* [PATCH v7 0/4] _FORTIFY_SOURCE=3
@ 2020-12-30 6:43 Siddhesh Poyarekar via Libc-alpha
2020-12-30 6:43 ` [PATCH v7 1/4] Warn on unsupported fortification levels Siddhesh Poyarekar via Libc-alpha
` (3 more replies)
0 siblings, 4 replies; 10+ messages in thread
From: Siddhesh Poyarekar via Libc-alpha @ 2020-12-30 6:43 UTC (permalink / raw
To: libc-alpha; +Cc: fweimer, jakub
This patchset implements a new fortification level, _FORTIFY_SOURCE=3.
This level allows size information to be dynamic, which may potentially
have a noticeable performance impact. It uses the
__builtin_dynamic_object_size builtin available in clang to expand
coverage of fortifications at the expense of some performance.
Patch 1/4 adds a warning on unsupported _FORTIFY_LEVEL values. This
change can go in independently of the new fortification level.
Patch 2/4 adds the macro scaffolding to allow the new _FORTIFY_SOURCE
level and to select the __builtin_dynamic_object_size builtin when it is
available.
Patch 3/4 adds support for string functions; these functions have
additional fortified builtins of the form __builtin___func_chk.
Patch 4/4 adds support for non-string functions that are
fortification-ready for levels 1 and 2.
Testing:
The glibc testsuite doesn't directly support clang at the moment, so
having tests in the glibc source tree is pointless as long as gcc does
not have support for __builtin_dynamic_object_size. There is a separate
project on GitHub called fortify-test-suite[1] that houses fortification
tests and is capable of testing multiple levels of fortification with
multiple compilers. I have proposed a PR[2] to add support for
_FORTIFY_SOURCE=3 and have verified my changes with those tests.
Those tests run clean for clang when run with these changes and PR[2]
and they fail at level 3 for gcc, as expected.
[1] https://github.com/serge-sans-paille/fortify-test-suite
[2] https://github.com/serge-sans-paille/fortify-test-suite/pull/9
Changes since last version of the patchset:
- Split out patches as suggested during review
- Renamed __objsize to __glibc_objsize
Siddhesh Poyarekar (4):
Warn on unsupported fortification levels
Introduce _FORTIFY_SOURCE=3
string: Enable __FORTIFY_LEVEL=3
nonstring: Enable __FORTIFY_LEVEL=3
NEWS | 6 ++
include/features.h | 8 ++
include/string.h | 5 +-
io/bits/poll2.h | 18 ++--
libio/bits/stdio.h | 2 +-
libio/bits/stdio2.h | 62 ++++++++------
manual/creature.texi | 3 +-
misc/sys/cdefs.h | 9 ++
posix/bits/unistd.h | 120 ++++++++++++++------------
socket/bits/socket2.h | 22 ++---
stdlib/bits/stdlib.h | 42 +++++----
string/bits/string_fortified.h | 29 ++++---
string/bits/strings_fortified.h | 6 +-
wcsmbs/bits/wchar2.h | 146 ++++++++++++++++++--------------
14 files changed, 279 insertions(+), 199 deletions(-)
--
2.29.2
^ permalink raw reply [flat|nested] 10+ messages in thread
* [PATCH v7 1/4] Warn on unsupported fortification levels
2020-12-30 6:43 [PATCH v7 0/4] _FORTIFY_SOURCE=3 Siddhesh Poyarekar via Libc-alpha
@ 2020-12-30 6:43 ` Siddhesh Poyarekar via Libc-alpha
2020-12-31 10:45 ` Adhemerval Zanella via Libc-alpha
2020-12-30 6:43 ` [PATCH v7 2/4] Introduce _FORTIFY_SOURCE=3 Siddhesh Poyarekar via Libc-alpha
` (2 subsequent siblings)
3 siblings, 1 reply; 10+ messages in thread
From: Siddhesh Poyarekar via Libc-alpha @ 2020-12-30 6:43 UTC (permalink / raw
To: libc-alpha; +Cc: fweimer, jakub
Make the _FORTIFY_SOURCE macro soup in features.h warn about
unsupported fortification levels. For example, it will warn about
_FORTIFY_SOURCE=3 and over with an indication of which level has been
selected.
Co-authored-by: Paul Eggert <eggert@cs.ucla.edu>
---
NEWS | 6 ++++++
include/features.h | 3 +++
manual/creature.texi | 3 ++-
3 files changed, 11 insertions(+), 1 deletion(-)
diff --git a/NEWS b/NEWS
index 86e05fb023..8e02dbd0f7 100644
--- a/NEWS
+++ b/NEWS
@@ -28,6 +28,12 @@ Major new features:
The 32-bit RISC-V port requires at least Linux 5.4, GCC 7.1 and binutils
2.28.
+* A new fortification level _FORTIFY_SOURCE=3 is available. At this level,
+ glibc may use additional checks that may have an additional performance
+ overhead. At present these checks are available only on LLVM 9 and later.
+ The latest GCC available at this time (10.2) does not support this level of
+ fortification.
+
Deprecated and removed features, and other changes affecting compatibility:
* The mallinfo function is marked deprecated. Callers should call
diff --git a/include/features.h b/include/features.h
index f3e62d3362..540230b90b 100644
--- a/include/features.h
+++ b/include/features.h
@@ -398,6 +398,9 @@
# elif !__GNUC_PREREQ (4, 1)
# warning _FORTIFY_SOURCE requires GCC 4.1 or later
# elif _FORTIFY_SOURCE > 1
+# if _FORTIFY_SOURCE > 2
+# warning _FORTIFY_SOURCE > 2 is treated like 2 on this platform
+# endif
# define __USE_FORTIFY_LEVEL 2
# else
# define __USE_FORTIFY_LEVEL 1
diff --git a/manual/creature.texi b/manual/creature.texi
index be5050468b..31208ccb2b 100644
--- a/manual/creature.texi
+++ b/manual/creature.texi
@@ -254,7 +254,8 @@ included.
@standards{GNU, (none)}
If this macro is defined to @math{1}, security hardening is added to
various library functions. If defined to @math{2}, even stricter
-checks are applied.
+checks are applied. If defined to @math{3}, @theglibc{} may also use
+checks that may have an additional performance overhead.
@end defvr
@defvr Macro _REENTRANT
--
2.29.2
^ permalink raw reply related [flat|nested] 10+ messages in thread
* [PATCH v7 2/4] Introduce _FORTIFY_SOURCE=3
2020-12-30 6:43 [PATCH v7 0/4] _FORTIFY_SOURCE=3 Siddhesh Poyarekar via Libc-alpha
2020-12-30 6:43 ` [PATCH v7 1/4] Warn on unsupported fortification levels Siddhesh Poyarekar via Libc-alpha
@ 2020-12-30 6:43 ` Siddhesh Poyarekar via Libc-alpha
2020-12-31 10:47 ` Adhemerval Zanella via Libc-alpha
2020-12-30 6:43 ` [PATCH v7 3/4] string: Enable __FORTIFY_LEVEL=3 Siddhesh Poyarekar via Libc-alpha
2020-12-30 6:43 ` [PATCH v7 4/4] nonstring: " Siddhesh Poyarekar via Libc-alpha
3 siblings, 1 reply; 10+ messages in thread
From: Siddhesh Poyarekar via Libc-alpha @ 2020-12-30 6:43 UTC (permalink / raw
To: libc-alpha; +Cc: fweimer, jakub
Introduce a new _FORTIFY_SOURCE level of 3 to enable additional
fortifications that may have a noticeable performance impact, allowing
more fortification coverage at the cost of some performance.
With llvm 9.0 or later, this will replace the use of
__builtin_object_size with __builtin_dynamic_object_size.
__builtin_dynamic_object_size
-----------------------------
__builtin_dynamic_object_size is an LLVM builtin that is similar to
__builtin_object_size. In addition to what __builtin_object_size
does, i.e. replace the builtin call with a constant object size,
__builtin_dynamic_object_size will replace the call site with an
expression that evaluates to the object size, thus expanding its
applicability. In practice, __builtin_dynamic_object_size evaluates
these expressions through malloc/calloc calls that it can associate
with the object being evaluated.
A simple motivating example is below; -D_FORTIFY_SOURCE=2 would miss
this and emit memcpy, but -D_FORTIFY_SOURCE=3 with the help of
__builtin_dynamic_object_size is able to emit __memcpy_chk with the
allocation size expression passed into the function:
void *copy_obj (const void *src, size_t alloc, size_t copysize)
{
void *obj = malloc (alloc);
memcpy (obj, src, copysize);
return obj;
}
Limitations
-----------
If the object was allocated elsewhere that the compiler cannot see, or
if it was allocated in the function with a function that the compiler
does not recognize as an allocator then __builtin_dynamic_object_size
also returns -1.
Further, the expression used to compute object size may be non-trivial
and may potentially incur a noticeable performance impact. These
fortifications are hence enabled at a new _FORTIFY_SOURCE level to
allow developers to make a choice on the tradeoff according to their
environment.
---
include/features.h | 5 +++++
misc/sys/cdefs.h | 9 +++++++++
2 files changed, 14 insertions(+)
diff --git a/include/features.h b/include/features.h
index 540230b90b..066eb0eecd 100644
--- a/include/features.h
+++ b/include/features.h
@@ -397,6 +397,11 @@
# warning _FORTIFY_SOURCE requires compiling with optimization (-O)
# elif !__GNUC_PREREQ (4, 1)
# warning _FORTIFY_SOURCE requires GCC 4.1 or later
+# elif _FORTIFY_SOURCE > 2 && __glibc_clang_prereq (9, 0)
+# if _FORTIFY_SOURCE > 3
+# warning _FORTIFY_SOURCE > 3 is treated like 3 on this platform
+# endif
+# define __USE_FORTIFY_LEVEL 3
# elif _FORTIFY_SOURCE > 1
# if _FORTIFY_SOURCE > 2
# warning _FORTIFY_SOURCE > 2 is treated like 2 on this platform
diff --git a/misc/sys/cdefs.h b/misc/sys/cdefs.h
index a06f1cfd91..5fb6e309be 100644
--- a/misc/sys/cdefs.h
+++ b/misc/sys/cdefs.h
@@ -127,6 +127,15 @@
#define __bos(ptr) __builtin_object_size (ptr, __USE_FORTIFY_LEVEL > 1)
#define __bos0(ptr) __builtin_object_size (ptr, 0)
+/* Use __builtin_dynamic_object_size at _FORTIFY_SOURCE=3 when available. */
+#if __USE_FORTIFY_LEVEL == 3 && __glibc_clang_prereq (9, 0)
+# define __glibc_objsize0(__o) __builtin_dynamic_object_size (__o, 0)
+# define __glibc_objsize(__o) __builtin_dynamic_object_size (__o, 1)
+#else
+# define __glibc_objsize0(__o) __bos0 (__o)
+# define __glibc_objsize(__o) __bos (__o)
+#endif
+
#if __GNUC_PREREQ (4,3)
# define __warnattr(msg) __attribute__((__warning__ (msg)))
# define __errordecl(name, msg) \
--
2.29.2
^ permalink raw reply related [flat|nested] 10+ messages in thread
* [PATCH v7 3/4] string: Enable __FORTIFY_LEVEL=3
2020-12-30 6:43 [PATCH v7 0/4] _FORTIFY_SOURCE=3 Siddhesh Poyarekar via Libc-alpha
2020-12-30 6:43 ` [PATCH v7 1/4] Warn on unsupported fortification levels Siddhesh Poyarekar via Libc-alpha
2020-12-30 6:43 ` [PATCH v7 2/4] Introduce _FORTIFY_SOURCE=3 Siddhesh Poyarekar via Libc-alpha
@ 2020-12-30 6:43 ` Siddhesh Poyarekar via Libc-alpha
2020-12-31 10:48 ` Adhemerval Zanella via Libc-alpha
2020-12-30 6:43 ` [PATCH v7 4/4] nonstring: " Siddhesh Poyarekar via Libc-alpha
3 siblings, 1 reply; 10+ messages in thread
From: Siddhesh Poyarekar via Libc-alpha @ 2020-12-30 6:43 UTC (permalink / raw
To: libc-alpha; +Cc: fweimer, jakub
This change enhances fortified string functions to use
__builtin_dynamic_object_size under _FORTIFY_SOURCE=3 whenever the
compiler supports it.
---
include/string.h | 5 +++--
string/bits/string_fortified.h | 29 ++++++++++++++++++-----------
string/bits/strings_fortified.h | 6 ++++--
3 files changed, 25 insertions(+), 15 deletions(-)
diff --git a/include/string.h b/include/string.h
index 7d344d77d4..81dab39891 100644
--- a/include/string.h
+++ b/include/string.h
@@ -123,10 +123,11 @@ libc_hidden_proto (__strerror_l)
void __explicit_bzero_chk_internal (void *, size_t, size_t)
__THROW __nonnull ((1)) attribute_hidden;
# define explicit_bzero(buf, len) \
- __explicit_bzero_chk_internal (buf, len, __bos0 (buf))
+ __explicit_bzero_chk_internal (buf, len, __glibc_objsize0 (buf))
#elif !IS_IN (nonlib)
void __explicit_bzero_chk (void *, size_t, size_t) __THROW __nonnull ((1));
-# define explicit_bzero(buf, len) __explicit_bzero_chk (buf, len, __bos0 (buf))
+# define explicit_bzero(buf, len) __explicit_bzero_chk (buf, len, \
+ __glibc_objsize0 (buf))
#endif
libc_hidden_builtin_proto (memchr)
diff --git a/string/bits/string_fortified.h b/string/bits/string_fortified.h
index 4c1aeb45f1..92d75f10fa 100644
--- a/string/bits/string_fortified.h
+++ b/string/bits/string_fortified.h
@@ -26,13 +26,15 @@ __fortify_function void *
__NTH (memcpy (void *__restrict __dest, const void *__restrict __src,
size_t __len))
{
- return __builtin___memcpy_chk (__dest, __src, __len, __bos0 (__dest));
+ return __builtin___memcpy_chk (__dest, __src, __len,
+ __glibc_objsize0 (__dest));
}
__fortify_function void *
__NTH (memmove (void *__dest, const void *__src, size_t __len))
{
- return __builtin___memmove_chk (__dest, __src, __len, __bos0 (__dest));
+ return __builtin___memmove_chk (__dest, __src, __len,
+ __glibc_objsize0 (__dest));
}
#ifdef __USE_GNU
@@ -40,7 +42,8 @@ __fortify_function void *
__NTH (mempcpy (void *__restrict __dest, const void *__restrict __src,
size_t __len))
{
- return __builtin___mempcpy_chk (__dest, __src, __len, __bos0 (__dest));
+ return __builtin___mempcpy_chk (__dest, __src, __len,
+ __glibc_objsize0 (__dest));
}
#endif
@@ -53,7 +56,8 @@ __NTH (mempcpy (void *__restrict __dest, const void *__restrict __src,
__fortify_function void *
__NTH (memset (void *__dest, int __ch, size_t __len))
{
- return __builtin___memset_chk (__dest, __ch, __len, __bos0 (__dest));
+ return __builtin___memset_chk (__dest, __ch, __len,
+ __glibc_objsize0 (__dest));
}
#ifdef __USE_MISC
@@ -65,21 +69,21 @@ void __explicit_bzero_chk (void *__dest, size_t __len, size_t __destlen)
__fortify_function void
__NTH (explicit_bzero (void *__dest, size_t __len))
{
- __explicit_bzero_chk (__dest, __len, __bos0 (__dest));
+ __explicit_bzero_chk (__dest, __len, __glibc_objsize0 (__dest));
}
#endif
__fortify_function char *
__NTH (strcpy (char *__restrict __dest, const char *__restrict __src))
{
- return __builtin___strcpy_chk (__dest, __src, __bos (__dest));
+ return __builtin___strcpy_chk (__dest, __src, __glibc_objsize (__dest));
}
#ifdef __USE_GNU
__fortify_function char *
__NTH (stpcpy (char *__restrict __dest, const char *__restrict __src))
{
- return __builtin___stpcpy_chk (__dest, __src, __bos (__dest));
+ return __builtin___stpcpy_chk (__dest, __src, __glibc_objsize (__dest));
}
#endif
@@ -88,14 +92,16 @@ __fortify_function char *
__NTH (strncpy (char *__restrict __dest, const char *__restrict __src,
size_t __len))
{
- return __builtin___strncpy_chk (__dest, __src, __len, __bos (__dest));
+ return __builtin___strncpy_chk (__dest, __src, __len,
+ __glibc_objsize (__dest));
}
#if __GNUC_PREREQ (4, 7) || __glibc_clang_prereq (2, 6)
__fortify_function char *
__NTH (stpncpy (char *__dest, const char *__src, size_t __n))
{
- return __builtin___stpncpy_chk (__dest, __src, __n, __bos (__dest));
+ return __builtin___stpncpy_chk (__dest, __src, __n,
+ __glibc_objsize (__dest));
}
#else
extern char *__stpncpy_chk (char *__dest, const char *__src, size_t __n,
@@ -118,7 +124,7 @@ __NTH (stpncpy (char *__dest, const char *__src, size_t __n))
__fortify_function char *
__NTH (strcat (char *__restrict __dest, const char *__restrict __src))
{
- return __builtin___strcat_chk (__dest, __src, __bos (__dest));
+ return __builtin___strcat_chk (__dest, __src, __glibc_objsize (__dest));
}
@@ -126,7 +132,8 @@ __fortify_function char *
__NTH (strncat (char *__restrict __dest, const char *__restrict __src,
size_t __len))
{
- return __builtin___strncat_chk (__dest, __src, __len, __bos (__dest));
+ return __builtin___strncat_chk (__dest, __src, __len,
+ __glibc_objsize (__dest));
}
#endif /* bits/string_fortified.h */
diff --git a/string/bits/strings_fortified.h b/string/bits/strings_fortified.h
index d4091f4f69..7752faf4e3 100644
--- a/string/bits/strings_fortified.h
+++ b/string/bits/strings_fortified.h
@@ -22,13 +22,15 @@
__fortify_function void
__NTH (bcopy (const void *__src, void *__dest, size_t __len))
{
- (void) __builtin___memmove_chk (__dest, __src, __len, __bos0 (__dest));
+ (void) __builtin___memmove_chk (__dest, __src, __len,
+ __glibc_objsize0 (__dest));
}
__fortify_function void
__NTH (bzero (void *__dest, size_t __len))
{
- (void) __builtin___memset_chk (__dest, '\0', __len, __bos0 (__dest));
+ (void) __builtin___memset_chk (__dest, '\0', __len,
+ __glibc_objsize0 (__dest));
}
#endif
--
2.29.2
^ permalink raw reply related [flat|nested] 10+ messages in thread
* [PATCH v7 4/4] nonstring: Enable __FORTIFY_LEVEL=3
2020-12-30 6:43 [PATCH v7 0/4] _FORTIFY_SOURCE=3 Siddhesh Poyarekar via Libc-alpha
` (2 preceding siblings ...)
2020-12-30 6:43 ` [PATCH v7 3/4] string: Enable __FORTIFY_LEVEL=3 Siddhesh Poyarekar via Libc-alpha
@ 2020-12-30 6:43 ` Siddhesh Poyarekar via Libc-alpha
2020-12-31 10:50 ` Adhemerval Zanella via Libc-alpha
3 siblings, 1 reply; 10+ messages in thread
From: Siddhesh Poyarekar via Libc-alpha @ 2020-12-30 6:43 UTC (permalink / raw
To: libc-alpha; +Cc: fweimer, jakub
Use __builtin_dynamic_object_size in the remaining functions that
don't have compiler builtins as is the case for string functions.
---
io/bits/poll2.h | 18 +++---
libio/bits/stdio.h | 2 +-
libio/bits/stdio2.h | 62 ++++++++++--------
posix/bits/unistd.h | 120 ++++++++++++++++++----------------
socket/bits/socket2.h | 22 ++++---
stdlib/bits/stdlib.h | 42 ++++++------
wcsmbs/bits/wchar2.h | 146 ++++++++++++++++++++++++------------------
7 files changed, 229 insertions(+), 183 deletions(-)
diff --git a/io/bits/poll2.h b/io/bits/poll2.h
index dca49717db..d204351bd0 100644
--- a/io/bits/poll2.h
+++ b/io/bits/poll2.h
@@ -35,12 +35,13 @@ extern int __REDIRECT (__poll_chk_warn, (struct pollfd *__fds, nfds_t __nfds,
__fortify_function int
poll (struct pollfd *__fds, nfds_t __nfds, int __timeout)
{
- if (__bos (__fds) != (__SIZE_TYPE__) -1)
+ if (__glibc_objsize (__fds) != (__SIZE_TYPE__) -1)
{
if (! __builtin_constant_p (__nfds))
- return __poll_chk (__fds, __nfds, __timeout, __bos (__fds));
- else if (__bos (__fds) / sizeof (*__fds) < __nfds)
- return __poll_chk_warn (__fds, __nfds, __timeout, __bos (__fds));
+ return __poll_chk (__fds, __nfds, __timeout, __glibc_objsize (__fds));
+ else if (__glibc_objsize (__fds) / sizeof (*__fds) < __nfds)
+ return __poll_chk_warn (__fds, __nfds, __timeout,
+ __glibc_objsize (__fds));
}
return __poll_alias (__fds, __nfds, __timeout);
@@ -65,13 +66,14 @@ __fortify_function int
ppoll (struct pollfd *__fds, nfds_t __nfds, const struct timespec *__timeout,
const __sigset_t *__ss)
{
- if (__bos (__fds) != (__SIZE_TYPE__) -1)
+ if (__glibc_objsize (__fds) != (__SIZE_TYPE__) -1)
{
if (! __builtin_constant_p (__nfds))
- return __ppoll_chk (__fds, __nfds, __timeout, __ss, __bos (__fds));
- else if (__bos (__fds) / sizeof (*__fds) < __nfds)
+ return __ppoll_chk (__fds, __nfds, __timeout, __ss,
+ __glibc_objsize (__fds));
+ else if (__glibc_objsize (__fds) / sizeof (*__fds) < __nfds)
return __ppoll_chk_warn (__fds, __nfds, __timeout, __ss,
- __bos (__fds));
+ __glibc_objsize (__fds));
}
return __ppoll_alias (__fds, __nfds, __timeout, __ss);
diff --git a/libio/bits/stdio.h b/libio/bits/stdio.h
index 6745571ed5..6d1f0f9fc9 100644
--- a/libio/bits/stdio.h
+++ b/libio/bits/stdio.h
@@ -31,7 +31,7 @@
#ifdef __USE_EXTERN_INLINES
-/* For -D_FORTIFY_SOURCE{,=2} bits/stdio2.h will define a different
+/* For -D_FORTIFY_SOURCE{,=2,=3} bits/stdio2.h will define a different
inline. */
# if !(__USE_FORTIFY_LEVEL > 0 && defined __fortify_function)
/* Write formatted output to stdout from argument list ARG. */
diff --git a/libio/bits/stdio2.h b/libio/bits/stdio2.h
index ff9202c2cb..365c25b7b0 100644
--- a/libio/bits/stdio2.h
+++ b/libio/bits/stdio2.h
@@ -36,12 +36,13 @@ __fortify_function int
__NTH (sprintf (char *__restrict __s, const char *__restrict __fmt, ...))
{
return __builtin___sprintf_chk (__s, __USE_FORTIFY_LEVEL - 1,
- __bos (__s), __fmt, __va_arg_pack ());
+ __glibc_objsize (__s), __fmt,
+ __va_arg_pack ());
}
#elif !defined __cplusplus
# define sprintf(str, ...) \
- __builtin___sprintf_chk (str, __USE_FORTIFY_LEVEL - 1, __bos (str), \
- __VA_ARGS__)
+ __builtin___sprintf_chk (str, __USE_FORTIFY_LEVEL - 1, \
+ __glibc_objsize (str), __VA_ARGS__)
#endif
__fortify_function int
@@ -49,7 +50,7 @@ __NTH (vsprintf (char *__restrict __s, const char *__restrict __fmt,
__gnuc_va_list __ap))
{
return __builtin___vsprintf_chk (__s, __USE_FORTIFY_LEVEL - 1,
- __bos (__s), __fmt, __ap);
+ __glibc_objsize (__s), __fmt, __ap);
}
#if defined __USE_ISOC99 || defined __USE_UNIX98
@@ -68,12 +69,13 @@ __NTH (snprintf (char *__restrict __s, size_t __n,
const char *__restrict __fmt, ...))
{
return __builtin___snprintf_chk (__s, __n, __USE_FORTIFY_LEVEL - 1,
- __bos (__s), __fmt, __va_arg_pack ());
+ __glibc_objsize (__s), __fmt,
+ __va_arg_pack ());
}
# elif !defined __cplusplus
# define snprintf(str, len, ...) \
- __builtin___snprintf_chk (str, len, __USE_FORTIFY_LEVEL - 1, __bos (str), \
- __VA_ARGS__)
+ __builtin___snprintf_chk (str, len, __USE_FORTIFY_LEVEL - 1, \
+ __glibc_objsize (str), __VA_ARGS__)
# endif
__fortify_function int
@@ -81,7 +83,7 @@ __NTH (vsnprintf (char *__restrict __s, size_t __n,
const char *__restrict __fmt, __gnuc_va_list __ap))
{
return __builtin___vsnprintf_chk (__s, __n, __USE_FORTIFY_LEVEL - 1,
- __bos (__s), __fmt, __ap);
+ __glibc_objsize (__s), __fmt, __ap);
}
#endif
@@ -237,8 +239,8 @@ extern char *__REDIRECT (__gets_warn, (char *__str), gets)
__fortify_function __wur char *
gets (char *__str)
{
- if (__bos (__str) != (size_t) -1)
- return __gets_chk (__str, __bos (__str));
+ if (__glibc_objsize (__str) != (size_t) -1)
+ return __gets_chk (__str, __glibc_objsize (__str));
return __gets_warn (__str);
}
#endif
@@ -259,13 +261,13 @@ extern char *__REDIRECT (__fgets_chk_warn,
__fortify_function __wur __attr_access ((__write_only__, 1, 2)) char *
fgets (char *__restrict __s, int __n, FILE *__restrict __stream)
{
- if (__bos (__s) != (size_t) -1)
+ if (__glibc_objsize (__s) != (size_t) -1)
{
if (!__builtin_constant_p (__n) || __n <= 0)
- return __fgets_chk (__s, __bos (__s), __n, __stream);
+ return __fgets_chk (__s, __glibc_objsize (__s), __n, __stream);
- if ((size_t) __n > __bos (__s))
- return __fgets_chk_warn (__s, __bos (__s), __n, __stream);
+ if ((size_t) __n > __glibc_objsize (__s))
+ return __fgets_chk_warn (__s, __glibc_objsize (__s), __n, __stream);
}
return __fgets_alias (__s, __n, __stream);
}
@@ -289,15 +291,17 @@ __fortify_function __wur size_t
fread (void *__restrict __ptr, size_t __size, size_t __n,
FILE *__restrict __stream)
{
- if (__bos0 (__ptr) != (size_t) -1)
+ if (__glibc_objsize0 (__ptr) != (size_t) -1)
{
if (!__builtin_constant_p (__size)
|| !__builtin_constant_p (__n)
|| (__size | __n) >= (((size_t) 1) << (8 * sizeof (size_t) / 2)))
- return __fread_chk (__ptr, __bos0 (__ptr), __size, __n, __stream);
+ return __fread_chk (__ptr, __glibc_objsize0 (__ptr), __size, __n,
+ __stream);
- if (__size * __n > __bos0 (__ptr))
- return __fread_chk_warn (__ptr, __bos0 (__ptr), __size, __n, __stream);
+ if (__size * __n > __glibc_objsize0 (__ptr))
+ return __fread_chk_warn (__ptr, __glibc_objsize0 (__ptr), __size, __n,
+ __stream);
}
return __fread_alias (__ptr, __size, __n, __stream);
}
@@ -319,13 +323,15 @@ extern char *__REDIRECT (__fgets_unlocked_chk_warn,
__fortify_function __wur __attr_access ((__write_only__, 1, 2)) char *
fgets_unlocked (char *__restrict __s, int __n, FILE *__restrict __stream)
{
- if (__bos (__s) != (size_t) -1)
+ if (__glibc_objsize (__s) != (size_t) -1)
{
if (!__builtin_constant_p (__n) || __n <= 0)
- return __fgets_unlocked_chk (__s, __bos (__s), __n, __stream);
+ return __fgets_unlocked_chk (__s, __glibc_objsize (__s), __n,
+ __stream);
- if ((size_t) __n > __bos (__s))
- return __fgets_unlocked_chk_warn (__s, __bos (__s), __n, __stream);
+ if ((size_t) __n > __glibc_objsize (__s))
+ return __fgets_unlocked_chk_warn (__s, __glibc_objsize (__s), __n,
+ __stream);
}
return __fgets_unlocked_alias (__s, __n, __stream);
}
@@ -352,17 +358,17 @@ __fortify_function __wur size_t
fread_unlocked (void *__restrict __ptr, size_t __size, size_t __n,
FILE *__restrict __stream)
{
- if (__bos0 (__ptr) != (size_t) -1)
+ if (__glibc_objsize0 (__ptr) != (size_t) -1)
{
if (!__builtin_constant_p (__size)
|| !__builtin_constant_p (__n)
|| (__size | __n) >= (((size_t) 1) << (8 * sizeof (size_t) / 2)))
- return __fread_unlocked_chk (__ptr, __bos0 (__ptr), __size, __n,
- __stream);
+ return __fread_unlocked_chk (__ptr, __glibc_objsize0 (__ptr), __size,
+ __n, __stream);
- if (__size * __n > __bos0 (__ptr))
- return __fread_unlocked_chk_warn (__ptr, __bos0 (__ptr), __size, __n,
- __stream);
+ if (__size * __n > __glibc_objsize0 (__ptr))
+ return __fread_unlocked_chk_warn (__ptr, __glibc_objsize0 (__ptr),
+ __size, __n, __stream);
}
# ifdef __USE_EXTERN_INLINES
diff --git a/posix/bits/unistd.h b/posix/bits/unistd.h
index 725a83eb0d..6c5ed0c618 100644
--- a/posix/bits/unistd.h
+++ b/posix/bits/unistd.h
@@ -35,13 +35,14 @@ extern ssize_t __REDIRECT (__read_chk_warn,
__fortify_function __wur ssize_t
read (int __fd, void *__buf, size_t __nbytes)
{
- if (__bos0 (__buf) != (size_t) -1)
+ if (__glibc_objsize0 (__buf) != (size_t) -1)
{
if (!__builtin_constant_p (__nbytes))
- return __read_chk (__fd, __buf, __nbytes, __bos0 (__buf));
+ return __read_chk (__fd, __buf, __nbytes, __glibc_objsize0 (__buf));
- if (__nbytes > __bos0 (__buf))
- return __read_chk_warn (__fd, __buf, __nbytes, __bos0 (__buf));
+ if (__nbytes > __glibc_objsize0 (__buf))
+ return __read_chk_warn (__fd, __buf, __nbytes,
+ __glibc_objsize0 (__buf));
}
return __read_alias (__fd, __buf, __nbytes);
}
@@ -77,14 +78,15 @@ extern ssize_t __REDIRECT (__pread64_chk_warn,
__fortify_function __wur ssize_t
pread (int __fd, void *__buf, size_t __nbytes, __off_t __offset)
{
- if (__bos0 (__buf) != (size_t) -1)
+ if (__glibc_objsize0 (__buf) != (size_t) -1)
{
if (!__builtin_constant_p (__nbytes))
- return __pread_chk (__fd, __buf, __nbytes, __offset, __bos0 (__buf));
+ return __pread_chk (__fd, __buf, __nbytes, __offset,
+ __glibc_objsize0 (__buf));
- if ( __nbytes > __bos0 (__buf))
+ if ( __nbytes > __glibc_objsize0 (__buf))
return __pread_chk_warn (__fd, __buf, __nbytes, __offset,
- __bos0 (__buf));
+ __glibc_objsize0 (__buf));
}
return __pread_alias (__fd, __buf, __nbytes, __offset);
}
@@ -92,14 +94,15 @@ pread (int __fd, void *__buf, size_t __nbytes, __off_t __offset)
__fortify_function __wur ssize_t
pread (int __fd, void *__buf, size_t __nbytes, __off64_t __offset)
{
- if (__bos0 (__buf) != (size_t) -1)
+ if (__glibc_objsize0 (__buf) != (size_t) -1)
{
if (!__builtin_constant_p (__nbytes))
- return __pread64_chk (__fd, __buf, __nbytes, __offset, __bos0 (__buf));
+ return __pread64_chk (__fd, __buf, __nbytes, __offset,
+ __glibc_objsize0 (__buf));
- if ( __nbytes > __bos0 (__buf))
+ if ( __nbytes > __glibc_objsize0 (__buf))
return __pread64_chk_warn (__fd, __buf, __nbytes, __offset,
- __bos0 (__buf));
+ __glibc_objsize0 (__buf));
}
return __pread64_alias (__fd, __buf, __nbytes, __offset);
@@ -110,14 +113,15 @@ pread (int __fd, void *__buf, size_t __nbytes, __off64_t __offset)
__fortify_function __wur ssize_t
pread64 (int __fd, void *__buf, size_t __nbytes, __off64_t __offset)
{
- if (__bos0 (__buf) != (size_t) -1)
+ if (__glibc_objsize0 (__buf) != (size_t) -1)
{
if (!__builtin_constant_p (__nbytes))
- return __pread64_chk (__fd, __buf, __nbytes, __offset, __bos0 (__buf));
+ return __pread64_chk (__fd, __buf, __nbytes, __offset,
+ __glibc_objsize0 (__buf));
- if ( __nbytes > __bos0 (__buf))
+ if ( __nbytes > __glibc_objsize0 (__buf))
return __pread64_chk_warn (__fd, __buf, __nbytes, __offset,
- __bos0 (__buf));
+ __glibc_objsize0 (__buf));
}
return __pread64_alias (__fd, __buf, __nbytes, __offset);
@@ -145,13 +149,14 @@ __fortify_function __nonnull ((1, 2)) __wur ssize_t
__NTH (readlink (const char *__restrict __path, char *__restrict __buf,
size_t __len))
{
- if (__bos (__buf) != (size_t) -1)
+ if (__glibc_objsize (__buf) != (size_t) -1)
{
if (!__builtin_constant_p (__len))
- return __readlink_chk (__path, __buf, __len, __bos (__buf));
+ return __readlink_chk (__path, __buf, __len, __glibc_objsize (__buf));
- if ( __len > __bos (__buf))
- return __readlink_chk_warn (__path, __buf, __len, __bos (__buf));
+ if ( __len > __glibc_objsize (__buf))
+ return __readlink_chk_warn (__path, __buf, __len,
+ __glibc_objsize (__buf));
}
return __readlink_alias (__path, __buf, __len);
}
@@ -179,14 +184,15 @@ __fortify_function __nonnull ((2, 3)) __wur ssize_t
__NTH (readlinkat (int __fd, const char *__restrict __path,
char *__restrict __buf, size_t __len))
{
- if (__bos (__buf) != (size_t) -1)
+ if (__glibc_objsize (__buf) != (size_t) -1)
{
if (!__builtin_constant_p (__len))
- return __readlinkat_chk (__fd, __path, __buf, __len, __bos (__buf));
+ return __readlinkat_chk (__fd, __path, __buf, __len,
+ __glibc_objsize (__buf));
- if (__len > __bos (__buf))
+ if (__len > __glibc_objsize (__buf))
return __readlinkat_chk_warn (__fd, __path, __buf, __len,
- __bos (__buf));
+ __glibc_objsize (__buf));
}
return __readlinkat_alias (__fd, __path, __buf, __len);
}
@@ -206,13 +212,13 @@ extern char *__REDIRECT_NTH (__getcwd_chk_warn,
__fortify_function __wur char *
__NTH (getcwd (char *__buf, size_t __size))
{
- if (__bos (__buf) != (size_t) -1)
+ if (__glibc_objsize (__buf) != (size_t) -1)
{
if (!__builtin_constant_p (__size))
- return __getcwd_chk (__buf, __size, __bos (__buf));
+ return __getcwd_chk (__buf, __size, __glibc_objsize (__buf));
- if (__size > __bos (__buf))
- return __getcwd_chk_warn (__buf, __size, __bos (__buf));
+ if (__size > __glibc_objsize (__buf))
+ return __getcwd_chk_warn (__buf, __size, __glibc_objsize (__buf));
}
return __getcwd_alias (__buf, __size);
}
@@ -227,8 +233,8 @@ extern char *__REDIRECT_NTH (__getwd_warn, (char *__buf), getwd)
__fortify_function __nonnull ((1)) __attribute_deprecated__ __wur char *
__NTH (getwd (char *__buf))
{
- if (__bos (__buf) != (size_t) -1)
- return __getwd_chk (__buf, __bos (__buf));
+ if (__glibc_objsize (__buf) != (size_t) -1)
+ return __getwd_chk (__buf, __glibc_objsize (__buf));
return __getwd_warn (__buf);
}
#endif
@@ -248,13 +254,14 @@ extern size_t __REDIRECT_NTH (__confstr_chk_warn,
__fortify_function size_t
__NTH (confstr (int __name, char *__buf, size_t __len))
{
- if (__bos (__buf) != (size_t) -1)
+ if (__glibc_objsize (__buf) != (size_t) -1)
{
if (!__builtin_constant_p (__len))
- return __confstr_chk (__name, __buf, __len, __bos (__buf));
+ return __confstr_chk (__name, __buf, __len, __glibc_objsize (__buf));
- if (__bos (__buf) < __len)
- return __confstr_chk_warn (__name, __buf, __len, __bos (__buf));
+ if (__glibc_objsize (__buf) < __len)
+ return __confstr_chk_warn (__name, __buf, __len,
+ __glibc_objsize (__buf));
}
return __confstr_alias (__name, __buf, __len);
}
@@ -273,13 +280,13 @@ extern int __REDIRECT_NTH (__getgroups_chk_warn,
__fortify_function int
__NTH (getgroups (int __size, __gid_t __list[]))
{
- if (__bos (__list) != (size_t) -1)
+ if (__glibc_objsize (__list) != (size_t) -1)
{
if (!__builtin_constant_p (__size) || __size < 0)
- return __getgroups_chk (__size, __list, __bos (__list));
+ return __getgroups_chk (__size, __list, __glibc_objsize (__list));
- if (__size * sizeof (__gid_t) > __bos (__list))
- return __getgroups_chk_warn (__size, __list, __bos (__list));
+ if (__size * sizeof (__gid_t) > __glibc_objsize (__list))
+ return __getgroups_chk_warn (__size, __list, __glibc_objsize (__list));
}
return __getgroups_alias (__size, __list);
}
@@ -300,13 +307,15 @@ extern int __REDIRECT_NTH (__ttyname_r_chk_warn,
__fortify_function int
__NTH (ttyname_r (int __fd, char *__buf, size_t __buflen))
{
- if (__bos (__buf) != (size_t) -1)
+ if (__glibc_objsize (__buf) != (size_t) -1)
{
if (!__builtin_constant_p (__buflen))
- return __ttyname_r_chk (__fd, __buf, __buflen, __bos (__buf));
+ return __ttyname_r_chk (__fd, __buf, __buflen,
+ __glibc_objsize (__buf));
- if (__buflen > __bos (__buf))
- return __ttyname_r_chk_warn (__fd, __buf, __buflen, __bos (__buf));
+ if (__buflen > __glibc_objsize (__buf))
+ return __ttyname_r_chk_warn (__fd, __buf, __buflen,
+ __glibc_objsize (__buf));
}
return __ttyname_r_alias (__fd, __buf, __buflen);
}
@@ -326,13 +335,14 @@ extern int __REDIRECT (__getlogin_r_chk_warn,
__fortify_function int
getlogin_r (char *__buf, size_t __buflen)
{
- if (__bos (__buf) != (size_t) -1)
+ if (__glibc_objsize (__buf) != (size_t) -1)
{
if (!__builtin_constant_p (__buflen))
- return __getlogin_r_chk (__buf, __buflen, __bos (__buf));
+ return __getlogin_r_chk (__buf, __buflen, __glibc_objsize (__buf));
- if (__buflen > __bos (__buf))
- return __getlogin_r_chk_warn (__buf, __buflen, __bos (__buf));
+ if (__buflen > __glibc_objsize (__buf))
+ return __getlogin_r_chk_warn (__buf, __buflen,
+ __glibc_objsize (__buf));
}
return __getlogin_r_alias (__buf, __buflen);
}
@@ -354,13 +364,14 @@ extern int __REDIRECT_NTH (__gethostname_chk_warn,
__fortify_function int
__NTH (gethostname (char *__buf, size_t __buflen))
{
- if (__bos (__buf) != (size_t) -1)
+ if (__glibc_objsize (__buf) != (size_t) -1)
{
if (!__builtin_constant_p (__buflen))
- return __gethostname_chk (__buf, __buflen, __bos (__buf));
+ return __gethostname_chk (__buf, __buflen, __glibc_objsize (__buf));
- if (__buflen > __bos (__buf))
- return __gethostname_chk_warn (__buf, __buflen, __bos (__buf));
+ if (__buflen > __glibc_objsize (__buf))
+ return __gethostname_chk_warn (__buf, __buflen,
+ __glibc_objsize (__buf));
}
return __gethostname_alias (__buf, __buflen);
}
@@ -384,13 +395,14 @@ extern int __REDIRECT_NTH (__getdomainname_chk_warn,
__fortify_function int
__NTH (getdomainname (char *__buf, size_t __buflen))
{
- if (__bos (__buf) != (size_t) -1)
+ if (__glibc_objsize (__buf) != (size_t) -1)
{
if (!__builtin_constant_p (__buflen))
- return __getdomainname_chk (__buf, __buflen, __bos (__buf));
+ return __getdomainname_chk (__buf, __buflen, __glibc_objsize (__buf));
- if (__buflen > __bos (__buf))
- return __getdomainname_chk_warn (__buf, __buflen, __bos (__buf));
+ if (__buflen > __glibc_objsize (__buf))
+ return __getdomainname_chk_warn (__buf, __buflen,
+ __glibc_objsize (__buf));
}
return __getdomainname_alias (__buf, __buflen);
}
diff --git a/socket/bits/socket2.h b/socket/bits/socket2.h
index c0421ce244..05418ba9c3 100644
--- a/socket/bits/socket2.h
+++ b/socket/bits/socket2.h
@@ -33,13 +33,15 @@ extern ssize_t __REDIRECT (__recv_chk_warn,
__fortify_function ssize_t
recv (int __fd, void *__buf, size_t __n, int __flags)
{
- if (__bos0 (__buf) != (size_t) -1)
+ if (__glibc_objsize0 (__buf) != (size_t) -1)
{
if (!__builtin_constant_p (__n))
- return __recv_chk (__fd, __buf, __n, __bos0 (__buf), __flags);
+ return __recv_chk (__fd, __buf, __n, __glibc_objsize0 (__buf),
+ __flags);
- if (__n > __bos0 (__buf))
- return __recv_chk_warn (__fd, __buf, __n, __bos0 (__buf), __flags);
+ if (__n > __glibc_objsize0 (__buf))
+ return __recv_chk_warn (__fd, __buf, __n, __glibc_objsize0 (__buf),
+ __flags);
}
return __recv_alias (__fd, __buf, __n, __flags);
}
@@ -64,14 +66,14 @@ __fortify_function ssize_t
recvfrom (int __fd, void *__restrict __buf, size_t __n, int __flags,
__SOCKADDR_ARG __addr, socklen_t *__restrict __addr_len)
{
- if (__bos0 (__buf) != (size_t) -1)
+ if (__glibc_objsize0 (__buf) != (size_t) -1)
{
if (!__builtin_constant_p (__n))
- return __recvfrom_chk (__fd, __buf, __n, __bos0 (__buf), __flags,
- __addr, __addr_len);
- if (__n > __bos0 (__buf))
- return __recvfrom_chk_warn (__fd, __buf, __n, __bos0 (__buf), __flags,
- __addr, __addr_len);
+ return __recvfrom_chk (__fd, __buf, __n, __glibc_objsize0 (__buf),
+ __flags, __addr, __addr_len);
+ if (__n > __glibc_objsize0 (__buf))
+ return __recvfrom_chk_warn (__fd, __buf, __n, __glibc_objsize0 (__buf),
+ __flags, __addr, __addr_len);
}
return __recvfrom_alias (__fd, __buf, __n, __flags, __addr, __addr_len);
}
diff --git a/stdlib/bits/stdlib.h b/stdlib/bits/stdlib.h
index 9134d3f36b..b495cd6929 100644
--- a/stdlib/bits/stdlib.h
+++ b/stdlib/bits/stdlib.h
@@ -36,13 +36,14 @@ extern char *__REDIRECT_NTH (__realpath_chk_warn,
__fortify_function __wur char *
__NTH (realpath (const char *__restrict __name, char *__restrict __resolved))
{
- if (__bos (__resolved) != (size_t) -1)
+ if (__glibc_objsize (__resolved) != (size_t) -1)
{
#if defined _LIBC_LIMITS_H_ && defined PATH_MAX
- if (__bos (__resolved) < PATH_MAX)
- return __realpath_chk_warn (__name, __resolved, __bos (__resolved));
+ if (__glibc_objsize (__resolved) < PATH_MAX)
+ return __realpath_chk_warn (__name, __resolved,
+ __glibc_objsize (__resolved));
#endif
- return __realpath_chk (__name, __resolved, __bos (__resolved));
+ return __realpath_chk (__name, __resolved, __glibc_objsize (__resolved));
}
return __realpath_alias (__name, __resolved);
@@ -64,12 +65,14 @@ extern int __REDIRECT_NTH (__ptsname_r_chk_warn,
__fortify_function int
__NTH (ptsname_r (int __fd, char *__buf, size_t __buflen))
{
- if (__bos (__buf) != (size_t) -1)
+ if (__glibc_objsize (__buf) != (size_t) -1)
{
if (!__builtin_constant_p (__buflen))
- return __ptsname_r_chk (__fd, __buf, __buflen, __bos (__buf));
- if (__buflen > __bos (__buf))
- return __ptsname_r_chk_warn (__fd, __buf, __buflen, __bos (__buf));
+ return __ptsname_r_chk (__fd, __buf, __buflen,
+ __glibc_objsize (__buf));
+ if (__buflen > __glibc_objsize (__buf))
+ return __ptsname_r_chk_warn (__fd, __buf, __buflen,
+ __glibc_objsize (__buf));
}
return __ptsname_r_alias (__fd, __buf, __buflen);
}
@@ -90,8 +93,9 @@ __NTH (wctomb (char *__s, wchar_t __wchar))
#if defined MB_LEN_MAX && MB_LEN_MAX != __STDLIB_MB_LEN_MAX
# error "Assumed value of MB_LEN_MAX wrong"
#endif
- if (__bos (__s) != (size_t) -1 && __STDLIB_MB_LEN_MAX > __bos (__s))
- return __wctomb_chk (__s, __wchar, __bos (__s));
+ if (__glibc_objsize (__s) != (size_t) -1
+ && __STDLIB_MB_LEN_MAX > __glibc_objsize (__s))
+ return __wctomb_chk (__s, __wchar, __glibc_objsize (__s));
return __wctomb_alias (__s, __wchar);
}
@@ -116,15 +120,16 @@ __fortify_function size_t
__NTH (mbstowcs (wchar_t *__restrict __dst, const char *__restrict __src,
size_t __len))
{
- if (__bos (__dst) != (size_t) -1)
+ if (__glibc_objsize (__dst) != (size_t) -1)
{
if (!__builtin_constant_p (__len))
return __mbstowcs_chk (__dst, __src, __len,
- __bos (__dst) / sizeof (wchar_t));
+ __glibc_objsize (__dst) / sizeof (wchar_t));
- if (__len > __bos (__dst) / sizeof (wchar_t))
+ if (__len > __glibc_objsize (__dst) / sizeof (wchar_t))
return __mbstowcs_chk_warn (__dst, __src, __len,
- __bos (__dst) / sizeof (wchar_t));
+ (__glibc_objsize (__dst)
+ / sizeof (wchar_t)));
}
return __mbstowcs_alias (__dst, __src, __len);
}
@@ -149,12 +154,13 @@ __fortify_function size_t
__NTH (wcstombs (char *__restrict __dst, const wchar_t *__restrict __src,
size_t __len))
{
- if (__bos (__dst) != (size_t) -1)
+ if (__glibc_objsize (__dst) != (size_t) -1)
{
if (!__builtin_constant_p (__len))
- return __wcstombs_chk (__dst, __src, __len, __bos (__dst));
- if (__len > __bos (__dst))
- return __wcstombs_chk_warn (__dst, __src, __len, __bos (__dst));
+ return __wcstombs_chk (__dst, __src, __len, __glibc_objsize (__dst));
+ if (__len > __glibc_objsize (__dst))
+ return __wcstombs_chk_warn (__dst, __src, __len,
+ __glibc_objsize (__dst));
}
return __wcstombs_alias (__dst, __src, __len);
}
diff --git a/wcsmbs/bits/wchar2.h b/wcsmbs/bits/wchar2.h
index 86e8e23e76..6631d6f76d 100644
--- a/wcsmbs/bits/wchar2.h
+++ b/wcsmbs/bits/wchar2.h
@@ -39,15 +39,15 @@ __fortify_function wchar_t *
__NTH (wmemcpy (wchar_t *__restrict __s1, const wchar_t *__restrict __s2,
size_t __n))
{
- if (__bos0 (__s1) != (size_t) -1)
+ if (__glibc_objsize0 (__s1) != (size_t) -1)
{
if (!__builtin_constant_p (__n))
return __wmemcpy_chk (__s1, __s2, __n,
- __bos0 (__s1) / sizeof (wchar_t));
+ __glibc_objsize0 (__s1) / sizeof (wchar_t));
- if (__n > __bos0 (__s1) / sizeof (wchar_t))
+ if (__n > __glibc_objsize0 (__s1) / sizeof (wchar_t))
return __wmemcpy_chk_warn (__s1, __s2, __n,
- __bos0 (__s1) / sizeof (wchar_t));
+ __glibc_objsize0 (__s1) / sizeof (wchar_t));
}
return __wmemcpy_alias (__s1, __s2, __n);
}
@@ -67,15 +67,16 @@ extern wchar_t *__REDIRECT_NTH (__wmemmove_chk_warn,
__fortify_function wchar_t *
__NTH (wmemmove (wchar_t *__s1, const wchar_t *__s2, size_t __n))
{
- if (__bos0 (__s1) != (size_t) -1)
+ if (__glibc_objsize0 (__s1) != (size_t) -1)
{
if (!__builtin_constant_p (__n))
return __wmemmove_chk (__s1, __s2, __n,
- __bos0 (__s1) / sizeof (wchar_t));
+ __glibc_objsize0 (__s1) / sizeof (wchar_t));
- if (__n > __bos0 (__s1) / sizeof (wchar_t))
+ if (__n > __glibc_objsize0 (__s1) / sizeof (wchar_t))
return __wmemmove_chk_warn (__s1, __s2, __n,
- __bos0 (__s1) / sizeof (wchar_t));
+ (__glibc_objsize0 (__s1)
+ / sizeof (wchar_t)));
}
return __wmemmove_alias (__s1, __s2, __n);
}
@@ -100,15 +101,16 @@ __fortify_function wchar_t *
__NTH (wmempcpy (wchar_t *__restrict __s1, const wchar_t *__restrict __s2,
size_t __n))
{
- if (__bos0 (__s1) != (size_t) -1)
+ if (__glibc_objsize0 (__s1) != (size_t) -1)
{
if (!__builtin_constant_p (__n))
return __wmempcpy_chk (__s1, __s2, __n,
- __bos0 (__s1) / sizeof (wchar_t));
+ __glibc_objsize0 (__s1) / sizeof (wchar_t));
- if (__n > __bos0 (__s1) / sizeof (wchar_t))
+ if (__n > __glibc_objsize0 (__s1) / sizeof (wchar_t))
return __wmempcpy_chk_warn (__s1, __s2, __n,
- __bos0 (__s1) / sizeof (wchar_t));
+ (__glibc_objsize0 (__s1)
+ / sizeof (wchar_t)));
}
return __wmempcpy_alias (__s1, __s2, __n);
}
@@ -128,14 +130,15 @@ extern wchar_t *__REDIRECT_NTH (__wmemset_chk_warn,
__fortify_function wchar_t *
__NTH (wmemset (wchar_t *__s, wchar_t __c, size_t __n))
{
- if (__bos0 (__s) != (size_t) -1)
+ if (__glibc_objsize0 (__s) != (size_t) -1)
{
if (!__builtin_constant_p (__n))
- return __wmemset_chk (__s, __c, __n, __bos0 (__s) / sizeof (wchar_t));
+ return __wmemset_chk (__s, __c, __n,
+ __glibc_objsize0 (__s) / sizeof (wchar_t));
- if (__n > __bos0 (__s) / sizeof (wchar_t))
+ if (__n > __glibc_objsize0 (__s) / sizeof (wchar_t))
return __wmemset_chk_warn (__s, __c, __n,
- __bos0 (__s) / sizeof (wchar_t));
+ __glibc_objsize0 (__s) / sizeof (wchar_t));
}
return __wmemset_alias (__s, __c, __n);
}
@@ -151,8 +154,9 @@ extern wchar_t *__REDIRECT_NTH (__wcscpy_alias,
__fortify_function wchar_t *
__NTH (wcscpy (wchar_t *__restrict __dest, const wchar_t *__restrict __src))
{
- if (__bos (__dest) != (size_t) -1)
- return __wcscpy_chk (__dest, __src, __bos (__dest) / sizeof (wchar_t));
+ if (__glibc_objsize (__dest) != (size_t) -1)
+ return __wcscpy_chk (__dest, __src,
+ __glibc_objsize (__dest) / sizeof (wchar_t));
return __wcscpy_alias (__dest, __src);
}
@@ -167,8 +171,9 @@ extern wchar_t *__REDIRECT_NTH (__wcpcpy_alias,
__fortify_function wchar_t *
__NTH (wcpcpy (wchar_t *__restrict __dest, const wchar_t *__restrict __src))
{
- if (__bos (__dest) != (size_t) -1)
- return __wcpcpy_chk (__dest, __src, __bos (__dest) / sizeof (wchar_t));
+ if (__glibc_objsize (__dest) != (size_t) -1)
+ return __wcpcpy_chk (__dest, __src,
+ __glibc_objsize (__dest) / sizeof (wchar_t));
return __wcpcpy_alias (__dest, __src);
}
@@ -191,14 +196,15 @@ __fortify_function wchar_t *
__NTH (wcsncpy (wchar_t *__restrict __dest, const wchar_t *__restrict __src,
size_t __n))
{
- if (__bos (__dest) != (size_t) -1)
+ if (__glibc_objsize (__dest) != (size_t) -1)
{
if (!__builtin_constant_p (__n))
return __wcsncpy_chk (__dest, __src, __n,
- __bos (__dest) / sizeof (wchar_t));
- if (__n > __bos (__dest) / sizeof (wchar_t))
+ __glibc_objsize (__dest) / sizeof (wchar_t));
+ if (__n > __glibc_objsize (__dest) / sizeof (wchar_t))
return __wcsncpy_chk_warn (__dest, __src, __n,
- __bos (__dest) / sizeof (wchar_t));
+ (__glibc_objsize (__dest)
+ / sizeof (wchar_t)));
}
return __wcsncpy_alias (__dest, __src, __n);
}
@@ -222,14 +228,15 @@ __fortify_function wchar_t *
__NTH (wcpncpy (wchar_t *__restrict __dest, const wchar_t *__restrict __src,
size_t __n))
{
- if (__bos (__dest) != (size_t) -1)
+ if (__glibc_objsize (__dest) != (size_t) -1)
{
if (!__builtin_constant_p (__n))
return __wcpncpy_chk (__dest, __src, __n,
- __bos (__dest) / sizeof (wchar_t));
- if (__n > __bos (__dest) / sizeof (wchar_t))
+ __glibc_objsize (__dest) / sizeof (wchar_t));
+ if (__n > __glibc_objsize (__dest) / sizeof (wchar_t))
return __wcpncpy_chk_warn (__dest, __src, __n,
- __bos (__dest) / sizeof (wchar_t));
+ (__glibc_objsize (__dest)
+ / sizeof (wchar_t)));
}
return __wcpncpy_alias (__dest, __src, __n);
}
@@ -245,8 +252,9 @@ extern wchar_t *__REDIRECT_NTH (__wcscat_alias,
__fortify_function wchar_t *
__NTH (wcscat (wchar_t *__restrict __dest, const wchar_t *__restrict __src))
{
- if (__bos (__dest) != (size_t) -1)
- return __wcscat_chk (__dest, __src, __bos (__dest) / sizeof (wchar_t));
+ if (__glibc_objsize (__dest) != (size_t) -1)
+ return __wcscat_chk (__dest, __src,
+ __glibc_objsize (__dest) / sizeof (wchar_t));
return __wcscat_alias (__dest, __src);
}
@@ -263,9 +271,9 @@ __fortify_function wchar_t *
__NTH (wcsncat (wchar_t *__restrict __dest, const wchar_t *__restrict __src,
size_t __n))
{
- if (__bos (__dest) != (size_t) -1)
+ if (__glibc_objsize (__dest) != (size_t) -1)
return __wcsncat_chk (__dest, __src, __n,
- __bos (__dest) / sizeof (wchar_t));
+ __glibc_objsize (__dest) / sizeof (wchar_t));
return __wcsncat_alias (__dest, __src, __n);
}
@@ -285,18 +293,18 @@ __fortify_function int
__NTH (swprintf (wchar_t *__restrict __s, size_t __n,
const wchar_t *__restrict __fmt, ...))
{
- if (__bos (__s) != (size_t) -1 || __USE_FORTIFY_LEVEL > 1)
+ if (__glibc_objsize (__s) != (size_t) -1 || __USE_FORTIFY_LEVEL > 1)
return __swprintf_chk (__s, __n, __USE_FORTIFY_LEVEL - 1,
- __bos (__s) / sizeof (wchar_t),
+ __glibc_objsize (__s) / sizeof (wchar_t),
__fmt, __va_arg_pack ());
return __swprintf_alias (__s, __n, __fmt, __va_arg_pack ());
}
#elif !defined __cplusplus
/* XXX We might want to have support in gcc for swprintf. */
# define swprintf(s, n, ...) \
- (__bos (s) != (size_t) -1 || __USE_FORTIFY_LEVEL > 1 \
+ (__glibc_objsize (s) != (size_t) -1 || __USE_FORTIFY_LEVEL > 1 \
? __swprintf_chk (s, n, __USE_FORTIFY_LEVEL - 1, \
- __bos (s) / sizeof (wchar_t), __VA_ARGS__) \
+ __glibc_objsize (s) / sizeof (wchar_t), __VA_ARGS__) \
: swprintf (s, n, __VA_ARGS__))
#endif
@@ -315,9 +323,10 @@ __fortify_function int
__NTH (vswprintf (wchar_t *__restrict __s, size_t __n,
const wchar_t *__restrict __fmt, __gnuc_va_list __ap))
{
- if (__bos (__s) != (size_t) -1 || __USE_FORTIFY_LEVEL > 1)
+ if (__glibc_objsize (__s) != (size_t) -1 || __USE_FORTIFY_LEVEL > 1)
return __vswprintf_chk (__s, __n, __USE_FORTIFY_LEVEL - 1,
- __bos (__s) / sizeof (wchar_t), __fmt, __ap);
+ __glibc_objsize (__s) / sizeof (wchar_t), __fmt,
+ __ap);
return __vswprintf_alias (__s, __n, __fmt, __ap);
}
@@ -383,14 +392,15 @@ extern wchar_t *__REDIRECT (__fgetws_chk_warn,
__fortify_function __wur wchar_t *
fgetws (wchar_t *__restrict __s, int __n, __FILE *__restrict __stream)
{
- if (__bos (__s) != (size_t) -1)
+ if (__glibc_objsize (__s) != (size_t) -1)
{
if (!__builtin_constant_p (__n) || __n <= 0)
- return __fgetws_chk (__s, __bos (__s) / sizeof (wchar_t),
+ return __fgetws_chk (__s, __glibc_objsize (__s) / sizeof (wchar_t),
__n, __stream);
- if ((size_t) __n > __bos (__s) / sizeof (wchar_t))
- return __fgetws_chk_warn (__s, __bos (__s) / sizeof (wchar_t),
+ if ((size_t) __n > __glibc_objsize (__s) / sizeof (wchar_t))
+ return __fgetws_chk_warn (__s,
+ __glibc_objsize (__s) / sizeof (wchar_t),
__n, __stream);
}
return __fgetws_alias (__s, __n, __stream);
@@ -414,14 +424,17 @@ extern wchar_t *__REDIRECT (__fgetws_unlocked_chk_warn,
__fortify_function __wur wchar_t *
fgetws_unlocked (wchar_t *__restrict __s, int __n, __FILE *__restrict __stream)
{
- if (__bos (__s) != (size_t) -1)
+ if (__glibc_objsize (__s) != (size_t) -1)
{
if (!__builtin_constant_p (__n) || __n <= 0)
- return __fgetws_unlocked_chk (__s, __bos (__s) / sizeof (wchar_t),
+ return __fgetws_unlocked_chk (__s,
+ __glibc_objsize (__s) / sizeof (wchar_t),
__n, __stream);
- if ((size_t) __n > __bos (__s) / sizeof (wchar_t))
- return __fgetws_unlocked_chk_warn (__s, __bos (__s) / sizeof (wchar_t),
+ if ((size_t) __n > __glibc_objsize (__s) / sizeof (wchar_t))
+ return __fgetws_unlocked_chk_warn (__s,
+ (__glibc_objsize (__s)
+ / sizeof (wchar_t)),
__n, __stream);
}
return __fgetws_unlocked_alias (__s, __n, __stream);
@@ -447,8 +460,9 @@ __NTH (wcrtomb (char *__restrict __s, wchar_t __wchar,
#if defined MB_LEN_MAX && MB_LEN_MAX != __WCHAR_MB_LEN_MAX
# error "Assumed value of MB_LEN_MAX wrong"
#endif
- if (__bos (__s) != (size_t) -1 && __WCHAR_MB_LEN_MAX > __bos (__s))
- return __wcrtomb_chk (__s, __wchar, __ps, __bos (__s));
+ if (__glibc_objsize (__s) != (size_t) -1
+ && __WCHAR_MB_LEN_MAX > __glibc_objsize (__s))
+ return __wcrtomb_chk (__s, __wchar, __ps, __glibc_objsize (__s));
return __wcrtomb_alias (__s, __wchar, __ps);
}
@@ -474,15 +488,16 @@ __fortify_function size_t
__NTH (mbsrtowcs (wchar_t *__restrict __dst, const char **__restrict __src,
size_t __len, mbstate_t *__restrict __ps))
{
- if (__bos (__dst) != (size_t) -1)
+ if (__glibc_objsize (__dst) != (size_t) -1)
{
if (!__builtin_constant_p (__len))
return __mbsrtowcs_chk (__dst, __src, __len, __ps,
- __bos (__dst) / sizeof (wchar_t));
+ __glibc_objsize (__dst) / sizeof (wchar_t));
- if (__len > __bos (__dst) / sizeof (wchar_t))
+ if (__len > __glibc_objsize (__dst) / sizeof (wchar_t))
return __mbsrtowcs_chk_warn (__dst, __src, __len, __ps,
- __bos (__dst) / sizeof (wchar_t));
+ (__glibc_objsize (__dst)
+ / sizeof (wchar_t)));
}
return __mbsrtowcs_alias (__dst, __src, __len, __ps);
}
@@ -508,13 +523,15 @@ __fortify_function size_t
__NTH (wcsrtombs (char *__restrict __dst, const wchar_t **__restrict __src,
size_t __len, mbstate_t *__restrict __ps))
{
- if (__bos (__dst) != (size_t) -1)
+ if (__glibc_objsize (__dst) != (size_t) -1)
{
if (!__builtin_constant_p (__len))
- return __wcsrtombs_chk (__dst, __src, __len, __ps, __bos (__dst));
+ return __wcsrtombs_chk (__dst, __src, __len, __ps,
+ __glibc_objsize (__dst));
- if (__len > __bos (__dst))
- return __wcsrtombs_chk_warn (__dst, __src, __len, __ps, __bos (__dst));
+ if (__len > __glibc_objsize (__dst))
+ return __wcsrtombs_chk_warn (__dst, __src, __len, __ps,
+ __glibc_objsize (__dst));
}
return __wcsrtombs_alias (__dst, __src, __len, __ps);
}
@@ -542,15 +559,16 @@ __fortify_function size_t
__NTH (mbsnrtowcs (wchar_t *__restrict __dst, const char **__restrict __src,
size_t __nmc, size_t __len, mbstate_t *__restrict __ps))
{
- if (__bos (__dst) != (size_t) -1)
+ if (__glibc_objsize (__dst) != (size_t) -1)
{
if (!__builtin_constant_p (__len))
return __mbsnrtowcs_chk (__dst, __src, __nmc, __len, __ps,
- __bos (__dst) / sizeof (wchar_t));
+ __glibc_objsize (__dst) / sizeof (wchar_t));
- if (__len > __bos (__dst) / sizeof (wchar_t))
+ if (__len > __glibc_objsize (__dst) / sizeof (wchar_t))
return __mbsnrtowcs_chk_warn (__dst, __src, __nmc, __len, __ps,
- __bos (__dst) / sizeof (wchar_t));
+ (__glibc_objsize (__dst)
+ / sizeof (wchar_t)));
}
return __mbsnrtowcs_alias (__dst, __src, __nmc, __len, __ps);
}
@@ -578,15 +596,15 @@ __fortify_function size_t
__NTH (wcsnrtombs (char *__restrict __dst, const wchar_t **__restrict __src,
size_t __nwc, size_t __len, mbstate_t *__restrict __ps))
{
- if (__bos (__dst) != (size_t) -1)
+ if (__glibc_objsize (__dst) != (size_t) -1)
{
if (!__builtin_constant_p (__len))
return __wcsnrtombs_chk (__dst, __src, __nwc, __len, __ps,
- __bos (__dst));
+ __glibc_objsize (__dst));
- if (__len > __bos (__dst))
+ if (__len > __glibc_objsize (__dst))
return __wcsnrtombs_chk_warn (__dst, __src, __nwc, __len, __ps,
- __bos (__dst));
+ __glibc_objsize (__dst));
}
return __wcsnrtombs_alias (__dst, __src, __nwc, __len, __ps);
}
--
2.29.2
^ permalink raw reply related [flat|nested] 10+ messages in thread
* Re: [PATCH v7 1/4] Warn on unsupported fortification levels
2020-12-30 6:43 ` [PATCH v7 1/4] Warn on unsupported fortification levels Siddhesh Poyarekar via Libc-alpha
@ 2020-12-31 10:45 ` Adhemerval Zanella via Libc-alpha
2020-12-31 11:28 ` Siddhesh Poyarekar via Libc-alpha
0 siblings, 1 reply; 10+ messages in thread
From: Adhemerval Zanella via Libc-alpha @ 2020-12-31 10:45 UTC (permalink / raw
To: Siddhesh Poyarekar, libc-alpha; +Cc: fweimer, jakub
On 30/12/2020 03:43, Siddhesh Poyarekar wrote:
> Make the _FORTIFY_SOURCE macro soup in features.h warn about
> unsupported fortification levels. For example, it will warn about
> _FORTIFY_SOURCE=3 and over with an indication of which level has been
> selected.
>
> Co-authored-by: Paul Eggert <eggert@cs.ucla.edu>
LGTM, although I think the NEWS entry should move to the second patch.
Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
> ---
> NEWS | 6 ++++++
> include/features.h | 3 +++
> manual/creature.texi | 3 ++-
> 3 files changed, 11 insertions(+), 1 deletion(-)
>
> diff --git a/NEWS b/NEWS
> index 86e05fb023..8e02dbd0f7 100644
> --- a/NEWS
> +++ b/NEWS
> @@ -28,6 +28,12 @@ Major new features:
> The 32-bit RISC-V port requires at least Linux 5.4, GCC 7.1 and binutils
> 2.28.
>
> +* A new fortification level _FORTIFY_SOURCE=3 is available. At this level,
> + glibc may use additional checks that may have an additional performance
> + overhead. At present these checks are available only on LLVM 9 and later.
> + The latest GCC available at this time (10.2) does not support this level of
> + fortification.
> +
> Deprecated and removed features, and other changes affecting compatibility:
>
> * The mallinfo function is marked deprecated. Callers should call
Maybe move this NEWS entry to second patch, where this is actually enabled?
> diff --git a/include/features.h b/include/features.h
> index f3e62d3362..540230b90b 100644
> --- a/include/features.h
> +++ b/include/features.h
> @@ -398,6 +398,9 @@
> # elif !__GNUC_PREREQ (4, 1)
> # warning _FORTIFY_SOURCE requires GCC 4.1 or later
> # elif _FORTIFY_SOURCE > 1
> +# if _FORTIFY_SOURCE > 2
> +# warning _FORTIFY_SOURCE > 2 is treated like 2 on this platform
> +# endif
> # define __USE_FORTIFY_LEVEL 2
> # else
> # define __USE_FORTIFY_LEVEL 1
> diff --git a/manual/creature.texi b/manual/creature.texi
> index be5050468b..31208ccb2b 100644
> --- a/manual/creature.texi
> +++ b/manual/creature.texi
> @@ -254,7 +254,8 @@ included.
> @standards{GNU, (none)}
> If this macro is defined to @math{1}, security hardening is added to
> various library functions. If defined to @math{2}, even stricter
> -checks are applied.
> +checks are applied. If defined to @math{3}, @theglibc{} may also use
> +checks that may have an additional performance overhead.
> @end defvr
>
> @defvr Macro _REENTRANT
>
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [PATCH v7 2/4] Introduce _FORTIFY_SOURCE=3
2020-12-30 6:43 ` [PATCH v7 2/4] Introduce _FORTIFY_SOURCE=3 Siddhesh Poyarekar via Libc-alpha
@ 2020-12-31 10:47 ` Adhemerval Zanella via Libc-alpha
0 siblings, 0 replies; 10+ messages in thread
From: Adhemerval Zanella via Libc-alpha @ 2020-12-31 10:47 UTC (permalink / raw
To: Siddhesh Poyarekar, libc-alpha; +Cc: fweimer, jakub
On 30/12/2020 03:43, Siddhesh Poyarekar wrote:
> Introduce a new _FORTIFY_SOURCE level of 3 to enable additional
> fortifications that may have a noticeable performance impact, allowing
> more fortification coverage at the cost of some performance.
>
> With llvm 9.0 or later, this will replace the use of
> __builtin_object_size with __builtin_dynamic_object_size.
>
> __builtin_dynamic_object_size
> -----------------------------
>
> __builtin_dynamic_object_size is an LLVM builtin that is similar to
> __builtin_object_size. In addition to what __builtin_object_size
> does, i.e. replace the builtin call with a constant object size,
> __builtin_dynamic_object_size will replace the call site with an
> expression that evaluates to the object size, thus expanding its
> applicability. In practice, __builtin_dynamic_object_size evaluates
> these expressions through malloc/calloc calls that it can associate
> with the object being evaluated.
>
> A simple motivating example is below; -D_FORTIFY_SOURCE=2 would miss
> this and emit memcpy, but -D_FORTIFY_SOURCE=3 with the help of
> __builtin_dynamic_object_size is able to emit __memcpy_chk with the
> allocation size expression passed into the function:
>
> void *copy_obj (const void *src, size_t alloc, size_t copysize)
> {
> void *obj = malloc (alloc);
> memcpy (obj, src, copysize);
> return obj;
> }
>
> Limitations
> -----------
>
> If the object was allocated elsewhere that the compiler cannot see, or
> if it was allocated in the function with a function that the compiler
> does not recognize as an allocator then __builtin_dynamic_object_size
> also returns -1.
>
> Further, the expression used to compute object size may be non-trivial
> and may potentially incur a noticeable performance impact. These
> fortifications are hence enabled at a new _FORTIFY_SOURCE level to
> allow developers to make a choice on the tradeoff according to their
> environment.
LGTM, thanks.
Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
> ---
> include/features.h | 5 +++++
> misc/sys/cdefs.h | 9 +++++++++
> 2 files changed, 14 insertions(+)
>
> diff --git a/include/features.h b/include/features.h
> index 540230b90b..066eb0eecd 100644
> --- a/include/features.h
> +++ b/include/features.h
> @@ -397,6 +397,11 @@
> # warning _FORTIFY_SOURCE requires compiling with optimization (-O)
> # elif !__GNUC_PREREQ (4, 1)
> # warning _FORTIFY_SOURCE requires GCC 4.1 or later
> +# elif _FORTIFY_SOURCE > 2 && __glibc_clang_prereq (9, 0)
> +# if _FORTIFY_SOURCE > 3
> +# warning _FORTIFY_SOURCE > 3 is treated like 3 on this platform
> +# endif
> +# define __USE_FORTIFY_LEVEL 3
> # elif _FORTIFY_SOURCE > 1
> # if _FORTIFY_SOURCE > 2
> # warning _FORTIFY_SOURCE > 2 is treated like 2 on this platform
> diff --git a/misc/sys/cdefs.h b/misc/sys/cdefs.h
> index a06f1cfd91..5fb6e309be 100644
> --- a/misc/sys/cdefs.h
> +++ b/misc/sys/cdefs.h
> @@ -127,6 +127,15 @@
> #define __bos(ptr) __builtin_object_size (ptr, __USE_FORTIFY_LEVEL > 1)
> #define __bos0(ptr) __builtin_object_size (ptr, 0)
>
> +/* Use __builtin_dynamic_object_size at _FORTIFY_SOURCE=3 when available. */
> +#if __USE_FORTIFY_LEVEL == 3 && __glibc_clang_prereq (9, 0)
> +# define __glibc_objsize0(__o) __builtin_dynamic_object_size (__o, 0)
> +# define __glibc_objsize(__o) __builtin_dynamic_object_size (__o, 1)
> +#else
> +# define __glibc_objsize0(__o) __bos0 (__o)
> +# define __glibc_objsize(__o) __bos (__o)
> +#endif
> +
> #if __GNUC_PREREQ (4,3)
> # define __warnattr(msg) __attribute__((__warning__ (msg)))
> # define __errordecl(name, msg) \
>
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [PATCH v7 3/4] string: Enable __FORTIFY_LEVEL=3
2020-12-30 6:43 ` [PATCH v7 3/4] string: Enable __FORTIFY_LEVEL=3 Siddhesh Poyarekar via Libc-alpha
@ 2020-12-31 10:48 ` Adhemerval Zanella via Libc-alpha
0 siblings, 0 replies; 10+ messages in thread
From: Adhemerval Zanella via Libc-alpha @ 2020-12-31 10:48 UTC (permalink / raw
To: Siddhesh Poyarekar, libc-alpha; +Cc: fweimer, jakub
On 30/12/2020 03:43, Siddhesh Poyarekar wrote:
> This change enhances fortified string functions to use
> __builtin_dynamic_object_size under _FORTIFY_SOURCE=3 whenever the
> compiler supports it.
LGTM, thanks.
Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
> ---
> include/string.h | 5 +++--
> string/bits/string_fortified.h | 29 ++++++++++++++++++-----------
> string/bits/strings_fortified.h | 6 ++++--
> 3 files changed, 25 insertions(+), 15 deletions(-)
>
> diff --git a/include/string.h b/include/string.h
> index 7d344d77d4..81dab39891 100644
> --- a/include/string.h
> +++ b/include/string.h
> @@ -123,10 +123,11 @@ libc_hidden_proto (__strerror_l)
> void __explicit_bzero_chk_internal (void *, size_t, size_t)
> __THROW __nonnull ((1)) attribute_hidden;
> # define explicit_bzero(buf, len) \
> - __explicit_bzero_chk_internal (buf, len, __bos0 (buf))
> + __explicit_bzero_chk_internal (buf, len, __glibc_objsize0 (buf))
> #elif !IS_IN (nonlib)
> void __explicit_bzero_chk (void *, size_t, size_t) __THROW __nonnull ((1));
> -# define explicit_bzero(buf, len) __explicit_bzero_chk (buf, len, __bos0 (buf))
> +# define explicit_bzero(buf, len) __explicit_bzero_chk (buf, len, \
> + __glibc_objsize0 (buf))
> #endif
>
> libc_hidden_builtin_proto (memchr)
> diff --git a/string/bits/string_fortified.h b/string/bits/string_fortified.h
> index 4c1aeb45f1..92d75f10fa 100644
> --- a/string/bits/string_fortified.h
> +++ b/string/bits/string_fortified.h
> @@ -26,13 +26,15 @@ __fortify_function void *
> __NTH (memcpy (void *__restrict __dest, const void *__restrict __src,
> size_t __len))
> {
> - return __builtin___memcpy_chk (__dest, __src, __len, __bos0 (__dest));
> + return __builtin___memcpy_chk (__dest, __src, __len,
> + __glibc_objsize0 (__dest));
> }
>
> __fortify_function void *
> __NTH (memmove (void *__dest, const void *__src, size_t __len))
> {
> - return __builtin___memmove_chk (__dest, __src, __len, __bos0 (__dest));
> + return __builtin___memmove_chk (__dest, __src, __len,
> + __glibc_objsize0 (__dest));
> }
>
> #ifdef __USE_GNU
> @@ -40,7 +42,8 @@ __fortify_function void *
> __NTH (mempcpy (void *__restrict __dest, const void *__restrict __src,
> size_t __len))
> {
> - return __builtin___mempcpy_chk (__dest, __src, __len, __bos0 (__dest));
> + return __builtin___mempcpy_chk (__dest, __src, __len,
> + __glibc_objsize0 (__dest));
> }
> #endif
>
> @@ -53,7 +56,8 @@ __NTH (mempcpy (void *__restrict __dest, const void *__restrict __src,
> __fortify_function void *
> __NTH (memset (void *__dest, int __ch, size_t __len))
> {
> - return __builtin___memset_chk (__dest, __ch, __len, __bos0 (__dest));
> + return __builtin___memset_chk (__dest, __ch, __len,
> + __glibc_objsize0 (__dest));
> }
>
> #ifdef __USE_MISC
> @@ -65,21 +69,21 @@ void __explicit_bzero_chk (void *__dest, size_t __len, size_t __destlen)
> __fortify_function void
> __NTH (explicit_bzero (void *__dest, size_t __len))
> {
> - __explicit_bzero_chk (__dest, __len, __bos0 (__dest));
> + __explicit_bzero_chk (__dest, __len, __glibc_objsize0 (__dest));
> }
> #endif
>
> __fortify_function char *
> __NTH (strcpy (char *__restrict __dest, const char *__restrict __src))
> {
> - return __builtin___strcpy_chk (__dest, __src, __bos (__dest));
> + return __builtin___strcpy_chk (__dest, __src, __glibc_objsize (__dest));
> }
>
> #ifdef __USE_GNU
> __fortify_function char *
> __NTH (stpcpy (char *__restrict __dest, const char *__restrict __src))
> {
> - return __builtin___stpcpy_chk (__dest, __src, __bos (__dest));
> + return __builtin___stpcpy_chk (__dest, __src, __glibc_objsize (__dest));
> }
> #endif
>
> @@ -88,14 +92,16 @@ __fortify_function char *
> __NTH (strncpy (char *__restrict __dest, const char *__restrict __src,
> size_t __len))
> {
> - return __builtin___strncpy_chk (__dest, __src, __len, __bos (__dest));
> + return __builtin___strncpy_chk (__dest, __src, __len,
> + __glibc_objsize (__dest));
> }
>
> #if __GNUC_PREREQ (4, 7) || __glibc_clang_prereq (2, 6)
> __fortify_function char *
> __NTH (stpncpy (char *__dest, const char *__src, size_t __n))
> {
> - return __builtin___stpncpy_chk (__dest, __src, __n, __bos (__dest));
> + return __builtin___stpncpy_chk (__dest, __src, __n,
> + __glibc_objsize (__dest));
> }
> #else
> extern char *__stpncpy_chk (char *__dest, const char *__src, size_t __n,
> @@ -118,7 +124,7 @@ __NTH (stpncpy (char *__dest, const char *__src, size_t __n))
> __fortify_function char *
> __NTH (strcat (char *__restrict __dest, const char *__restrict __src))
> {
> - return __builtin___strcat_chk (__dest, __src, __bos (__dest));
> + return __builtin___strcat_chk (__dest, __src, __glibc_objsize (__dest));
> }
>
>
> @@ -126,7 +132,8 @@ __fortify_function char *
> __NTH (strncat (char *__restrict __dest, const char *__restrict __src,
> size_t __len))
> {
> - return __builtin___strncat_chk (__dest, __src, __len, __bos (__dest));
> + return __builtin___strncat_chk (__dest, __src, __len,
> + __glibc_objsize (__dest));
> }
>
> #endif /* bits/string_fortified.h */
> diff --git a/string/bits/strings_fortified.h b/string/bits/strings_fortified.h
> index d4091f4f69..7752faf4e3 100644
> --- a/string/bits/strings_fortified.h
> +++ b/string/bits/strings_fortified.h
> @@ -22,13 +22,15 @@
> __fortify_function void
> __NTH (bcopy (const void *__src, void *__dest, size_t __len))
> {
> - (void) __builtin___memmove_chk (__dest, __src, __len, __bos0 (__dest));
> + (void) __builtin___memmove_chk (__dest, __src, __len,
> + __glibc_objsize0 (__dest));
> }
>
> __fortify_function void
> __NTH (bzero (void *__dest, size_t __len))
> {
> - (void) __builtin___memset_chk (__dest, '\0', __len, __bos0 (__dest));
> + (void) __builtin___memset_chk (__dest, '\0', __len,
> + __glibc_objsize0 (__dest));
> }
>
> #endif
>
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [PATCH v7 4/4] nonstring: Enable __FORTIFY_LEVEL=3
2020-12-30 6:43 ` [PATCH v7 4/4] nonstring: " Siddhesh Poyarekar via Libc-alpha
@ 2020-12-31 10:50 ` Adhemerval Zanella via Libc-alpha
0 siblings, 0 replies; 10+ messages in thread
From: Adhemerval Zanella via Libc-alpha @ 2020-12-31 10:50 UTC (permalink / raw
To: Siddhesh Poyarekar, libc-alpha; +Cc: fweimer, jakub
On 30/12/2020 03:43, Siddhesh Poyarekar wrote:
> Use __builtin_dynamic_object_size in the remaining functions that
> don't have compiler builtins as is the case for string functions.
LGTM, thanks.
Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
> ---
> io/bits/poll2.h | 18 +++---
> libio/bits/stdio.h | 2 +-
> libio/bits/stdio2.h | 62 ++++++++++--------
> posix/bits/unistd.h | 120 ++++++++++++++++++----------------
> socket/bits/socket2.h | 22 ++++---
> stdlib/bits/stdlib.h | 42 ++++++------
> wcsmbs/bits/wchar2.h | 146 ++++++++++++++++++++++++------------------
> 7 files changed, 229 insertions(+), 183 deletions(-)
>
> diff --git a/io/bits/poll2.h b/io/bits/poll2.h
> index dca49717db..d204351bd0 100644
> --- a/io/bits/poll2.h
> +++ b/io/bits/poll2.h
> @@ -35,12 +35,13 @@ extern int __REDIRECT (__poll_chk_warn, (struct pollfd *__fds, nfds_t __nfds,
> __fortify_function int
> poll (struct pollfd *__fds, nfds_t __nfds, int __timeout)
> {
> - if (__bos (__fds) != (__SIZE_TYPE__) -1)
> + if (__glibc_objsize (__fds) != (__SIZE_TYPE__) -1)
> {
> if (! __builtin_constant_p (__nfds))
> - return __poll_chk (__fds, __nfds, __timeout, __bos (__fds));
> - else if (__bos (__fds) / sizeof (*__fds) < __nfds)
> - return __poll_chk_warn (__fds, __nfds, __timeout, __bos (__fds));
> + return __poll_chk (__fds, __nfds, __timeout, __glibc_objsize (__fds));
> + else if (__glibc_objsize (__fds) / sizeof (*__fds) < __nfds)
> + return __poll_chk_warn (__fds, __nfds, __timeout,
> + __glibc_objsize (__fds));
> }
>
> return __poll_alias (__fds, __nfds, __timeout);
> @@ -65,13 +66,14 @@ __fortify_function int
> ppoll (struct pollfd *__fds, nfds_t __nfds, const struct timespec *__timeout,
> const __sigset_t *__ss)
> {
> - if (__bos (__fds) != (__SIZE_TYPE__) -1)
> + if (__glibc_objsize (__fds) != (__SIZE_TYPE__) -1)
> {
> if (! __builtin_constant_p (__nfds))
> - return __ppoll_chk (__fds, __nfds, __timeout, __ss, __bos (__fds));
> - else if (__bos (__fds) / sizeof (*__fds) < __nfds)
> + return __ppoll_chk (__fds, __nfds, __timeout, __ss,
> + __glibc_objsize (__fds));
> + else if (__glibc_objsize (__fds) / sizeof (*__fds) < __nfds)
> return __ppoll_chk_warn (__fds, __nfds, __timeout, __ss,
> - __bos (__fds));
> + __glibc_objsize (__fds));
> }
>
> return __ppoll_alias (__fds, __nfds, __timeout, __ss);
> diff --git a/libio/bits/stdio.h b/libio/bits/stdio.h
> index 6745571ed5..6d1f0f9fc9 100644
> --- a/libio/bits/stdio.h
> +++ b/libio/bits/stdio.h
> @@ -31,7 +31,7 @@
>
>
> #ifdef __USE_EXTERN_INLINES
> -/* For -D_FORTIFY_SOURCE{,=2} bits/stdio2.h will define a different
> +/* For -D_FORTIFY_SOURCE{,=2,=3} bits/stdio2.h will define a different
> inline. */
> # if !(__USE_FORTIFY_LEVEL > 0 && defined __fortify_function)
> /* Write formatted output to stdout from argument list ARG. */
> diff --git a/libio/bits/stdio2.h b/libio/bits/stdio2.h
> index ff9202c2cb..365c25b7b0 100644
> --- a/libio/bits/stdio2.h
> +++ b/libio/bits/stdio2.h
> @@ -36,12 +36,13 @@ __fortify_function int
> __NTH (sprintf (char *__restrict __s, const char *__restrict __fmt, ...))
> {
> return __builtin___sprintf_chk (__s, __USE_FORTIFY_LEVEL - 1,
> - __bos (__s), __fmt, __va_arg_pack ());
> + __glibc_objsize (__s), __fmt,
> + __va_arg_pack ());
> }
> #elif !defined __cplusplus
> # define sprintf(str, ...) \
> - __builtin___sprintf_chk (str, __USE_FORTIFY_LEVEL - 1, __bos (str), \
> - __VA_ARGS__)
> + __builtin___sprintf_chk (str, __USE_FORTIFY_LEVEL - 1, \
> + __glibc_objsize (str), __VA_ARGS__)
> #endif
>
> __fortify_function int
> @@ -49,7 +50,7 @@ __NTH (vsprintf (char *__restrict __s, const char *__restrict __fmt,
> __gnuc_va_list __ap))
> {
> return __builtin___vsprintf_chk (__s, __USE_FORTIFY_LEVEL - 1,
> - __bos (__s), __fmt, __ap);
> + __glibc_objsize (__s), __fmt, __ap);
> }
>
> #if defined __USE_ISOC99 || defined __USE_UNIX98
> @@ -68,12 +69,13 @@ __NTH (snprintf (char *__restrict __s, size_t __n,
> const char *__restrict __fmt, ...))
> {
> return __builtin___snprintf_chk (__s, __n, __USE_FORTIFY_LEVEL - 1,
> - __bos (__s), __fmt, __va_arg_pack ());
> + __glibc_objsize (__s), __fmt,
> + __va_arg_pack ());
> }
> # elif !defined __cplusplus
> # define snprintf(str, len, ...) \
> - __builtin___snprintf_chk (str, len, __USE_FORTIFY_LEVEL - 1, __bos (str), \
> - __VA_ARGS__)
> + __builtin___snprintf_chk (str, len, __USE_FORTIFY_LEVEL - 1, \
> + __glibc_objsize (str), __VA_ARGS__)
> # endif
>
> __fortify_function int
> @@ -81,7 +83,7 @@ __NTH (vsnprintf (char *__restrict __s, size_t __n,
> const char *__restrict __fmt, __gnuc_va_list __ap))
> {
> return __builtin___vsnprintf_chk (__s, __n, __USE_FORTIFY_LEVEL - 1,
> - __bos (__s), __fmt, __ap);
> + __glibc_objsize (__s), __fmt, __ap);
> }
>
> #endif
> @@ -237,8 +239,8 @@ extern char *__REDIRECT (__gets_warn, (char *__str), gets)
> __fortify_function __wur char *
> gets (char *__str)
> {
> - if (__bos (__str) != (size_t) -1)
> - return __gets_chk (__str, __bos (__str));
> + if (__glibc_objsize (__str) != (size_t) -1)
> + return __gets_chk (__str, __glibc_objsize (__str));
> return __gets_warn (__str);
> }
> #endif
> @@ -259,13 +261,13 @@ extern char *__REDIRECT (__fgets_chk_warn,
> __fortify_function __wur __attr_access ((__write_only__, 1, 2)) char *
> fgets (char *__restrict __s, int __n, FILE *__restrict __stream)
> {
> - if (__bos (__s) != (size_t) -1)
> + if (__glibc_objsize (__s) != (size_t) -1)
> {
> if (!__builtin_constant_p (__n) || __n <= 0)
> - return __fgets_chk (__s, __bos (__s), __n, __stream);
> + return __fgets_chk (__s, __glibc_objsize (__s), __n, __stream);
>
> - if ((size_t) __n > __bos (__s))
> - return __fgets_chk_warn (__s, __bos (__s), __n, __stream);
> + if ((size_t) __n > __glibc_objsize (__s))
> + return __fgets_chk_warn (__s, __glibc_objsize (__s), __n, __stream);
> }
> return __fgets_alias (__s, __n, __stream);
> }
> @@ -289,15 +291,17 @@ __fortify_function __wur size_t
> fread (void *__restrict __ptr, size_t __size, size_t __n,
> FILE *__restrict __stream)
> {
> - if (__bos0 (__ptr) != (size_t) -1)
> + if (__glibc_objsize0 (__ptr) != (size_t) -1)
> {
> if (!__builtin_constant_p (__size)
> || !__builtin_constant_p (__n)
> || (__size | __n) >= (((size_t) 1) << (8 * sizeof (size_t) / 2)))
> - return __fread_chk (__ptr, __bos0 (__ptr), __size, __n, __stream);
> + return __fread_chk (__ptr, __glibc_objsize0 (__ptr), __size, __n,
> + __stream);
>
> - if (__size * __n > __bos0 (__ptr))
> - return __fread_chk_warn (__ptr, __bos0 (__ptr), __size, __n, __stream);
> + if (__size * __n > __glibc_objsize0 (__ptr))
> + return __fread_chk_warn (__ptr, __glibc_objsize0 (__ptr), __size, __n,
> + __stream);
> }
> return __fread_alias (__ptr, __size, __n, __stream);
> }
> @@ -319,13 +323,15 @@ extern char *__REDIRECT (__fgets_unlocked_chk_warn,
> __fortify_function __wur __attr_access ((__write_only__, 1, 2)) char *
> fgets_unlocked (char *__restrict __s, int __n, FILE *__restrict __stream)
> {
> - if (__bos (__s) != (size_t) -1)
> + if (__glibc_objsize (__s) != (size_t) -1)
> {
> if (!__builtin_constant_p (__n) || __n <= 0)
> - return __fgets_unlocked_chk (__s, __bos (__s), __n, __stream);
> + return __fgets_unlocked_chk (__s, __glibc_objsize (__s), __n,
> + __stream);
>
> - if ((size_t) __n > __bos (__s))
> - return __fgets_unlocked_chk_warn (__s, __bos (__s), __n, __stream);
> + if ((size_t) __n > __glibc_objsize (__s))
> + return __fgets_unlocked_chk_warn (__s, __glibc_objsize (__s), __n,
> + __stream);
> }
> return __fgets_unlocked_alias (__s, __n, __stream);
> }
> @@ -352,17 +358,17 @@ __fortify_function __wur size_t
> fread_unlocked (void *__restrict __ptr, size_t __size, size_t __n,
> FILE *__restrict __stream)
> {
> - if (__bos0 (__ptr) != (size_t) -1)
> + if (__glibc_objsize0 (__ptr) != (size_t) -1)
> {
> if (!__builtin_constant_p (__size)
> || !__builtin_constant_p (__n)
> || (__size | __n) >= (((size_t) 1) << (8 * sizeof (size_t) / 2)))
> - return __fread_unlocked_chk (__ptr, __bos0 (__ptr), __size, __n,
> - __stream);
> + return __fread_unlocked_chk (__ptr, __glibc_objsize0 (__ptr), __size,
> + __n, __stream);
>
> - if (__size * __n > __bos0 (__ptr))
> - return __fread_unlocked_chk_warn (__ptr, __bos0 (__ptr), __size, __n,
> - __stream);
> + if (__size * __n > __glibc_objsize0 (__ptr))
> + return __fread_unlocked_chk_warn (__ptr, __glibc_objsize0 (__ptr),
> + __size, __n, __stream);
> }
>
> # ifdef __USE_EXTERN_INLINES
> diff --git a/posix/bits/unistd.h b/posix/bits/unistd.h
> index 725a83eb0d..6c5ed0c618 100644
> --- a/posix/bits/unistd.h
> +++ b/posix/bits/unistd.h
> @@ -35,13 +35,14 @@ extern ssize_t __REDIRECT (__read_chk_warn,
> __fortify_function __wur ssize_t
> read (int __fd, void *__buf, size_t __nbytes)
> {
> - if (__bos0 (__buf) != (size_t) -1)
> + if (__glibc_objsize0 (__buf) != (size_t) -1)
> {
> if (!__builtin_constant_p (__nbytes))
> - return __read_chk (__fd, __buf, __nbytes, __bos0 (__buf));
> + return __read_chk (__fd, __buf, __nbytes, __glibc_objsize0 (__buf));
>
> - if (__nbytes > __bos0 (__buf))
> - return __read_chk_warn (__fd, __buf, __nbytes, __bos0 (__buf));
> + if (__nbytes > __glibc_objsize0 (__buf))
> + return __read_chk_warn (__fd, __buf, __nbytes,
> + __glibc_objsize0 (__buf));
> }
> return __read_alias (__fd, __buf, __nbytes);
> }
> @@ -77,14 +78,15 @@ extern ssize_t __REDIRECT (__pread64_chk_warn,
> __fortify_function __wur ssize_t
> pread (int __fd, void *__buf, size_t __nbytes, __off_t __offset)
> {
> - if (__bos0 (__buf) != (size_t) -1)
> + if (__glibc_objsize0 (__buf) != (size_t) -1)
> {
> if (!__builtin_constant_p (__nbytes))
> - return __pread_chk (__fd, __buf, __nbytes, __offset, __bos0 (__buf));
> + return __pread_chk (__fd, __buf, __nbytes, __offset,
> + __glibc_objsize0 (__buf));
>
> - if ( __nbytes > __bos0 (__buf))
> + if ( __nbytes > __glibc_objsize0 (__buf))
> return __pread_chk_warn (__fd, __buf, __nbytes, __offset,
> - __bos0 (__buf));
> + __glibc_objsize0 (__buf));
> }
> return __pread_alias (__fd, __buf, __nbytes, __offset);
> }
> @@ -92,14 +94,15 @@ pread (int __fd, void *__buf, size_t __nbytes, __off_t __offset)
> __fortify_function __wur ssize_t
> pread (int __fd, void *__buf, size_t __nbytes, __off64_t __offset)
> {
> - if (__bos0 (__buf) != (size_t) -1)
> + if (__glibc_objsize0 (__buf) != (size_t) -1)
> {
> if (!__builtin_constant_p (__nbytes))
> - return __pread64_chk (__fd, __buf, __nbytes, __offset, __bos0 (__buf));
> + return __pread64_chk (__fd, __buf, __nbytes, __offset,
> + __glibc_objsize0 (__buf));
>
> - if ( __nbytes > __bos0 (__buf))
> + if ( __nbytes > __glibc_objsize0 (__buf))
> return __pread64_chk_warn (__fd, __buf, __nbytes, __offset,
> - __bos0 (__buf));
> + __glibc_objsize0 (__buf));
> }
>
> return __pread64_alias (__fd, __buf, __nbytes, __offset);
> @@ -110,14 +113,15 @@ pread (int __fd, void *__buf, size_t __nbytes, __off64_t __offset)
> __fortify_function __wur ssize_t
> pread64 (int __fd, void *__buf, size_t __nbytes, __off64_t __offset)
> {
> - if (__bos0 (__buf) != (size_t) -1)
> + if (__glibc_objsize0 (__buf) != (size_t) -1)
> {
> if (!__builtin_constant_p (__nbytes))
> - return __pread64_chk (__fd, __buf, __nbytes, __offset, __bos0 (__buf));
> + return __pread64_chk (__fd, __buf, __nbytes, __offset,
> + __glibc_objsize0 (__buf));
>
> - if ( __nbytes > __bos0 (__buf))
> + if ( __nbytes > __glibc_objsize0 (__buf))
> return __pread64_chk_warn (__fd, __buf, __nbytes, __offset,
> - __bos0 (__buf));
> + __glibc_objsize0 (__buf));
> }
>
> return __pread64_alias (__fd, __buf, __nbytes, __offset);
> @@ -145,13 +149,14 @@ __fortify_function __nonnull ((1, 2)) __wur ssize_t
> __NTH (readlink (const char *__restrict __path, char *__restrict __buf,
> size_t __len))
> {
> - if (__bos (__buf) != (size_t) -1)
> + if (__glibc_objsize (__buf) != (size_t) -1)
> {
> if (!__builtin_constant_p (__len))
> - return __readlink_chk (__path, __buf, __len, __bos (__buf));
> + return __readlink_chk (__path, __buf, __len, __glibc_objsize (__buf));
>
> - if ( __len > __bos (__buf))
> - return __readlink_chk_warn (__path, __buf, __len, __bos (__buf));
> + if ( __len > __glibc_objsize (__buf))
> + return __readlink_chk_warn (__path, __buf, __len,
> + __glibc_objsize (__buf));
> }
> return __readlink_alias (__path, __buf, __len);
> }
> @@ -179,14 +184,15 @@ __fortify_function __nonnull ((2, 3)) __wur ssize_t
> __NTH (readlinkat (int __fd, const char *__restrict __path,
> char *__restrict __buf, size_t __len))
> {
> - if (__bos (__buf) != (size_t) -1)
> + if (__glibc_objsize (__buf) != (size_t) -1)
> {
> if (!__builtin_constant_p (__len))
> - return __readlinkat_chk (__fd, __path, __buf, __len, __bos (__buf));
> + return __readlinkat_chk (__fd, __path, __buf, __len,
> + __glibc_objsize (__buf));
>
> - if (__len > __bos (__buf))
> + if (__len > __glibc_objsize (__buf))
> return __readlinkat_chk_warn (__fd, __path, __buf, __len,
> - __bos (__buf));
> + __glibc_objsize (__buf));
> }
> return __readlinkat_alias (__fd, __path, __buf, __len);
> }
> @@ -206,13 +212,13 @@ extern char *__REDIRECT_NTH (__getcwd_chk_warn,
> __fortify_function __wur char *
> __NTH (getcwd (char *__buf, size_t __size))
> {
> - if (__bos (__buf) != (size_t) -1)
> + if (__glibc_objsize (__buf) != (size_t) -1)
> {
> if (!__builtin_constant_p (__size))
> - return __getcwd_chk (__buf, __size, __bos (__buf));
> + return __getcwd_chk (__buf, __size, __glibc_objsize (__buf));
>
> - if (__size > __bos (__buf))
> - return __getcwd_chk_warn (__buf, __size, __bos (__buf));
> + if (__size > __glibc_objsize (__buf))
> + return __getcwd_chk_warn (__buf, __size, __glibc_objsize (__buf));
> }
> return __getcwd_alias (__buf, __size);
> }
> @@ -227,8 +233,8 @@ extern char *__REDIRECT_NTH (__getwd_warn, (char *__buf), getwd)
> __fortify_function __nonnull ((1)) __attribute_deprecated__ __wur char *
> __NTH (getwd (char *__buf))
> {
> - if (__bos (__buf) != (size_t) -1)
> - return __getwd_chk (__buf, __bos (__buf));
> + if (__glibc_objsize (__buf) != (size_t) -1)
> + return __getwd_chk (__buf, __glibc_objsize (__buf));
> return __getwd_warn (__buf);
> }
> #endif
> @@ -248,13 +254,14 @@ extern size_t __REDIRECT_NTH (__confstr_chk_warn,
> __fortify_function size_t
> __NTH (confstr (int __name, char *__buf, size_t __len))
> {
> - if (__bos (__buf) != (size_t) -1)
> + if (__glibc_objsize (__buf) != (size_t) -1)
> {
> if (!__builtin_constant_p (__len))
> - return __confstr_chk (__name, __buf, __len, __bos (__buf));
> + return __confstr_chk (__name, __buf, __len, __glibc_objsize (__buf));
>
> - if (__bos (__buf) < __len)
> - return __confstr_chk_warn (__name, __buf, __len, __bos (__buf));
> + if (__glibc_objsize (__buf) < __len)
> + return __confstr_chk_warn (__name, __buf, __len,
> + __glibc_objsize (__buf));
> }
> return __confstr_alias (__name, __buf, __len);
> }
> @@ -273,13 +280,13 @@ extern int __REDIRECT_NTH (__getgroups_chk_warn,
> __fortify_function int
> __NTH (getgroups (int __size, __gid_t __list[]))
> {
> - if (__bos (__list) != (size_t) -1)
> + if (__glibc_objsize (__list) != (size_t) -1)
> {
> if (!__builtin_constant_p (__size) || __size < 0)
> - return __getgroups_chk (__size, __list, __bos (__list));
> + return __getgroups_chk (__size, __list, __glibc_objsize (__list));
>
> - if (__size * sizeof (__gid_t) > __bos (__list))
> - return __getgroups_chk_warn (__size, __list, __bos (__list));
> + if (__size * sizeof (__gid_t) > __glibc_objsize (__list))
> + return __getgroups_chk_warn (__size, __list, __glibc_objsize (__list));
> }
> return __getgroups_alias (__size, __list);
> }
> @@ -300,13 +307,15 @@ extern int __REDIRECT_NTH (__ttyname_r_chk_warn,
> __fortify_function int
> __NTH (ttyname_r (int __fd, char *__buf, size_t __buflen))
> {
> - if (__bos (__buf) != (size_t) -1)
> + if (__glibc_objsize (__buf) != (size_t) -1)
> {
> if (!__builtin_constant_p (__buflen))
> - return __ttyname_r_chk (__fd, __buf, __buflen, __bos (__buf));
> + return __ttyname_r_chk (__fd, __buf, __buflen,
> + __glibc_objsize (__buf));
>
> - if (__buflen > __bos (__buf))
> - return __ttyname_r_chk_warn (__fd, __buf, __buflen, __bos (__buf));
> + if (__buflen > __glibc_objsize (__buf))
> + return __ttyname_r_chk_warn (__fd, __buf, __buflen,
> + __glibc_objsize (__buf));
> }
> return __ttyname_r_alias (__fd, __buf, __buflen);
> }
> @@ -326,13 +335,14 @@ extern int __REDIRECT (__getlogin_r_chk_warn,
> __fortify_function int
> getlogin_r (char *__buf, size_t __buflen)
> {
> - if (__bos (__buf) != (size_t) -1)
> + if (__glibc_objsize (__buf) != (size_t) -1)
> {
> if (!__builtin_constant_p (__buflen))
> - return __getlogin_r_chk (__buf, __buflen, __bos (__buf));
> + return __getlogin_r_chk (__buf, __buflen, __glibc_objsize (__buf));
>
> - if (__buflen > __bos (__buf))
> - return __getlogin_r_chk_warn (__buf, __buflen, __bos (__buf));
> + if (__buflen > __glibc_objsize (__buf))
> + return __getlogin_r_chk_warn (__buf, __buflen,
> + __glibc_objsize (__buf));
> }
> return __getlogin_r_alias (__buf, __buflen);
> }
> @@ -354,13 +364,14 @@ extern int __REDIRECT_NTH (__gethostname_chk_warn,
> __fortify_function int
> __NTH (gethostname (char *__buf, size_t __buflen))
> {
> - if (__bos (__buf) != (size_t) -1)
> + if (__glibc_objsize (__buf) != (size_t) -1)
> {
> if (!__builtin_constant_p (__buflen))
> - return __gethostname_chk (__buf, __buflen, __bos (__buf));
> + return __gethostname_chk (__buf, __buflen, __glibc_objsize (__buf));
>
> - if (__buflen > __bos (__buf))
> - return __gethostname_chk_warn (__buf, __buflen, __bos (__buf));
> + if (__buflen > __glibc_objsize (__buf))
> + return __gethostname_chk_warn (__buf, __buflen,
> + __glibc_objsize (__buf));
> }
> return __gethostname_alias (__buf, __buflen);
> }
> @@ -384,13 +395,14 @@ extern int __REDIRECT_NTH (__getdomainname_chk_warn,
> __fortify_function int
> __NTH (getdomainname (char *__buf, size_t __buflen))
> {
> - if (__bos (__buf) != (size_t) -1)
> + if (__glibc_objsize (__buf) != (size_t) -1)
> {
> if (!__builtin_constant_p (__buflen))
> - return __getdomainname_chk (__buf, __buflen, __bos (__buf));
> + return __getdomainname_chk (__buf, __buflen, __glibc_objsize (__buf));
>
> - if (__buflen > __bos (__buf))
> - return __getdomainname_chk_warn (__buf, __buflen, __bos (__buf));
> + if (__buflen > __glibc_objsize (__buf))
> + return __getdomainname_chk_warn (__buf, __buflen,
> + __glibc_objsize (__buf));
> }
> return __getdomainname_alias (__buf, __buflen);
> }
> diff --git a/socket/bits/socket2.h b/socket/bits/socket2.h
> index c0421ce244..05418ba9c3 100644
> --- a/socket/bits/socket2.h
> +++ b/socket/bits/socket2.h
> @@ -33,13 +33,15 @@ extern ssize_t __REDIRECT (__recv_chk_warn,
> __fortify_function ssize_t
> recv (int __fd, void *__buf, size_t __n, int __flags)
> {
> - if (__bos0 (__buf) != (size_t) -1)
> + if (__glibc_objsize0 (__buf) != (size_t) -1)
> {
> if (!__builtin_constant_p (__n))
> - return __recv_chk (__fd, __buf, __n, __bos0 (__buf), __flags);
> + return __recv_chk (__fd, __buf, __n, __glibc_objsize0 (__buf),
> + __flags);
>
> - if (__n > __bos0 (__buf))
> - return __recv_chk_warn (__fd, __buf, __n, __bos0 (__buf), __flags);
> + if (__n > __glibc_objsize0 (__buf))
> + return __recv_chk_warn (__fd, __buf, __n, __glibc_objsize0 (__buf),
> + __flags);
> }
> return __recv_alias (__fd, __buf, __n, __flags);
> }
> @@ -64,14 +66,14 @@ __fortify_function ssize_t
> recvfrom (int __fd, void *__restrict __buf, size_t __n, int __flags,
> __SOCKADDR_ARG __addr, socklen_t *__restrict __addr_len)
> {
> - if (__bos0 (__buf) != (size_t) -1)
> + if (__glibc_objsize0 (__buf) != (size_t) -1)
> {
> if (!__builtin_constant_p (__n))
> - return __recvfrom_chk (__fd, __buf, __n, __bos0 (__buf), __flags,
> - __addr, __addr_len);
> - if (__n > __bos0 (__buf))
> - return __recvfrom_chk_warn (__fd, __buf, __n, __bos0 (__buf), __flags,
> - __addr, __addr_len);
> + return __recvfrom_chk (__fd, __buf, __n, __glibc_objsize0 (__buf),
> + __flags, __addr, __addr_len);
> + if (__n > __glibc_objsize0 (__buf))
> + return __recvfrom_chk_warn (__fd, __buf, __n, __glibc_objsize0 (__buf),
> + __flags, __addr, __addr_len);
> }
> return __recvfrom_alias (__fd, __buf, __n, __flags, __addr, __addr_len);
> }
> diff --git a/stdlib/bits/stdlib.h b/stdlib/bits/stdlib.h
> index 9134d3f36b..b495cd6929 100644
> --- a/stdlib/bits/stdlib.h
> +++ b/stdlib/bits/stdlib.h
> @@ -36,13 +36,14 @@ extern char *__REDIRECT_NTH (__realpath_chk_warn,
> __fortify_function __wur char *
> __NTH (realpath (const char *__restrict __name, char *__restrict __resolved))
> {
> - if (__bos (__resolved) != (size_t) -1)
> + if (__glibc_objsize (__resolved) != (size_t) -1)
> {
> #if defined _LIBC_LIMITS_H_ && defined PATH_MAX
> - if (__bos (__resolved) < PATH_MAX)
> - return __realpath_chk_warn (__name, __resolved, __bos (__resolved));
> + if (__glibc_objsize (__resolved) < PATH_MAX)
> + return __realpath_chk_warn (__name, __resolved,
> + __glibc_objsize (__resolved));
> #endif
> - return __realpath_chk (__name, __resolved, __bos (__resolved));
> + return __realpath_chk (__name, __resolved, __glibc_objsize (__resolved));
> }
>
> return __realpath_alias (__name, __resolved);
> @@ -64,12 +65,14 @@ extern int __REDIRECT_NTH (__ptsname_r_chk_warn,
> __fortify_function int
> __NTH (ptsname_r (int __fd, char *__buf, size_t __buflen))
> {
> - if (__bos (__buf) != (size_t) -1)
> + if (__glibc_objsize (__buf) != (size_t) -1)
> {
> if (!__builtin_constant_p (__buflen))
> - return __ptsname_r_chk (__fd, __buf, __buflen, __bos (__buf));
> - if (__buflen > __bos (__buf))
> - return __ptsname_r_chk_warn (__fd, __buf, __buflen, __bos (__buf));
> + return __ptsname_r_chk (__fd, __buf, __buflen,
> + __glibc_objsize (__buf));
> + if (__buflen > __glibc_objsize (__buf))
> + return __ptsname_r_chk_warn (__fd, __buf, __buflen,
> + __glibc_objsize (__buf));
> }
> return __ptsname_r_alias (__fd, __buf, __buflen);
> }
> @@ -90,8 +93,9 @@ __NTH (wctomb (char *__s, wchar_t __wchar))
> #if defined MB_LEN_MAX && MB_LEN_MAX != __STDLIB_MB_LEN_MAX
> # error "Assumed value of MB_LEN_MAX wrong"
> #endif
> - if (__bos (__s) != (size_t) -1 && __STDLIB_MB_LEN_MAX > __bos (__s))
> - return __wctomb_chk (__s, __wchar, __bos (__s));
> + if (__glibc_objsize (__s) != (size_t) -1
> + && __STDLIB_MB_LEN_MAX > __glibc_objsize (__s))
> + return __wctomb_chk (__s, __wchar, __glibc_objsize (__s));
> return __wctomb_alias (__s, __wchar);
> }
>
> @@ -116,15 +120,16 @@ __fortify_function size_t
> __NTH (mbstowcs (wchar_t *__restrict __dst, const char *__restrict __src,
> size_t __len))
> {
> - if (__bos (__dst) != (size_t) -1)
> + if (__glibc_objsize (__dst) != (size_t) -1)
> {
> if (!__builtin_constant_p (__len))
> return __mbstowcs_chk (__dst, __src, __len,
> - __bos (__dst) / sizeof (wchar_t));
> + __glibc_objsize (__dst) / sizeof (wchar_t));
>
> - if (__len > __bos (__dst) / sizeof (wchar_t))
> + if (__len > __glibc_objsize (__dst) / sizeof (wchar_t))
> return __mbstowcs_chk_warn (__dst, __src, __len,
> - __bos (__dst) / sizeof (wchar_t));
> + (__glibc_objsize (__dst)
> + / sizeof (wchar_t)));
> }
> return __mbstowcs_alias (__dst, __src, __len);
> }
> @@ -149,12 +154,13 @@ __fortify_function size_t
> __NTH (wcstombs (char *__restrict __dst, const wchar_t *__restrict __src,
> size_t __len))
> {
> - if (__bos (__dst) != (size_t) -1)
> + if (__glibc_objsize (__dst) != (size_t) -1)
> {
> if (!__builtin_constant_p (__len))
> - return __wcstombs_chk (__dst, __src, __len, __bos (__dst));
> - if (__len > __bos (__dst))
> - return __wcstombs_chk_warn (__dst, __src, __len, __bos (__dst));
> + return __wcstombs_chk (__dst, __src, __len, __glibc_objsize (__dst));
> + if (__len > __glibc_objsize (__dst))
> + return __wcstombs_chk_warn (__dst, __src, __len,
> + __glibc_objsize (__dst));
> }
> return __wcstombs_alias (__dst, __src, __len);
> }
> diff --git a/wcsmbs/bits/wchar2.h b/wcsmbs/bits/wchar2.h
> index 86e8e23e76..6631d6f76d 100644
> --- a/wcsmbs/bits/wchar2.h
> +++ b/wcsmbs/bits/wchar2.h
> @@ -39,15 +39,15 @@ __fortify_function wchar_t *
> __NTH (wmemcpy (wchar_t *__restrict __s1, const wchar_t *__restrict __s2,
> size_t __n))
> {
> - if (__bos0 (__s1) != (size_t) -1)
> + if (__glibc_objsize0 (__s1) != (size_t) -1)
> {
> if (!__builtin_constant_p (__n))
> return __wmemcpy_chk (__s1, __s2, __n,
> - __bos0 (__s1) / sizeof (wchar_t));
> + __glibc_objsize0 (__s1) / sizeof (wchar_t));
>
> - if (__n > __bos0 (__s1) / sizeof (wchar_t))
> + if (__n > __glibc_objsize0 (__s1) / sizeof (wchar_t))
> return __wmemcpy_chk_warn (__s1, __s2, __n,
> - __bos0 (__s1) / sizeof (wchar_t));
> + __glibc_objsize0 (__s1) / sizeof (wchar_t));
> }
> return __wmemcpy_alias (__s1, __s2, __n);
> }
> @@ -67,15 +67,16 @@ extern wchar_t *__REDIRECT_NTH (__wmemmove_chk_warn,
> __fortify_function wchar_t *
> __NTH (wmemmove (wchar_t *__s1, const wchar_t *__s2, size_t __n))
> {
> - if (__bos0 (__s1) != (size_t) -1)
> + if (__glibc_objsize0 (__s1) != (size_t) -1)
> {
> if (!__builtin_constant_p (__n))
> return __wmemmove_chk (__s1, __s2, __n,
> - __bos0 (__s1) / sizeof (wchar_t));
> + __glibc_objsize0 (__s1) / sizeof (wchar_t));
>
> - if (__n > __bos0 (__s1) / sizeof (wchar_t))
> + if (__n > __glibc_objsize0 (__s1) / sizeof (wchar_t))
> return __wmemmove_chk_warn (__s1, __s2, __n,
> - __bos0 (__s1) / sizeof (wchar_t));
> + (__glibc_objsize0 (__s1)
> + / sizeof (wchar_t)));
> }
> return __wmemmove_alias (__s1, __s2, __n);
> }
> @@ -100,15 +101,16 @@ __fortify_function wchar_t *
> __NTH (wmempcpy (wchar_t *__restrict __s1, const wchar_t *__restrict __s2,
> size_t __n))
> {
> - if (__bos0 (__s1) != (size_t) -1)
> + if (__glibc_objsize0 (__s1) != (size_t) -1)
> {
> if (!__builtin_constant_p (__n))
> return __wmempcpy_chk (__s1, __s2, __n,
> - __bos0 (__s1) / sizeof (wchar_t));
> + __glibc_objsize0 (__s1) / sizeof (wchar_t));
>
> - if (__n > __bos0 (__s1) / sizeof (wchar_t))
> + if (__n > __glibc_objsize0 (__s1) / sizeof (wchar_t))
> return __wmempcpy_chk_warn (__s1, __s2, __n,
> - __bos0 (__s1) / sizeof (wchar_t));
> + (__glibc_objsize0 (__s1)
> + / sizeof (wchar_t)));
> }
> return __wmempcpy_alias (__s1, __s2, __n);
> }
> @@ -128,14 +130,15 @@ extern wchar_t *__REDIRECT_NTH (__wmemset_chk_warn,
> __fortify_function wchar_t *
> __NTH (wmemset (wchar_t *__s, wchar_t __c, size_t __n))
> {
> - if (__bos0 (__s) != (size_t) -1)
> + if (__glibc_objsize0 (__s) != (size_t) -1)
> {
> if (!__builtin_constant_p (__n))
> - return __wmemset_chk (__s, __c, __n, __bos0 (__s) / sizeof (wchar_t));
> + return __wmemset_chk (__s, __c, __n,
> + __glibc_objsize0 (__s) / sizeof (wchar_t));
>
> - if (__n > __bos0 (__s) / sizeof (wchar_t))
> + if (__n > __glibc_objsize0 (__s) / sizeof (wchar_t))
> return __wmemset_chk_warn (__s, __c, __n,
> - __bos0 (__s) / sizeof (wchar_t));
> + __glibc_objsize0 (__s) / sizeof (wchar_t));
> }
> return __wmemset_alias (__s, __c, __n);
> }
> @@ -151,8 +154,9 @@ extern wchar_t *__REDIRECT_NTH (__wcscpy_alias,
> __fortify_function wchar_t *
> __NTH (wcscpy (wchar_t *__restrict __dest, const wchar_t *__restrict __src))
> {
> - if (__bos (__dest) != (size_t) -1)
> - return __wcscpy_chk (__dest, __src, __bos (__dest) / sizeof (wchar_t));
> + if (__glibc_objsize (__dest) != (size_t) -1)
> + return __wcscpy_chk (__dest, __src,
> + __glibc_objsize (__dest) / sizeof (wchar_t));
> return __wcscpy_alias (__dest, __src);
> }
>
> @@ -167,8 +171,9 @@ extern wchar_t *__REDIRECT_NTH (__wcpcpy_alias,
> __fortify_function wchar_t *
> __NTH (wcpcpy (wchar_t *__restrict __dest, const wchar_t *__restrict __src))
> {
> - if (__bos (__dest) != (size_t) -1)
> - return __wcpcpy_chk (__dest, __src, __bos (__dest) / sizeof (wchar_t));
> + if (__glibc_objsize (__dest) != (size_t) -1)
> + return __wcpcpy_chk (__dest, __src,
> + __glibc_objsize (__dest) / sizeof (wchar_t));
> return __wcpcpy_alias (__dest, __src);
> }
>
> @@ -191,14 +196,15 @@ __fortify_function wchar_t *
> __NTH (wcsncpy (wchar_t *__restrict __dest, const wchar_t *__restrict __src,
> size_t __n))
> {
> - if (__bos (__dest) != (size_t) -1)
> + if (__glibc_objsize (__dest) != (size_t) -1)
> {
> if (!__builtin_constant_p (__n))
> return __wcsncpy_chk (__dest, __src, __n,
> - __bos (__dest) / sizeof (wchar_t));
> - if (__n > __bos (__dest) / sizeof (wchar_t))
> + __glibc_objsize (__dest) / sizeof (wchar_t));
> + if (__n > __glibc_objsize (__dest) / sizeof (wchar_t))
> return __wcsncpy_chk_warn (__dest, __src, __n,
> - __bos (__dest) / sizeof (wchar_t));
> + (__glibc_objsize (__dest)
> + / sizeof (wchar_t)));
> }
> return __wcsncpy_alias (__dest, __src, __n);
> }
> @@ -222,14 +228,15 @@ __fortify_function wchar_t *
> __NTH (wcpncpy (wchar_t *__restrict __dest, const wchar_t *__restrict __src,
> size_t __n))
> {
> - if (__bos (__dest) != (size_t) -1)
> + if (__glibc_objsize (__dest) != (size_t) -1)
> {
> if (!__builtin_constant_p (__n))
> return __wcpncpy_chk (__dest, __src, __n,
> - __bos (__dest) / sizeof (wchar_t));
> - if (__n > __bos (__dest) / sizeof (wchar_t))
> + __glibc_objsize (__dest) / sizeof (wchar_t));
> + if (__n > __glibc_objsize (__dest) / sizeof (wchar_t))
> return __wcpncpy_chk_warn (__dest, __src, __n,
> - __bos (__dest) / sizeof (wchar_t));
> + (__glibc_objsize (__dest)
> + / sizeof (wchar_t)));
> }
> return __wcpncpy_alias (__dest, __src, __n);
> }
> @@ -245,8 +252,9 @@ extern wchar_t *__REDIRECT_NTH (__wcscat_alias,
> __fortify_function wchar_t *
> __NTH (wcscat (wchar_t *__restrict __dest, const wchar_t *__restrict __src))
> {
> - if (__bos (__dest) != (size_t) -1)
> - return __wcscat_chk (__dest, __src, __bos (__dest) / sizeof (wchar_t));
> + if (__glibc_objsize (__dest) != (size_t) -1)
> + return __wcscat_chk (__dest, __src,
> + __glibc_objsize (__dest) / sizeof (wchar_t));
> return __wcscat_alias (__dest, __src);
> }
>
> @@ -263,9 +271,9 @@ __fortify_function wchar_t *
> __NTH (wcsncat (wchar_t *__restrict __dest, const wchar_t *__restrict __src,
> size_t __n))
> {
> - if (__bos (__dest) != (size_t) -1)
> + if (__glibc_objsize (__dest) != (size_t) -1)
> return __wcsncat_chk (__dest, __src, __n,
> - __bos (__dest) / sizeof (wchar_t));
> + __glibc_objsize (__dest) / sizeof (wchar_t));
> return __wcsncat_alias (__dest, __src, __n);
> }
>
> @@ -285,18 +293,18 @@ __fortify_function int
> __NTH (swprintf (wchar_t *__restrict __s, size_t __n,
> const wchar_t *__restrict __fmt, ...))
> {
> - if (__bos (__s) != (size_t) -1 || __USE_FORTIFY_LEVEL > 1)
> + if (__glibc_objsize (__s) != (size_t) -1 || __USE_FORTIFY_LEVEL > 1)
> return __swprintf_chk (__s, __n, __USE_FORTIFY_LEVEL - 1,
> - __bos (__s) / sizeof (wchar_t),
> + __glibc_objsize (__s) / sizeof (wchar_t),
> __fmt, __va_arg_pack ());
> return __swprintf_alias (__s, __n, __fmt, __va_arg_pack ());
> }
> #elif !defined __cplusplus
> /* XXX We might want to have support in gcc for swprintf. */
> # define swprintf(s, n, ...) \
> - (__bos (s) != (size_t) -1 || __USE_FORTIFY_LEVEL > 1 \
> + (__glibc_objsize (s) != (size_t) -1 || __USE_FORTIFY_LEVEL > 1 \
> ? __swprintf_chk (s, n, __USE_FORTIFY_LEVEL - 1, \
> - __bos (s) / sizeof (wchar_t), __VA_ARGS__) \
> + __glibc_objsize (s) / sizeof (wchar_t), __VA_ARGS__) \
> : swprintf (s, n, __VA_ARGS__))
> #endif
>
> @@ -315,9 +323,10 @@ __fortify_function int
> __NTH (vswprintf (wchar_t *__restrict __s, size_t __n,
> const wchar_t *__restrict __fmt, __gnuc_va_list __ap))
> {
> - if (__bos (__s) != (size_t) -1 || __USE_FORTIFY_LEVEL > 1)
> + if (__glibc_objsize (__s) != (size_t) -1 || __USE_FORTIFY_LEVEL > 1)
> return __vswprintf_chk (__s, __n, __USE_FORTIFY_LEVEL - 1,
> - __bos (__s) / sizeof (wchar_t), __fmt, __ap);
> + __glibc_objsize (__s) / sizeof (wchar_t), __fmt,
> + __ap);
> return __vswprintf_alias (__s, __n, __fmt, __ap);
> }
>
> @@ -383,14 +392,15 @@ extern wchar_t *__REDIRECT (__fgetws_chk_warn,
> __fortify_function __wur wchar_t *
> fgetws (wchar_t *__restrict __s, int __n, __FILE *__restrict __stream)
> {
> - if (__bos (__s) != (size_t) -1)
> + if (__glibc_objsize (__s) != (size_t) -1)
> {
> if (!__builtin_constant_p (__n) || __n <= 0)
> - return __fgetws_chk (__s, __bos (__s) / sizeof (wchar_t),
> + return __fgetws_chk (__s, __glibc_objsize (__s) / sizeof (wchar_t),
> __n, __stream);
>
> - if ((size_t) __n > __bos (__s) / sizeof (wchar_t))
> - return __fgetws_chk_warn (__s, __bos (__s) / sizeof (wchar_t),
> + if ((size_t) __n > __glibc_objsize (__s) / sizeof (wchar_t))
> + return __fgetws_chk_warn (__s,
> + __glibc_objsize (__s) / sizeof (wchar_t),
> __n, __stream);
> }
> return __fgetws_alias (__s, __n, __stream);
> @@ -414,14 +424,17 @@ extern wchar_t *__REDIRECT (__fgetws_unlocked_chk_warn,
> __fortify_function __wur wchar_t *
> fgetws_unlocked (wchar_t *__restrict __s, int __n, __FILE *__restrict __stream)
> {
> - if (__bos (__s) != (size_t) -1)
> + if (__glibc_objsize (__s) != (size_t) -1)
> {
> if (!__builtin_constant_p (__n) || __n <= 0)
> - return __fgetws_unlocked_chk (__s, __bos (__s) / sizeof (wchar_t),
> + return __fgetws_unlocked_chk (__s,
> + __glibc_objsize (__s) / sizeof (wchar_t),
> __n, __stream);
>
> - if ((size_t) __n > __bos (__s) / sizeof (wchar_t))
> - return __fgetws_unlocked_chk_warn (__s, __bos (__s) / sizeof (wchar_t),
> + if ((size_t) __n > __glibc_objsize (__s) / sizeof (wchar_t))
> + return __fgetws_unlocked_chk_warn (__s,
> + (__glibc_objsize (__s)
> + / sizeof (wchar_t)),
> __n, __stream);
> }
> return __fgetws_unlocked_alias (__s, __n, __stream);
> @@ -447,8 +460,9 @@ __NTH (wcrtomb (char *__restrict __s, wchar_t __wchar,
> #if defined MB_LEN_MAX && MB_LEN_MAX != __WCHAR_MB_LEN_MAX
> # error "Assumed value of MB_LEN_MAX wrong"
> #endif
> - if (__bos (__s) != (size_t) -1 && __WCHAR_MB_LEN_MAX > __bos (__s))
> - return __wcrtomb_chk (__s, __wchar, __ps, __bos (__s));
> + if (__glibc_objsize (__s) != (size_t) -1
> + && __WCHAR_MB_LEN_MAX > __glibc_objsize (__s))
> + return __wcrtomb_chk (__s, __wchar, __ps, __glibc_objsize (__s));
> return __wcrtomb_alias (__s, __wchar, __ps);
> }
>
> @@ -474,15 +488,16 @@ __fortify_function size_t
> __NTH (mbsrtowcs (wchar_t *__restrict __dst, const char **__restrict __src,
> size_t __len, mbstate_t *__restrict __ps))
> {
> - if (__bos (__dst) != (size_t) -1)
> + if (__glibc_objsize (__dst) != (size_t) -1)
> {
> if (!__builtin_constant_p (__len))
> return __mbsrtowcs_chk (__dst, __src, __len, __ps,
> - __bos (__dst) / sizeof (wchar_t));
> + __glibc_objsize (__dst) / sizeof (wchar_t));
>
> - if (__len > __bos (__dst) / sizeof (wchar_t))
> + if (__len > __glibc_objsize (__dst) / sizeof (wchar_t))
> return __mbsrtowcs_chk_warn (__dst, __src, __len, __ps,
> - __bos (__dst) / sizeof (wchar_t));
> + (__glibc_objsize (__dst)
> + / sizeof (wchar_t)));
> }
> return __mbsrtowcs_alias (__dst, __src, __len, __ps);
> }
> @@ -508,13 +523,15 @@ __fortify_function size_t
> __NTH (wcsrtombs (char *__restrict __dst, const wchar_t **__restrict __src,
> size_t __len, mbstate_t *__restrict __ps))
> {
> - if (__bos (__dst) != (size_t) -1)
> + if (__glibc_objsize (__dst) != (size_t) -1)
> {
> if (!__builtin_constant_p (__len))
> - return __wcsrtombs_chk (__dst, __src, __len, __ps, __bos (__dst));
> + return __wcsrtombs_chk (__dst, __src, __len, __ps,
> + __glibc_objsize (__dst));
>
> - if (__len > __bos (__dst))
> - return __wcsrtombs_chk_warn (__dst, __src, __len, __ps, __bos (__dst));
> + if (__len > __glibc_objsize (__dst))
> + return __wcsrtombs_chk_warn (__dst, __src, __len, __ps,
> + __glibc_objsize (__dst));
> }
> return __wcsrtombs_alias (__dst, __src, __len, __ps);
> }
> @@ -542,15 +559,16 @@ __fortify_function size_t
> __NTH (mbsnrtowcs (wchar_t *__restrict __dst, const char **__restrict __src,
> size_t __nmc, size_t __len, mbstate_t *__restrict __ps))
> {
> - if (__bos (__dst) != (size_t) -1)
> + if (__glibc_objsize (__dst) != (size_t) -1)
> {
> if (!__builtin_constant_p (__len))
> return __mbsnrtowcs_chk (__dst, __src, __nmc, __len, __ps,
> - __bos (__dst) / sizeof (wchar_t));
> + __glibc_objsize (__dst) / sizeof (wchar_t));
>
> - if (__len > __bos (__dst) / sizeof (wchar_t))
> + if (__len > __glibc_objsize (__dst) / sizeof (wchar_t))
> return __mbsnrtowcs_chk_warn (__dst, __src, __nmc, __len, __ps,
> - __bos (__dst) / sizeof (wchar_t));
> + (__glibc_objsize (__dst)
> + / sizeof (wchar_t)));
> }
> return __mbsnrtowcs_alias (__dst, __src, __nmc, __len, __ps);
> }
> @@ -578,15 +596,15 @@ __fortify_function size_t
> __NTH (wcsnrtombs (char *__restrict __dst, const wchar_t **__restrict __src,
> size_t __nwc, size_t __len, mbstate_t *__restrict __ps))
> {
> - if (__bos (__dst) != (size_t) -1)
> + if (__glibc_objsize (__dst) != (size_t) -1)
> {
> if (!__builtin_constant_p (__len))
> return __wcsnrtombs_chk (__dst, __src, __nwc, __len, __ps,
> - __bos (__dst));
> + __glibc_objsize (__dst));
>
> - if (__len > __bos (__dst))
> + if (__len > __glibc_objsize (__dst))
> return __wcsnrtombs_chk_warn (__dst, __src, __nwc, __len, __ps,
> - __bos (__dst));
> + __glibc_objsize (__dst));
> }
> return __wcsnrtombs_alias (__dst, __src, __nwc, __len, __ps);
> }
>
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [PATCH v7 1/4] Warn on unsupported fortification levels
2020-12-31 10:45 ` Adhemerval Zanella via Libc-alpha
@ 2020-12-31 11:28 ` Siddhesh Poyarekar via Libc-alpha
0 siblings, 0 replies; 10+ messages in thread
From: Siddhesh Poyarekar via Libc-alpha @ 2020-12-31 11:28 UTC (permalink / raw
To: Adhemerval Zanella, libc-alpha; +Cc: fweimer, jakub
On 12/31/20 4:15 PM, Adhemerval Zanella wrote:
>
>
> On 30/12/2020 03:43, Siddhesh Poyarekar wrote:
>> Make the _FORTIFY_SOURCE macro soup in features.h warn about
>> unsupported fortification levels. For example, it will warn about
>> _FORTIFY_SOURCE=3 and over with an indication of which level has been
>> selected.
>>
>> Co-authored-by: Paul Eggert <eggert@cs.ucla.edu>
>
> LGTM, although I think the NEWS entry should move to the second patch.
>
Oops, yes. I've moved the creatures.texi as well as NEWS content to 2/4
before commit.
Thanks,
Siddhesh
^ permalink raw reply [flat|nested] 10+ messages in thread
end of thread, other threads:[~2020-12-31 11:28 UTC | newest]
Thread overview: 10+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2020-12-30 6:43 [PATCH v7 0/4] _FORTIFY_SOURCE=3 Siddhesh Poyarekar via Libc-alpha
2020-12-30 6:43 ` [PATCH v7 1/4] Warn on unsupported fortification levels Siddhesh Poyarekar via Libc-alpha
2020-12-31 10:45 ` Adhemerval Zanella via Libc-alpha
2020-12-31 11:28 ` Siddhesh Poyarekar via Libc-alpha
2020-12-30 6:43 ` [PATCH v7 2/4] Introduce _FORTIFY_SOURCE=3 Siddhesh Poyarekar via Libc-alpha
2020-12-31 10:47 ` Adhemerval Zanella via Libc-alpha
2020-12-30 6:43 ` [PATCH v7 3/4] string: Enable __FORTIFY_LEVEL=3 Siddhesh Poyarekar via Libc-alpha
2020-12-31 10:48 ` Adhemerval Zanella via Libc-alpha
2020-12-30 6:43 ` [PATCH v7 4/4] nonstring: " Siddhesh Poyarekar via Libc-alpha
2020-12-31 10:50 ` Adhemerval Zanella via Libc-alpha
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).