, __restrict, __dest), + const char *__restrict __src)) + __fortify_clang_warn_if_src_too_large (__dest, __src) { return __builtin___stpcpy_chk (__dest, __src, __glibc_objsize (__dest)); } #endif -__fortify_function char * -__NTH (strncpy (char *__restrict __dest, const char *__restrict __src, - size_t __len)) +__fortify_function __attribute_overloadable__ char * +__NTH (strncpy (__fortify_clang_overload_arg (char *, __restrict, __dest), + const char *__restrict __src, size_t __len)) + __fortify_clang_warn_if_dest_too_small (__dest, __len) { return __builtin___strncpy_chk (__dest, __src, __len, __glibc_objsize (__dest)); @@ -98,8 +103,10 @@ __NTH (strncpy (char *__restrict __dest, const char *__restrict __src, #ifdef __USE_XOPEN2K8 # if __GNUC_PREREQ (4, 7) || __glibc_clang_prereq (2, 6) -__fortify_function char * -__NTH (stpncpy (char *__dest, const char *__src, size_t __n)) +__fortify_function __attribute_overloadable__ char * +__NTH (stpncpy (__fortify_clang_overload_arg (char *, ,__dest), + const char *__src, size_t __n)) + __fortify_clang_warn_if_dest_too_small (__dest, __n) { return __builtin___stpncpy_chk (__dest, __src, __n, __glibc_objsize (__dest)); @@ -112,8 +119,9 @@ extern char *__stpncpy_chk (char *__dest, const char *__src, size_t __n, extern char *__REDIRECT_NTH (__stpncpy_alias, (char *__dest, const char *__src, size_t __n), stpncpy); -__fortify_function char * -__NTH (stpncpy (char *__dest, const char *__src, size_t __n)) +__fortify_function __attribute_overloadable__ char * +__NTH (stpncpy (__fortify_clang_overload_arg (char *, ,__dest), + const char *__src, size_t __n)) { if (__bos (__dest) != (size_t) -1 && (!__builtin_constant_p (__n) || __n > __bos (__dest))) @@ -124,16 +132,19 @@ __NTH (stpncpy (char *__dest, const char *__src, size_t __n)) #endif -__fortify_function char * -__NTH (strcat (char *__restrict __dest, const char *__restrict __src)) +__fortify_function __attribute_overloadable__ char * +__NTH (strcat (__fortify_clang_overload_arg (char *, __restrict, __dest), + const char *__restrict __src)) + __fortify_clang_warn_if_src_too_large (__dest, __src) { return __builtin___strcat_chk (__dest, __src, __glibc_objsize (__dest)); } -__fortify_function char * -__NTH (strncat (char *__restrict __dest, const char *__restrict __src, - size_t __len)) +__fortify_function __attribute_overloadable__ char * +__NTH (strncat (__fortify_clang_overload_arg (char *, __restrict, __dest), + const char *__restrict __src, size_t __len)) + __fortify_clang_warn_if_src_too_large (__dest, __src) { return __builtin___strncat_chk (__dest, __src, __len, __glibc_objsize (__dest)); @@ -146,9 +157,10 @@ extern size_t __REDIRECT_NTH (__strlcpy_alias, (char *__dest, const char *__src, size_t __n), strlcpy); -__fortify_function size_t -__NTH (strlcpy (char *__restrict __dest, const char *__restrict __src, - size_t __n)) +__fortify_function __attribute_overloadable__ size_t +__NTH (strlcpy (__fortify_clang_overload_arg (char *, __restrict, __dest), + const char *__restrict __src, size_t __n)) + __fortify_clang_warn_if_dest_too_small (__dest, __n) { if (__glibc_objsize (__dest) != (size_t) -1 && (!__builtin_constant_p (__n > __glibc_objsize (__dest)) @@ -163,9 +175,9 @@ extern size_t __REDIRECT_NTH (__strlcat_alias, (char *__dest, const char *__src, size_t __n), strlcat); -__fortify_function size_t -__NTH (strlcat (char *__restrict __dest, const char *__restrict __src, - size_t __n)) +__fortify_function __attribute_overloadable__ size_t +__NTH (strlcat (__fortify_clang_overload_arg (char *, __restrict, __dest), + const char *__restrict __src, size_t __n)) { if (__glibc_objsize (__dest) != (size_t) -1 && (!__builtin_constant_p (__n > __glibc_objsize (__dest))