summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorKhem Raj <raj.khem@gmail.com>2020-01-26 11:27:44 -0800
committerRichard Purdie <richard.purdie@linuxfoundation.org>2020-01-27 16:48:09 +0000
commit5b5b17549ea3a9de775da6cd791181d2687186cd (patch)
tree899270fa2cbb4606c22dbbee59817675d2ec1f3f
parent81437a813ff18ac95cb5fdcc7e40dd9a98678707 (diff)
downloadpoky-5b5b17549ea3a9de775da6cd791181d2687186cd.tar.gz
glibc: Drop fortify refactoring patch
This helps clang to do a better job with fortify on but it is better suited for clang layer (From OE-Core rev: c4ea8d76db37f21c034d610bfe4e53596e662bb8) Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rw-r--r--meta/recipes-core/glibc/glibc/0030-Refactor-FORTIFY-in-glibc.patch2780
-rw-r--r--meta/recipes-core/glibc/glibc_2.31.bb1
2 files changed, 0 insertions, 2781 deletions
diff --git a/meta/recipes-core/glibc/glibc/0030-Refactor-FORTIFY-in-glibc.patch b/meta/recipes-core/glibc/glibc/0030-Refactor-FORTIFY-in-glibc.patch
deleted file mode 100644
index 7fe71ad92f..0000000000
--- a/meta/recipes-core/glibc/glibc/0030-Refactor-FORTIFY-in-glibc.patch
+++ /dev/null
@@ -1,2780 +0,0 @@
1From fecfc4050ce075e543fb1cf19d6d1da481260b95 Mon Sep 17 00:00:00 2001
2From: George Burgess IV <gbiv@google.com>
3Date: Sat, 11 Jan 2020 10:33:19 -0800
4Subject: [PATCH] Refactor FORTIFY in glibc
5
6Upstream-Status: Submitted [https://sourceware.org/ml/libc-alpha/2017-09/msg00434.html]
7
8Signed-off-by: George Burgess IV <gbiv@google.com>
9Signed-off-by: Khem Raj <raj.khem@gmail.com>
10---
11 io/bits/fcntl2.h | 125 ++++++--
12 io/bits/poll2.h | 54 ++--
13 io/fcntl.h | 2 +-
14 libio/bits/stdio2.h | 303 +++++++++++---------
15 misc/bits/syslog.h | 38 ++-
16 misc/sys/cdefs.h | 164 ++++++++++-
17 posix/bits/unistd.h | 366 ++++++++++--------------
18 rt/bits/mqueue2.h | 44 ++-
19 rt/mqueue.h | 2 +-
20 socket/bits/socket2.h | 56 ++--
21 stdlib/bits/stdlib.h | 117 ++++----
22 string/bits/string_fortified.h | 136 ++++++---
23 string/bits/strings_fortified.h | 36 ++-
24 wcsmbs/bits/wchar2.h | 487 ++++++++++++++------------------
25 14 files changed, 1093 insertions(+), 837 deletions(-)
26
27diff --git a/io/bits/fcntl2.h b/io/bits/fcntl2.h
28index 85b922dab8..04cc377040 100644
29--- a/io/bits/fcntl2.h
30+++ b/io/bits/fcntl2.h
31@@ -32,10 +32,28 @@ extern int __REDIRECT (__open_2, (const char *__path, int __oflag),
32 extern int __REDIRECT (__open_alias, (const char *__path, int __oflag, ...),
33 open64) __nonnull ((1));
34 #endif
35-__errordecl (__open_too_many_args,
36- "open can be called either with 2 or 3 arguments, not more");
37-__errordecl (__open_missing_mode,
38- "open with O_CREAT or O_TMPFILE in second argument needs 3 arguments");
39+
40+#define __warn_open_too_many_args \
41+ "open can be called either with 2 or 3 arguments, not more"
42+#define __warn_open_missing_mode \
43+ "open with O_CREAT in second argument needs 3 arguments"
44+#ifdef __use_clang_fortify
45+__fortify_overload __clang_prefer_this_overload int
46+open (const char *const __clang_pass_object_size __path, int __oflag)
47+ __clang_error_if (__OPEN_NEEDS_MODE (__oflag), __warn_open_missing_mode)
48+{
49+ return __open_2 (__path, __oflag);
50+}
51+
52+__fortify_overload int
53+open (const char *const __clang_pass_object_size __path, int __oflag,
54+ mode_t __mode)
55+{
56+ return __open_alias (__path, __oflag, __mode);
57+}
58+#else
59+__errordecl (__open_too_many_args, __warn_open_too_many_args);
60+__errordecl (__open_missing_mode, __warn_open_missing_mode);
61
62 __fortify_function int
63 open (const char *__path, int __oflag, ...)
64@@ -58,16 +76,37 @@ open (const char *__path, int __oflag, ...)
65
66 return __open_alias (__path, __oflag, __va_arg_pack ());
67 }
68+#endif
69+#undef __warn_open_too_many_args
70+#undef __warn_open_missing_mode
71
72
73 #ifdef __USE_LARGEFILE64
74 extern int __open64_2 (const char *__path, int __oflag) __nonnull ((1));
75 extern int __REDIRECT (__open64_alias, (const char *__path, int __oflag,
76 ...), open64) __nonnull ((1));
77-__errordecl (__open64_too_many_args,
78- "open64 can be called either with 2 or 3 arguments, not more");
79-__errordecl (__open64_missing_mode,
80- "open64 with O_CREAT or O_TMPFILE in second argument needs 3 arguments");
81+
82+# define __warn_open64_too_many_args \
83+ "open64 can be called either with 2 or 3 arguments, not more"
84+# define __warn_open64_missing_mode \
85+ "open64 with O_CREAT in second argument needs 3 arguments"
86+# ifdef __use_clang_fortify
87+__fortify_overload __clang_prefer_this_overload int
88+open64 (const char *const __clang_pass_object_size __path, int __oflag)
89+ __clang_error_if (__OPEN_NEEDS_MODE (__oflag), __warn_open64_missing_mode)
90+{
91+ return __open64_2 (__path, __oflag);
92+}
93+
94+__fortify_overload __clang_prefer_this_overload int
95+open64 (const char *const __clang_pass_object_size __path, int __oflag,
96+ int __mode)
97+{
98+ return __open64_alias (__path, __oflag, __mode);
99+}
100+# else
101+__errordecl (__open64_too_many_args, __warn_open64_too_many_args);
102+__errordecl (__open64_missing_mode, __warn_open64_missing_mode);
103
104 __fortify_function int
105 open64 (const char *__path, int __oflag, ...)
106@@ -90,6 +129,9 @@ open64 (const char *__path, int __oflag, ...)
107
108 return __open64_alias (__path, __oflag, __va_arg_pack ());
109 }
110+# endif
111+# undef __warn_open64_too_many_args
112+# undef __warn_open64_missing_mode
113 #endif
114
115
116@@ -108,10 +150,32 @@ extern int __REDIRECT (__openat_alias, (int __fd, const char *__path,
117 int __oflag, ...), openat64)
118 __nonnull ((2));
119 # endif
120-__errordecl (__openat_too_many_args,
121- "openat can be called either with 3 or 4 arguments, not more");
122-__errordecl (__openat_missing_mode,
123- "openat with O_CREAT or O_TMPFILE in third argument needs 4 arguments");
124+
125+# define __warn_openat_too_many_args "openat can be called either with 3 or " \
126+ "4 arguments, not more"
127+# define __warn_openat_missing_mode "openat with O_CREAT in third argument " \
128+ "needs 4 arguments"
129+# ifdef __use_clang_fortify
130+__fortify_error_function __clang_error (__warn_openat_too_many_args) int
131+openat (int __fd, const char *__path, int __oflag, int __mode, ...);
132+
133+__fortify_overload __clang_prefer_this_overload int
134+openat (int __fd, const char *const __clang_pass_object_size __path,
135+ int __oflag)
136+ __clang_error_if (__OPEN_NEEDS_MODE (__oflag), __warn_openat_missing_mode)
137+{
138+ return __openat_2 (__fd, __path, __oflag);
139+}
140+
141+__fortify_overload __clang_prefer_this_overload int
142+openat (int __fd, const char *const __clang_pass_object_size __path,
143+ int __oflag, int __mode)
144+{
145+ return __openat_alias (__fd, __path, __oflag, __mode);
146+}
147+# else
148+__errordecl (__openat_too_many_args, __warn_openat_too_many_args);
149+__errordecl (__openat_missing_mode, __warn_openat_missing_mode);
150
151 __fortify_function int
152 openat (int __fd, const char *__path, int __oflag, ...)
153@@ -134,6 +198,9 @@ openat (int __fd, const char *__path, int __oflag, ...)
154
155 return __openat_alias (__fd, __path, __oflag, __va_arg_pack ());
156 }
157+# endif
158+# undef __warn_openat_too_many_args
159+# undef __warn_openat_missing_mode
160
161
162 # ifdef __USE_LARGEFILE64
163@@ -142,11 +209,34 @@ extern int __openat64_2 (int __fd, const char *__path, int __oflag)
164 extern int __REDIRECT (__openat64_alias, (int __fd, const char *__path,
165 int __oflag, ...), openat64)
166 __nonnull ((2));
167-__errordecl (__openat64_too_many_args,
168- "openat64 can be called either with 3 or 4 arguments, not more");
169-__errordecl (__openat64_missing_mode,
170- "openat64 with O_CREAT or O_TMPFILE in third argument needs 4 arguments");
171
172+# define __warn_openat64_too_many_args "openat64 can be called either with " \
173+ "3 or 4 arguments, not more"
174+# define __warn_openat64_missing_mode "openat64 with O_CREAT in third " \
175+ "argument needs 4 arguments"
176+
177+# ifdef __use_clang_fortify
178+__fortify_error_function __clang_error (__warn_openat64_too_many_args) int
179+openat64 (int __fd, const char *__path, int __oflag, int __mode, ...);
180+
181+__fortify_overload __clang_prefer_this_overload int
182+openat64 (int __fd, const char *const __clang_pass_object_size __path,
183+ int __oflag)
184+ __clang_error_if (__OPEN_NEEDS_MODE (__oflag),
185+ __warn_openat64_missing_mode)
186+{
187+ return __openat64_2 (__fd, __path, __oflag);
188+}
189+
190+__fortify_overload __clang_prefer_this_overload int
191+openat64 (int __fd, const char *const __clang_pass_object_size __path,
192+ int __oflag, int __mode)
193+{
194+ return __openat64_alias (__fd, __path, __oflag, __mode);
195+}
196+# else
197+__errordecl (__openat64_too_many_args, __warn_openat64_too_many_args);
198+__errordecl (__openat64_missing_mode, __warn_openat64_missing_mode);
199 __fortify_function int
200 openat64 (int __fd, const char *__path, int __oflag, ...)
201 {
202@@ -168,5 +258,8 @@ openat64 (int __fd, const char *__path, int __oflag, ...)
203
204 return __openat64_alias (__fd, __path, __oflag, __va_arg_pack ());
205 }
206+# endif
207+# undef __warn_openat64_too_many_args
208+# undef __warn_openat64_missing_mode
209 # endif
210 #endif
211diff --git a/io/bits/poll2.h b/io/bits/poll2.h
212index dca49717db..cc149711af 100644
213--- a/io/bits/poll2.h
214+++ b/io/bits/poll2.h
215@@ -27,25 +27,20 @@ extern int __REDIRECT (__poll_alias, (struct pollfd *__fds, nfds_t __nfds,
216 int __timeout), poll);
217 extern int __poll_chk (struct pollfd *__fds, nfds_t __nfds, int __timeout,
218 __SIZE_TYPE__ __fdslen);
219-extern int __REDIRECT (__poll_chk_warn, (struct pollfd *__fds, nfds_t __nfds,
220- int __timeout, __SIZE_TYPE__ __fdslen),
221- __poll_chk)
222- __warnattr ("poll called with fds buffer too small file nfds entries");
223
224-__fortify_function int
225-poll (struct pollfd *__fds, nfds_t __nfds, int __timeout)
226+__fortify_potential_overload int
227+poll (struct pollfd *const __clang_pass_object_size __fds, nfds_t __nfds,
228+ int __timeout)
229+__FORTIFY_PRECONDITIONS
230+ __FORTIFY_WARNING_ONLY_IF_BOS_LT2 (__poll_warn, __nfds, __fds,
231+ sizeof (*__fds),
232+ "poll called with fds buffer too small")
233 {
234- if (__bos (__fds) != (__SIZE_TYPE__) -1)
235- {
236- if (! __builtin_constant_p (__nfds))
237- return __poll_chk (__fds, __nfds, __timeout, __bos (__fds));
238- else if (__bos (__fds) / sizeof (*__fds) < __nfds)
239- return __poll_chk_warn (__fds, __nfds, __timeout, __bos (__fds));
240- }
241-
242+ if (__FORTIFY_CALL_CHK && __bos (__fds) != (__SIZE_TYPE__) -1)
243+ return __poll_chk (__fds, __nfds, __timeout, __bos (__fds));
244 return __poll_alias (__fds, __nfds, __timeout);
245 }
246-
247+__FORTIFY_FUNCTION_END
248
249 #ifdef __USE_GNU
250 extern int __REDIRECT (__ppoll_alias, (struct pollfd *__fds, nfds_t __nfds,
251@@ -54,28 +49,21 @@ extern int __REDIRECT (__ppoll_alias, (struct pollfd *__fds, nfds_t __nfds,
252 extern int __ppoll_chk (struct pollfd *__fds, nfds_t __nfds,
253 const struct timespec *__timeout,
254 const __sigset_t *__ss, __SIZE_TYPE__ __fdslen);
255-extern int __REDIRECT (__ppoll_chk_warn, (struct pollfd *__fds, nfds_t __nfds,
256- const struct timespec *__timeout,
257- const __sigset_t *__ss,
258- __SIZE_TYPE__ __fdslen),
259- __ppoll_chk)
260- __warnattr ("ppoll called with fds buffer too small file nfds entries");
261
262-__fortify_function int
263-ppoll (struct pollfd *__fds, nfds_t __nfds, const struct timespec *__timeout,
264- const __sigset_t *__ss)
265+__fortify_potential_overload int
266+ppoll (struct pollfd *const __clang_pass_object_size __fds, nfds_t __nfds,
267+ const struct timespec *__timeout, const __sigset_t *__ss)
268+__FORTIFY_PRECONDITIONS
269+ __FORTIFY_WARNING_ONLY_IF_BOS_LT2 (__ppoll_warn, __nfds, __fds,
270+ sizeof (*__fds),
271+ "ppoll called with fds buffer too "
272+ "small file nfds entries")
273 {
274- if (__bos (__fds) != (__SIZE_TYPE__) -1)
275- {
276- if (! __builtin_constant_p (__nfds))
277- return __ppoll_chk (__fds, __nfds, __timeout, __ss, __bos (__fds));
278- else if (__bos (__fds) / sizeof (*__fds) < __nfds)
279- return __ppoll_chk_warn (__fds, __nfds, __timeout, __ss,
280- __bos (__fds));
281- }
282-
283+ if (__FORTIFY_CALL_CHK && __bos (__fds) != (__SIZE_TYPE__) -1)
284+ return __ppoll_chk (__fds, __nfds, __timeout, __ss, __bos (__fds));
285 return __ppoll_alias (__fds, __nfds, __timeout, __ss);
286 }
287+__FORTIFY_FUNCTION_END
288 #endif
289
290 __END_DECLS
291diff --git a/io/fcntl.h b/io/fcntl.h
292index 21b60c264d..83f2c8e117 100644
293--- a/io/fcntl.h
294+++ b/io/fcntl.h
295@@ -325,7 +325,7 @@ extern int posix_fallocate64 (int __fd, off64_t __offset, off64_t __len);
296
297 /* Define some inlines helping to catch common problems. */
298 #if __USE_FORTIFY_LEVEL > 0 && defined __fortify_function \
299- && defined __va_arg_pack_len
300+ && (defined __va_arg_pack_len || defined __use_clang_fortify)
301 # include <bits/fcntl2.h>
302 #endif
303
304diff --git a/libio/bits/stdio2.h b/libio/bits/stdio2.h
305index 60bc81735e..1338f418ba 100644
306--- a/libio/bits/stdio2.h
307+++ b/libio/bits/stdio2.h
308@@ -29,12 +29,23 @@ extern int __vsprintf_chk (char *__restrict __s, int __flag, size_t __slen,
309 const char *__restrict __format,
310 __gnuc_va_list __ap) __THROW;
311
312-#ifdef __va_arg_pack
313-__fortify_function int
314-__NTH (sprintf (char *__restrict __s, const char *__restrict __fmt, ...))
315+#define __mul_may_overflow(size, n) \
316+ ((size | n) >= (((size_t)1) << (8 * sizeof (size_t) / 2)))
317+
318+#ifdef __FORTIFY_ARG_PACK_OK
319+/* clang doesn't have __va_arg_pack, so we need to defer to the va_arg versions
320+ of these functions. */
321+__fortify_potential_overload int
322+__NTH (sprintf (char *__restrict const __clang_pass_object_size __s,
323+ const char *__restrict __fmt, ...))
324 {
325- return __builtin___sprintf_chk (__s, __USE_FORTIFY_LEVEL - 1,
326- __bos (__s), __fmt, __va_arg_pack ());
327+ __FORTIFY_INIT_ARG_PACK(__fmt);
328+ int __result = __FORTIFY_CALL_VA_BUILTIN (sprintf, __s,
329+ __USE_FORTIFY_LEVEL - 1,
330+ __bos (__s), __fmt,
331+ __FORTIFY_ARG_PACK);
332+ __FORTIFY_FREE_ARG_PACK();
333+ return __result;
334 }
335 #elif !defined __cplusplus
336 # define sprintf(str, ...) \
337@@ -42,9 +53,9 @@ __NTH (sprintf (char *__restrict __s, const char *__restrict __fmt, ...))
338 __VA_ARGS__)
339 #endif
340
341-__fortify_function int
342-__NTH (vsprintf (char *__restrict __s, const char *__restrict __fmt,
343- __gnuc_va_list __ap))
344+__fortify_potential_overload int
345+__NTH (vsprintf (char *__restrict const __clang_pass_object_size __s,
346+ const char *__restrict __fmt, __gnuc_va_list __ap))
347 {
348 return __builtin___vsprintf_chk (__s, __USE_FORTIFY_LEVEL - 1,
349 __bos (__s), __fmt, __ap);
350@@ -59,13 +70,21 @@ extern int __vsnprintf_chk (char *__restrict __s, size_t __n, int __flag,
351 size_t __slen, const char *__restrict __format,
352 __gnuc_va_list __ap) __THROW;
353
354-# ifdef __va_arg_pack
355-__fortify_function int
356-__NTH (snprintf (char *__restrict __s, size_t __n,
357- const char *__restrict __fmt, ...))
358+# ifdef __FORTIFY_ARG_PACK_OK
359+__fortify_potential_overload __attribute__ ((__format__ (__printf__, 3, 4))) int
360+__NTH (snprintf (char *__restrict const __clang_pass_object_size __s,
361+ size_t __n, const char *__restrict __fmt, ...))
362+ /* GCC's builtin will catch this, so we just need to cover clang here. */
363+ __clang_warning_if (__bos_static_lt (__n, __s),
364+ "call to snprintf may overflow the destination buffer")
365 {
366- return __builtin___snprintf_chk (__s, __n, __USE_FORTIFY_LEVEL - 1,
367- __bos (__s), __fmt, __va_arg_pack ());
368+ __FORTIFY_INIT_ARG_PACK(__fmt);
369+ int __result = __FORTIFY_CALL_VA_BUILTIN (snprintf, __s, __n,
370+ __USE_FORTIFY_LEVEL - 1,
371+ __bos (__s), __fmt,
372+ __FORTIFY_ARG_PACK);
373+ __FORTIFY_FREE_ARG_PACK();
374+ return __result;
375 }
376 # elif !defined __cplusplus
377 # define snprintf(str, len, ...) \
378@@ -73,9 +92,12 @@ __NTH (snprintf (char *__restrict __s, size_t __n,
379 __VA_ARGS__)
380 # endif
381
382-__fortify_function int
383-__NTH (vsnprintf (char *__restrict __s, size_t __n,
384- const char *__restrict __fmt, __gnuc_va_list __ap))
385+__fortify_potential_overload __attribute__ ((__format__ (__printf__, 3, 0))) int
386+__NTH (vsnprintf (char *__restrict const __clang_pass_object_size __s,
387+ size_t __n, const char *__restrict __fmt, __gnuc_va_list __ap))
388+ __clang_warning_if (__bos_static_lt (__n, __s),
389+ "call to vsnprintf may overflow the destination "
390+ "buffer")
391 {
392 return __builtin___vsnprintf_chk (__s, __n, __USE_FORTIFY_LEVEL - 1,
393 __bos (__s), __fmt, __ap);
394@@ -93,18 +115,27 @@ extern int __vfprintf_chk (FILE *__restrict __stream, int __flag,
395 extern int __vprintf_chk (int __flag, const char *__restrict __format,
396 __gnuc_va_list __ap);
397
398-# ifdef __va_arg_pack
399-__fortify_function int
400-fprintf (FILE *__restrict __stream, const char *__restrict __fmt, ...)
401+# ifdef __FORTIFY_ARG_PACK_OK
402+__fortify_potential_overload __attribute__ ((__format__ (__printf__, 2, 3))) int
403+fprintf (FILE *__restrict const __clang_pass_object_size __stream,
404+ const char *__restrict __fmt, ...)
405 {
406- return __fprintf_chk (__stream, __USE_FORTIFY_LEVEL - 1, __fmt,
407- __va_arg_pack ());
408+ __FORTIFY_INIT_ARG_PACK(__fmt);
409+ int __result = __FORTIFY_CALL_VA_CHK (fprintf, __stream,
410+ __USE_FORTIFY_LEVEL - 1, __fmt,
411+ __FORTIFY_ARG_PACK);
412+ __FORTIFY_FREE_ARG_PACK();
413+ return __result;
414 }
415
416-__fortify_function int
417-printf (const char *__restrict __fmt, ...)
418+__fortify_potential_overload __attribute__ ((__format__ (__printf__, 1, 2))) int
419+printf (const char *__restrict const __clang_pass_object_size __fmt, ...)
420 {
421- return __printf_chk (__USE_FORTIFY_LEVEL - 1, __fmt, __va_arg_pack ());
422+ __FORTIFY_INIT_ARG_PACK(__fmt);
423+ int __result = __FORTIFY_CALL_VA_CHK (printf, __USE_FORTIFY_LEVEL - 1, __fmt,
424+ __FORTIFY_ARG_PACK);
425+ __FORTIFY_FREE_ARG_PACK();
426+ return __result;
427 }
428 # elif !defined __cplusplus
429 # define printf(...) \
430@@ -113,8 +144,9 @@ printf (const char *__restrict __fmt, ...)
431 __fprintf_chk (stream, __USE_FORTIFY_LEVEL - 1, __VA_ARGS__)
432 # endif
433
434-__fortify_function int
435-vprintf (const char *__restrict __fmt, __gnuc_va_list __ap)
436+__fortify_potential_overload __attribute__ ((__format__ (__printf__, 1, 0))) int
437+vprintf (const char *__restrict const __clang_pass_object_size __fmt,
438+ __gnuc_va_list __ap)
439 {
440 #ifdef __USE_EXTERN_INLINES
441 return __vfprintf_chk (stdout, __USE_FORTIFY_LEVEL - 1, __fmt, __ap);
442@@ -122,9 +154,8 @@ vprintf (const char *__restrict __fmt, __gnuc_va_list __ap)
443 return __vprintf_chk (__USE_FORTIFY_LEVEL - 1, __fmt, __ap);
444 #endif
445 }
446-
447-__fortify_function int
448-vfprintf (FILE *__restrict __stream,
449+__fortify_potential_overload __attribute__ ((__format__ (__printf__, 2, 0))) int
450+vfprintf (FILE *__restrict const __clang_pass_object_size __stream,
451 const char *__restrict __fmt, __gnuc_va_list __ap)
452 {
453 return __vfprintf_chk (__stream, __USE_FORTIFY_LEVEL - 1, __fmt, __ap);
454@@ -137,20 +168,26 @@ extern int __vdprintf_chk (int __fd, int __flag,
455 const char *__restrict __fmt, __gnuc_va_list __arg)
456 __attribute__ ((__format__ (__printf__, 3, 0)));
457
458-# ifdef __va_arg_pack
459-__fortify_function int
460-dprintf (int __fd, const char *__restrict __fmt, ...)
461+# ifdef __FORTIFY_ARG_PACK_OK
462+__fortify_potential_overload __attribute__ ((__format__ (__printf__, 2, 3))) int
463+dprintf (int __fd, const char *__restrict const __clang_pass_object_size __fmt,
464+ ...)
465 {
466- return __dprintf_chk (__fd, __USE_FORTIFY_LEVEL - 1, __fmt,
467- __va_arg_pack ());
468+ __FORTIFY_INIT_ARG_PACK(__fmt);
469+ int __result = __FORTIFY_CALL_VA_CHK (dprintf, __fd, __USE_FORTIFY_LEVEL - 1,
470+ __fmt, __FORTIFY_ARG_PACK);
471+ __FORTIFY_FREE_ARG_PACK();
472+ return __result;
473 }
474 # elif !defined __cplusplus
475 # define dprintf(fd, ...) \
476 __dprintf_chk (fd, __USE_FORTIFY_LEVEL - 1, __VA_ARGS__)
477 # endif
478
479-__fortify_function int
480-vdprintf (int __fd, const char *__restrict __fmt, __gnuc_va_list __ap)
481+__fortify_potential_overload __attribute__ ((__format__ (__printf__, 2, 0))) int
482+vdprintf (int __fd,
483+ const char *__restrict const __clang_pass_object_size __fmt,
484+ __gnuc_va_list __ap)
485 {
486 return __vdprintf_chk (__fd, __USE_FORTIFY_LEVEL - 1, __fmt, __ap);
487 }
488@@ -174,28 +211,49 @@ extern int __obstack_vprintf_chk (struct obstack *__restrict __obstack,
489 __gnuc_va_list __args)
490 __THROW __attribute__ ((__format__ (__printf__, 3, 0)));
491
492-# ifdef __va_arg_pack
493-__fortify_function int
494-__NTH (asprintf (char **__restrict __ptr, const char *__restrict __fmt, ...))
495+# ifdef __FORTIFY_ARG_PACK_OK
496+__fortify_potential_overload __attribute__ ((__format__ (__printf__, 2, 3)))
497+__wur int
498+__NTH (asprintf (char **__restrict const __clang_pass_object_size __ptr,
499+ const char *__restrict __fmt, ...))
500 {
501- return __asprintf_chk (__ptr, __USE_FORTIFY_LEVEL - 1, __fmt,
502- __va_arg_pack ());
503+ __FORTIFY_INIT_ARG_PACK(__fmt);
504+ int __result = __FORTIFY_CALL_VA_CHK (asprintf, __ptr,
505+ __USE_FORTIFY_LEVEL - 1, __fmt,
506+ __FORTIFY_ARG_PACK);
507+ __FORTIFY_FREE_ARG_PACK();
508+ return __result;
509 }
510
511-__fortify_function int
512-__NTH (__asprintf (char **__restrict __ptr, const char *__restrict __fmt,
513- ...))
514+__fortify_potential_overload __attribute__ ((__format__ (__printf__, 2, 3)))
515+__wur int
516+__NTH (__asprintf (char **__restrict const __clang_pass_object_size __ptr,
517+ const char *__restrict __fmt, ...))
518 {
519- return __asprintf_chk (__ptr, __USE_FORTIFY_LEVEL - 1, __fmt,
520- __va_arg_pack ());
521+ __FORTIFY_INIT_ARG_PACK(__fmt);
522+ int __result = __FORTIFY_CALL_VA_CHK (asprintf, __ptr,
523+ __USE_FORTIFY_LEVEL - 1, __fmt,
524+ __FORTIFY_ARG_PACK);
525+ __FORTIFY_FREE_ARG_PACK();
526+ return __result;
527 }
528
529-__fortify_function int
530-__NTH (obstack_printf (struct obstack *__restrict __obstack,
531+__fortify_potential_overload __attribute__ ((__format__ (__printf__, 2, 3))) int
532+__NTH (obstack_printf (struct obstack *
533+ __restrict const __clang_pass_object_size __obstack,
534 const char *__restrict __fmt, ...))
535 {
536- return __obstack_printf_chk (__obstack, __USE_FORTIFY_LEVEL - 1, __fmt,
537- __va_arg_pack ());
538+ __FORTIFY_INIT_ARG_PACK(__fmt);
539+ int __result =
540+# ifdef __use_clang_fortify
541+ __obstack_vprintf_chk
542+# else
543+ __obstack_printf_chk
544+# endif
545+ (__obstack, __USE_FORTIFY_LEVEL - 1, __fmt,
546+ __FORTIFY_ARG_PACK);
547+ __FORTIFY_FREE_ARG_PACK();
548+ return __result;
549 }
550 # elif !defined __cplusplus
551 # define asprintf(ptr, ...) \
552@@ -206,15 +264,17 @@ __NTH (obstack_printf (struct obstack *__restrict __obstack,
553 __obstack_printf_chk (obstack, __USE_FORTIFY_LEVEL - 1, __VA_ARGS__)
554 # endif
555
556-__fortify_function int
557-__NTH (vasprintf (char **__restrict __ptr, const char *__restrict __fmt,
558- __gnuc_va_list __ap))
559+__fortify_potential_overload __attribute__ ((__format__ (__printf__, 2, 0)))
560+__wur int
561+__NTH (vasprintf (char **__restrict const __clang_pass_object_size __ptr,
562+ const char *__restrict __fmt, __gnuc_va_list __ap))
563 {
564 return __vasprintf_chk (__ptr, __USE_FORTIFY_LEVEL - 1, __fmt, __ap);
565 }
566
567-__fortify_function int
568-__NTH (obstack_vprintf (struct obstack *__restrict __obstack,
569+__fortify_potential_overload __attribute__ ((__format__ (__printf__, 2, 0))) int
570+__NTH (obstack_vprintf (struct obstack *
571+ __restrict const __clang_pass_object_size __obstack,
572 const char *__restrict __fmt, __gnuc_va_list __ap))
573 {
574 return __obstack_vprintf_chk (__obstack, __USE_FORTIFY_LEVEL - 1, __fmt,
575@@ -227,17 +287,20 @@ __NTH (obstack_vprintf (struct obstack *__restrict __obstack,
576
577 #if __GLIBC_USE (DEPRECATED_GETS)
578 extern char *__gets_chk (char *__str, size_t) __wur;
579-extern char *__REDIRECT (__gets_warn, (char *__str), gets)
580- __wur __warnattr ("please use fgets or getline instead, gets can't "
581- "specify buffer size");
582-
583-__fortify_function __wur char *
584-gets (char *__str)
585+extern char *__REDIRECT_NTH (__gets_alias, (char *__buf), gets) __wur;
586+
587+__fortify_potential_overload __wur char *
588+gets (char *const __clang_pass_object_size __str)
589+__FORTIFY_PRECONDITIONS
590+ __FORTIFY_WARNING_IF (__gets_warn, __bos (__str) == (size_t) -1,
591+ "please use fgets or getline instead, gets can't "
592+ "specify buffer size")
593 {
594 if (__bos (__str) != (size_t) -1)
595 return __gets_chk (__str, __bos (__str));
596- return __gets_warn (__str);
597+ return __gets_alias (__str);
598 }
599+__FORTIFY_FUNCTION_END
600 #endif
601
602 extern char *__fgets_chk (char *__restrict __s, size_t __size, int __n,
603@@ -245,25 +308,20 @@ extern char *__fgets_chk (char *__restrict __s, size_t __size, int __n,
604 extern char *__REDIRECT (__fgets_alias,
605 (char *__restrict __s, int __n,
606 FILE *__restrict __stream), fgets) __wur;
607-extern char *__REDIRECT (__fgets_chk_warn,
608- (char *__restrict __s, size_t __size, int __n,
609- FILE *__restrict __stream), __fgets_chk)
610- __wur __warnattr ("fgets called with bigger size than length "
611- "of destination buffer");
612-
613-__fortify_function __wur char *
614-fgets (char *__restrict __s, int __n, FILE *__restrict __stream)
615+
616+__fortify_potential_overload __wur char *
617+fgets (char *__restrict const __clang_pass_object_size __s, int __n,
618+ FILE *__restrict __stream)
619+__FORTIFY_PRECONDITIONS
620+ __FORTIFY_WARNING_IF (__fgets_warn, __bos_static_lt (__n, __s) && __n > 0,
621+ "fgets called with bigger size than length of "
622+ "destination buffer")
623 {
624 if (__bos (__s) != (size_t) -1)
625- {
626- if (!__builtin_constant_p (__n) || __n <= 0)
627- return __fgets_chk (__s, __bos (__s), __n, __stream);
628-
629- if ((size_t) __n > __bos (__s))
630- return __fgets_chk_warn (__s, __bos (__s), __n, __stream);
631- }
632+ return __fgets_chk (__s, __bos (__s), __n, __stream);
633 return __fgets_alias (__s, __n, __stream);
634 }
635+__FORTIFY_FUNCTION_END
636
637 extern size_t __fread_chk (void *__restrict __ptr, size_t __ptrlen,
638 size_t __size, size_t __n,
639@@ -272,30 +330,21 @@ extern size_t __REDIRECT (__fread_alias,
640 (void *__restrict __ptr, size_t __size,
641 size_t __n, FILE *__restrict __stream),
642 fread) __wur;
643-extern size_t __REDIRECT (__fread_chk_warn,
644- (void *__restrict __ptr, size_t __ptrlen,
645- size_t __size, size_t __n,
646- FILE *__restrict __stream),
647- __fread_chk)
648- __wur __warnattr ("fread called with bigger size * nmemb than length "
649- "of destination buffer");
650
651-__fortify_function __wur size_t
652-fread (void *__restrict __ptr, size_t __size, size_t __n,
653- FILE *__restrict __stream)
654+__fortify_potential_overload __wur size_t
655+fread (void *__restrict const __clang_pass_object_size0 __ptr, size_t __size,
656+ size_t __n, FILE *__restrict __stream)
657+__FORTIFY_PRECONDITIONS
658+ __FORTIFY_WARNING_IF (__fread_warn, __bos0_static_lt (__size * __n, __ptr)
659+ && !__mul_may_overflow (__size, __n),
660+ "fread called with bigger size * nmemb than length "
661+ "of destination buffer")
662 {
663 if (__bos0 (__ptr) != (size_t) -1)
664- {
665- if (!__builtin_constant_p (__size)
666- || !__builtin_constant_p (__n)
667- || (__size | __n) >= (((size_t) 1) << (8 * sizeof (size_t) / 2)))
668- return __fread_chk (__ptr, __bos0 (__ptr), __size, __n, __stream);
669-
670- if (__size * __n > __bos0 (__ptr))
671- return __fread_chk_warn (__ptr, __bos0 (__ptr), __size, __n, __stream);
672- }
673+ return __fread_chk (__ptr, __bos0 (__ptr), __size, __n, __stream);
674 return __fread_alias (__ptr, __size, __n, __stream);
675 }
676+__FORTIFY_FUNCTION_END
677
678 #ifdef __USE_GNU
679 extern char *__fgets_unlocked_chk (char *__restrict __s, size_t __size,
680@@ -303,25 +352,21 @@ extern char *__fgets_unlocked_chk (char *__restrict __s, size_t __size,
681 extern char *__REDIRECT (__fgets_unlocked_alias,
682 (char *__restrict __s, int __n,
683 FILE *__restrict __stream), fgets_unlocked) __wur;
684-extern char *__REDIRECT (__fgets_unlocked_chk_warn,
685- (char *__restrict __s, size_t __size, int __n,
686- FILE *__restrict __stream), __fgets_unlocked_chk)
687- __wur __warnattr ("fgets_unlocked called with bigger size than length "
688- "of destination buffer");
689-
690-__fortify_function __wur char *
691-fgets_unlocked (char *__restrict __s, int __n, FILE *__restrict __stream)
692+
693+__fortify_potential_overload __wur char *
694+fgets_unlocked (char *__restrict const __clang_pass_object_size __s, int __n,
695+ FILE *__restrict __stream)
696+__FORTIFY_PRECONDITIONS
697+ __FORTIFY_WARNING_IF (__fgets_unlocked_warn,
698+ __bos_static_lt (__n, __s) && __n > 0,
699+ "fgets_unlocked called with bigger size than length "
700+ "of destination buffer")
701 {
702 if (__bos (__s) != (size_t) -1)
703- {
704- if (!__builtin_constant_p (__n) || __n <= 0)
705- return __fgets_unlocked_chk (__s, __bos (__s), __n, __stream);
706-
707- if ((size_t) __n > __bos (__s))
708- return __fgets_unlocked_chk_warn (__s, __bos (__s), __n, __stream);
709- }
710+ return __fgets_unlocked_chk (__s, __bos (__s), __n, __stream);
711 return __fgets_unlocked_alias (__s, __n, __stream);
712 }
713+__FORTIFY_FUNCTION_END
714 #endif
715
716 #ifdef __USE_MISC
717@@ -333,30 +378,19 @@ extern size_t __REDIRECT (__fread_unlocked_alias,
718 (void *__restrict __ptr, size_t __size,
719 size_t __n, FILE *__restrict __stream),
720 fread_unlocked) __wur;
721-extern size_t __REDIRECT (__fread_unlocked_chk_warn,
722- (void *__restrict __ptr, size_t __ptrlen,
723- size_t __size, size_t __n,
724- FILE *__restrict __stream),
725- __fread_unlocked_chk)
726- __wur __warnattr ("fread_unlocked called with bigger size * nmemb than "
727- "length of destination buffer");
728
729-__fortify_function __wur size_t
730-fread_unlocked (void *__restrict __ptr, size_t __size, size_t __n,
731- FILE *__restrict __stream)
732+__fortify_potential_overload __wur size_t
733+fread_unlocked (void *__restrict const __clang_pass_object_size0 __ptr,
734+ size_t __size, size_t __n, FILE *__restrict __stream)
735+__FORTIFY_PRECONDITIONS
736+ __FORTIFY_WARNING_IF (__fread_unlocked_warn,
737+ __bos0_static_lt (__size * __n, __ptr)
738+ && !__mul_may_overflow(__size, __n),
739+ "fread_unlocked called with bigger size * n than "
740+ "length of destination buffer")
741 {
742 if (__bos0 (__ptr) != (size_t) -1)
743- {
744- if (!__builtin_constant_p (__size)
745- || !__builtin_constant_p (__n)
746- || (__size | __n) >= (((size_t) 1) << (8 * sizeof (size_t) / 2)))
747- return __fread_unlocked_chk (__ptr, __bos0 (__ptr), __size, __n,
748- __stream);
749-
750- if (__size * __n > __bos0 (__ptr))
751- return __fread_unlocked_chk_warn (__ptr, __bos0 (__ptr), __size, __n,
752- __stream);
753- }
754+ return __fread_unlocked_chk (__ptr, __bos0 (__ptr), __size, __n, __stream);
755
756 # ifdef __USE_EXTERN_INLINES
757 if (__builtin_constant_p (__size)
758@@ -381,6 +415,7 @@ fread_unlocked (void *__restrict __ptr, size_t __size, size_t __n,
759 # endif
760 return __fread_unlocked_alias (__ptr, __size, __n, __stream);
761 }
762+__FORTIFY_FUNCTION_END
763 #endif
764-
765+#undef __mul_may_overflow
766 #endif /* bits/stdio2.h. */
767diff --git a/misc/bits/syslog.h b/misc/bits/syslog.h
768index 322192df21..68b90a5cb8 100644
769--- a/misc/bits/syslog.h
770+++ b/misc/bits/syslog.h
771@@ -20,11 +20,34 @@
772 # error "Never include <bits/syslog.h> directly; use <sys/syslog.h> instead."
773 #endif
774
775+#ifdef __USE_MISC
776+extern void __vsyslog_chk (int __pri, int __flag, const char *__fmt,
777+ __gnuc_va_list __ap)
778+ __attribute__ ((__format__ (__printf__, 3, 0)));
779+
780+__fortify_potential_overload __attribute__ ((__format__ (__printf__, 2, 0))) void
781+vsyslog (int __pri, const char *const __clang_pass_object_size __fmt,
782+ __gnuc_va_list __ap)
783+{
784+ __vsyslog_chk (__pri, __USE_FORTIFY_LEVEL - 1, __fmt, __ap);
785+}
786+#endif
787
788 extern void __syslog_chk (int __pri, int __flag, const char *__fmt, ...)
789 __attribute__ ((__format__ (__printf__, 3, 4)));
790
791-#ifdef __va_arg_pack
792+#if defined __use_clang_fortify && __USE_MISC
793+/* clang doesn't support __va_arg_pack, so this is only possible if we have
794+ vsyslog. */
795+__fortify_overload __attribute__ ((__format__ (__printf__, 2, 3))) void
796+syslog (int __pri, const char *const __clang_pass_object_size __fmt, ...)
797+{
798+ __gnuc_va_list __ap;
799+ va_start (__ap, __fmt);
800+ __vsyslog_chk (__pri, __USE_FORTIFY_LEVEL - 1, __fmt, __ap);
801+ va_end (__ap);
802+}
803+#elif defined __va_arg_pack
804 __fortify_function void
805 syslog (int __pri, const char *__fmt, ...)
806 {
807@@ -34,16 +57,3 @@ syslog (int __pri, const char *__fmt, ...)
808 # define syslog(pri, ...) \
809 __syslog_chk (pri, __USE_FORTIFY_LEVEL - 1, __VA_ARGS__)
810 #endif
811-
812-
813-#ifdef __USE_MISC
814-extern void __vsyslog_chk (int __pri, int __flag, const char *__fmt,
815- __gnuc_va_list __ap)
816- __attribute__ ((__format__ (__printf__, 3, 0)));
817-
818-__fortify_function void
819-vsyslog (int __pri, const char *__fmt, __gnuc_va_list __ap)
820-{
821- __vsyslog_chk (__pri, __USE_FORTIFY_LEVEL - 1, __fmt, __ap);
822-}
823-#endif
824diff --git a/misc/sys/cdefs.h b/misc/sys/cdefs.h
825index ff7144f3f3..a42ffd5d36 100644
826--- a/misc/sys/cdefs.h
827+++ b/misc/sys/cdefs.h
828@@ -118,11 +118,150 @@
829 # define __END_DECLS
830 #endif
831
832+#if defined __clang__ && defined __has_extension
833+# define __clang_has_extension(x) __has_extension (x)
834+#else
835+# define __clang_has_extension(x) 0
836+#endif
837
838 /* Fortify support. */
839-#define __bos(ptr) __builtin_object_size (ptr, __USE_FORTIFY_LEVEL > 1)
840+#define __fortify_function __extern_always_inline __attribute_artificial__
841+#if defined __clang__ && __USE_FORTIFY_LEVEL > 0 \
842+ && !defined _CLANG_FORTIFY_DISABLE \
843+ && __clang_has_extension(overloadable_unmarked)
844+# define __use_clang_fortify 1
845+/* Clang-style FORTIFY creates a different symbol for each FORTIFY'ed function,
846+ whereas GCC-style doesn't. Thus, GCC can assume that the FORTIFY'ed
847+ function is always available externally, but clang can't. */
848+# define __attribute_overloadable__ __attribute__ ((__overloadable__))
849+# define __attribute_transparent_overload__ \
850+ __attribute__ ((__overloadable__("transparent")))
851+# define __fortify_overload static __always_inline __attribute_overloadable__
852+/* For FORTIFY functions that exist only as decls. */
853+# define __fortify_error_function static __attribute_overloadable__
854+# define __clang_pass_object_size_n(n) __attribute__ ((pass_object_size (n)))
855+# define __clang_warning(what) __attribute__ ((deprecated(what)))
856+# define __clang_prefer_this_overload __attribute__ ((enable_if (1, "")))
857+# define __clang_warning_if(c, m) \
858+ __attribute__ ((__diagnose_if__ ((c), (m), "warning")))
859+# define __clang_error(what) __attribute__ ((unavailable(what)))
860+# define __clang_error_if(c, m) \
861+ __attribute__ ((__diagnose_if__ ((c), (m), "error")))
862+# define __fortify_potential_overload __fortify_overload
863+#else
864+# define __fortify_potential_overload __fortify_function
865+/* Some functions/decls can be shared between clang and non-clang FORTIFY.
866+ Turning these into nops makes that possible. */
867+# define __clang_pass_object_size_n(n)
868+# define __attribute_overloadable__
869+# define __bos_n(ptr, n) __builtin_object_size (ptr, n)
870+# define __clang_warning_if(c, m)
871+# define __clang_error_if(c, m)
872+#endif
873+
874+#define __bos_level (__USE_FORTIFY_LEVEL > 1)
875+#define __bos(ptr) __builtin_object_size (ptr, __bos_level)
876 #define __bos0(ptr) __builtin_object_size (ptr, 0)
877
878+#define __clang_pass_object_size0 __clang_pass_object_size_n (0)
879+#define __clang_pass_object_size __clang_pass_object_size_n (__bos_level)
880+
881+/* Some of these macros are awkwardly written, and more repetitive than they'd
882+ ideally need to be. This is because both clang and gcc will emit 'note's
883+ about where these warnings originate from. For every macro that's expanded,
884+ the user sees a note that ultimately doesn't matter to them... */
885+#ifdef __use_clang_fortify
886+# define __FORTIFY_PRECONDITIONS
887+# define __FORTIFY_FUNCTION_END
888+# define __FORTIFY_WARNING_IF(_, c, msg) __clang_warning_if(c, msg)
889+/* __builtin_constant_p isn't needed: this is only used in constructs that
890+ must be fully evaluated at compile-time. */
891+# define __bos_static_lt_impl(bos_val, n, s) \
892+ ((bos_val) != -1ULL && (n) > (bos_val) / (s))
893+# define __FORTIFY_CALL_CHK 1
894+
895+# define __FORTIFY_BOSN_ARGS(bos_fn, n, buf, div, complaint) \
896+ (__bos_static_lt_impl (bos_fn (buf), n, div)), (complaint), "warning"
897+
898+#define __FORTIFY_WARNING_ONLY_IF_BOS0_LT2(fn_name, n, buf, div, complaint) \
899+ __attribute__ ((__diagnose_if__ \
900+ (__FORTIFY_BOSN_ARGS (__bos0, n, buf, div, complaint))))
901+#define __FORTIFY_WARNING_ONLY_IF_BOS0_LT(fn_name, n, buf, complaint) \
902+ __attribute__ ((__diagnose_if__ \
903+ (__FORTIFY_BOSN_ARGS (__bos0, n, buf, 1, complaint))))
904+#define __FORTIFY_WARNING_ONLY_IF_BOS_LT2(fn_name, n, buf, div, complaint) \
905+ __attribute__ ((__diagnose_if__ \
906+ (__FORTIFY_BOSN_ARGS (__bos, n, buf, div, complaint))))
907+#define __FORTIFY_WARNING_ONLY_IF_BOS_LT(fn_name, n, buf, complaint) \
908+ __attribute__ ((__diagnose_if__ \
909+ (__FORTIFY_BOSN_ARGS (__bos, n, buf, 1, complaint))))
910+#else
911+# define __FORTIFY_PRECONDITIONS {
912+# define __FORTIFY_FUNCTION_END }
913+/* __chk_fail was chosen arbitrarily. The function should never be called
914+ anyway; it just exists to be reachable after optimizations. */
915+# define __FORTIFY_DECLARE_WARNING_FUNCTION(name, msg) \
916+ __attribute ((__warning__(msg))) \
917+ extern void __REDIRECT_NTH (name, (void), __chk_fail)
918+
919+# define __FORTIFY_WARNING_IF_BEGIN(fn_name, cond, complaint, if_cond_true) \
920+ { \
921+ if (cond) { \
922+ if_cond_true; \
923+ __FORTIFY_DECLARE_WARNING_FUNCTION (fn_name, complaint); \
924+ volatile char __t = 0; \
925+ if (__glibc_unlikely (__t)) \
926+ {
927+
928+# define __FORTIFY_WARNING_IF_END \
929+ } \
930+ } \
931+ }
932+
933+# define __FORTIFY_WARNING_IF(err_fn, cond, complaint) \
934+ __FORTIFY_WARNING_IF_BEGIN (err_fn, cond, complaint, (void)0) \
935+ err_fn (); \
936+ __FORTIFY_WARNING_IF_END
937+
938+# define __bos_static_lt_impl(bos_val, n, s) \
939+ (__builtin_constant_p (n) && (bos_val) != -1ULL && (n) > (bos_val) / (s))
940+
941+#define __FORTIFY_BOS_WARNING_BEGIN(fn_name, bos_fn, n, buf, div, complaint) \
942+ char __need_dynamic_check = !__builtin_constant_p (n); \
943+ __FORTIFY_WARNING_IF_BEGIN (fn_name, \
944+ __bos_static_lt_impl (bos_fn (buf), n, div), \
945+ complaint, (__need_dynamic_check = 1))
946+
947+/* Duplicate this so that the fn_name call happens with the smallest possible
948+ macro "call stack". This minimizes diagnostics about expanding macros. */
949+#define __FORTIFY_WARNING_ONLY_IF_BOS0_LT2(err_fn, n, buf, div, complaint) \
950+ __FORTIFY_BOS_WARNING_BEGIN (err_fn, __bos0, n, buf, div, complaint) \
951+ err_fn (); \
952+ __FORTIFY_WARNING_IF_END
953+
954+#define __FORTIFY_WARNING_ONLY_IF_BOS0_LT(err_fn, n, buf, complaint) \
955+ __FORTIFY_BOS_WARNING_BEGIN (err_fn, __bos0, n, buf, 1, complaint) \
956+ err_fn (); \
957+ __FORTIFY_WARNING_IF_END
958+
959+#define __FORTIFY_WARNING_ONLY_IF_BOS_LT2(err_fn, n, buf, div, complaint) \
960+ __FORTIFY_BOS_WARNING_BEGIN (err_fn, __bos, n, buf, div, complaint) \
961+ err_fn (); \
962+ __FORTIFY_WARNING_IF_END
963+
964+#define __FORTIFY_WARNING_ONLY_IF_BOS_LT(err_fn, n, buf, complaint) \
965+ __FORTIFY_BOS_WARNING_BEGIN (err_fn, __bos, n, buf, 1, complaint) \
966+ err_fn (); \
967+ __FORTIFY_WARNING_IF_END
968+
969+# define __FORTIFY_CALL_CHK (__need_dynamic_check)
970+#endif
971+
972+#define __bos_static_lt2(n, e, s) __bos_static_lt_impl (__bos (e), n, s)
973+#define __bos_static_lt(n, e) __bos_static_lt2 (n, e, 1)
974+#define __bos0_static_lt2(n, e, s) __bos_static_lt_impl (__bos0 (e), n, s)
975+#define __bos0_static_lt(n, e) __bos0_static_lt2 (n, e, 1)
976+
977 #if __GNUC_PREREQ (4,3)
978 # define __warndecl(name, msg) \
979 extern void name (void) __attribute__((__warning__ (msg)))
980@@ -363,6 +502,29 @@
981 # define __va_arg_pack_len() __builtin_va_arg_pack_len ()
982 #endif
983
984+#if defined(__use_clang_fortify)
985+/* clang doesn't support __va_arg_pack, so we need to call the v* version of
986+ FORTIFY'ed functions. */
987+#define __FORTIFY_ARG_PACK __fortify_ap
988+#define __FORTIFY_INIT_ARG_PACK(va_arg) \
989+ __gnuc_va_list __FORTIFY_ARG_PACK; \
990+ va_start (__FORTIFY_ARG_PACK, va_arg)
991+#define __FORTIFY_CALL_VA_ALIAS(fn, ...) __v##fn##_alias (__VA_ARGS__)
992+#define __FORTIFY_CALL_VA_CHK(fn, ...) __v##fn##_chk (__VA_ARGS__)
993+#define __FORTIFY_CALL_VA_BUILTIN(fn, ...) \
994+ __builtin___v##fn##_chk (__VA_ARGS__)
995+#define __FORTIFY_FREE_ARG_PACK() va_end (__FORTIFY_ARG_PACK)
996+#define __FORTIFY_ARG_PACK_OK 1
997+#elif defined(__va_arg_pack)
998+#define __FORTIFY_ARG_PACK __va_arg_pack ()
999+#define __FORTIFY_INIT_ARG_PACK(va_arg)
1000+#define __FORTIFY_CALL_VA_ALIAS(fn, ...) __##fn##_alias (__VA_ARGS__)
1001+#define __FORTIFY_CALL_VA_CHK(fn, ...) __##fn##_chk (__VA_ARGS__)
1002+#define __FORTIFY_CALL_VA_BUILTIN(fn, ...) __builtin___##fn##_chk (__VA_ARGS__)
1003+#define __FORTIFY_FREE_ARG_PACK()
1004+#define __FORTIFY_ARG_PACK_OK 1
1005+#endif
1006+
1007 /* It is possible to compile containing GCC extensions even if GCC is
1008 run in pedantic mode if the uses are carefully marked using the
1009 `__extension__' keyword. But this is not generally available before
1010diff --git a/posix/bits/unistd.h b/posix/bits/unistd.h
1011index b8a8211d83..895d87832e 100644
1012--- a/posix/bits/unistd.h
1013+++ b/posix/bits/unistd.h
1014@@ -24,25 +24,19 @@ extern ssize_t __read_chk (int __fd, void *__buf, size_t __nbytes,
1015 size_t __buflen) __wur;
1016 extern ssize_t __REDIRECT (__read_alias, (int __fd, void *__buf,
1017 size_t __nbytes), read) __wur;
1018-extern ssize_t __REDIRECT (__read_chk_warn,
1019- (int __fd, void *__buf, size_t __nbytes,
1020- size_t __buflen), __read_chk)
1021- __wur __warnattr ("read called with bigger length than size of "
1022- "the destination buffer");
1023
1024-__fortify_function __wur ssize_t
1025-read (int __fd, void *__buf, size_t __nbytes)
1026+__fortify_potential_overload __wur ssize_t
1027+read (int __fd, void *const __clang_pass_object_size0 __buf, size_t __nbytes)
1028+__FORTIFY_PRECONDITIONS
1029+ __FORTIFY_WARNING_ONLY_IF_BOS0_LT (__read_warn, __nbytes, __buf,
1030+ "read called with bigger length than "
1031+ "size of the destination buffer")
1032 {
1033- if (__bos0 (__buf) != (size_t) -1)
1034- {
1035- if (!__builtin_constant_p (__nbytes))
1036- return __read_chk (__fd, __buf, __nbytes, __bos0 (__buf));
1037-
1038- if (__nbytes > __bos0 (__buf))
1039- return __read_chk_warn (__fd, __buf, __nbytes, __bos0 (__buf));
1040- }
1041+ if (__FORTIFY_CALL_CHK && __bos0 (__buf) != (size_t) -1)
1042+ return __read_chk (__fd, __buf, __nbytes, __bos0 (__buf));
1043 return __read_alias (__fd, __buf, __nbytes);
1044 }
1045+__FORTIFY_FUNCTION_END
1046
1047 #ifdef __USE_UNIX98
1048 extern ssize_t __pread_chk (int __fd, void *__buf, size_t __nbytes,
1049@@ -55,67 +49,49 @@ extern ssize_t __REDIRECT (__pread_alias,
1050 extern ssize_t __REDIRECT (__pread64_alias,
1051 (int __fd, void *__buf, size_t __nbytes,
1052 __off64_t __offset), pread64) __wur;
1053-extern ssize_t __REDIRECT (__pread_chk_warn,
1054- (int __fd, void *__buf, size_t __nbytes,
1055- __off_t __offset, size_t __bufsize), __pread_chk)
1056- __wur __warnattr ("pread called with bigger length than size of "
1057- "the destination buffer");
1058-extern ssize_t __REDIRECT (__pread64_chk_warn,
1059- (int __fd, void *__buf, size_t __nbytes,
1060- __off64_t __offset, size_t __bufsize),
1061- __pread64_chk)
1062- __wur __warnattr ("pread64 called with bigger length than size of "
1063- "the destination buffer");
1064
1065 # ifndef __USE_FILE_OFFSET64
1066-__fortify_function __wur ssize_t
1067-pread (int __fd, void *__buf, size_t __nbytes, __off_t __offset)
1068-{
1069- if (__bos0 (__buf) != (size_t) -1)
1070- {
1071- if (!__builtin_constant_p (__nbytes))
1072- return __pread_chk (__fd, __buf, __nbytes, __offset, __bos0 (__buf));
1073-
1074- if ( __nbytes > __bos0 (__buf))
1075- return __pread_chk_warn (__fd, __buf, __nbytes, __offset,
1076- __bos0 (__buf));
1077- }
1078- return __pread_alias (__fd, __buf, __nbytes, __offset);
1079-}
1080+# define __fo_pread_chk __pread_chk
1081+# define __fo_pread_alias __pread_alias
1082+# define __fo_off_t __off_t
1083 # else
1084-__fortify_function __wur ssize_t
1085-pread (int __fd, void *__buf, size_t __nbytes, __off64_t __offset)
1086-{
1087- if (__bos0 (__buf) != (size_t) -1)
1088- {
1089- if (!__builtin_constant_p (__nbytes))
1090- return __pread64_chk (__fd, __buf, __nbytes, __offset, __bos0 (__buf));
1091-
1092- if ( __nbytes > __bos0 (__buf))
1093- return __pread64_chk_warn (__fd, __buf, __nbytes, __offset,
1094- __bos0 (__buf));
1095- }
1096-
1097- return __pread64_alias (__fd, __buf, __nbytes, __offset);
1098-}
1099+# define __fo_pread_chk __pread64_chk
1100+# define __fo_pread_alias __pread64_alias
1101+# define __fo_off_t __off64_t
1102 # endif
1103
1104-# ifdef __USE_LARGEFILE64
1105-__fortify_function __wur ssize_t
1106-pread64 (int __fd, void *__buf, size_t __nbytes, __off64_t __offset)
1107+__fortify_potential_overload __wur ssize_t
1108+pread (int __fd, void *const __clang_pass_object_size0 __buf, size_t __nbytes,
1109+ __fo_off_t __offset)
1110+__FORTIFY_PRECONDITIONS
1111+ __FORTIFY_WARNING_ONLY_IF_BOS0_LT (__pread_chk_warn, __nbytes, __buf,
1112+ "pread called with bigger length than "
1113+ "size of the destination buffer")
1114 {
1115- if (__bos0 (__buf) != (size_t) -1)
1116- {
1117- if (!__builtin_constant_p (__nbytes))
1118- return __pread64_chk (__fd, __buf, __nbytes, __offset, __bos0 (__buf));
1119+ if (__FORTIFY_CALL_CHK && __bos0 (__buf) != (size_t) -1)
1120+ return __fo_pread_chk (__fd, __buf, __nbytes, __offset, __bos0 (__buf));
1121+ return __fo_pread_alias (__fd, __buf, __nbytes, __offset);
1122+}
1123+__FORTIFY_FUNCTION_END
1124
1125- if ( __nbytes > __bos0 (__buf))
1126- return __pread64_chk_warn (__fd, __buf, __nbytes, __offset,
1127- __bos0 (__buf));
1128- }
1129+#undef __fo_pread_chk
1130+#undef __fo_pread_alias
1131+#undef __fo_off_t
1132
1133+# ifdef __USE_LARGEFILE64
1134+__fortify_potential_overload __wur ssize_t
1135+pread64 (int __fd, void *const __clang_pass_object_size0 __buf,
1136+ size_t __nbytes, __off64_t __offset)
1137+__FORTIFY_PRECONDITIONS
1138+ __FORTIFY_WARNING_ONLY_IF_BOS0_LT (__pread64_warn, __nbytes, __buf,
1139+ "pread64 called with bigger length "
1140+ "than size of the destination buffer")
1141+{
1142+ if (__FORTIFY_CALL_CHK && __bos0 (__buf) != (size_t) -1)
1143+ return __pread64_chk (__fd, __buf, __nbytes, __offset, __bos0 (__buf));
1144 return __pread64_alias (__fd, __buf, __nbytes, __offset);
1145 }
1146+__FORTIFY_FUNCTION_END
1147 # endif
1148 #endif
1149
1150@@ -128,27 +104,21 @@ extern ssize_t __REDIRECT_NTH (__readlink_alias,
1151 (const char *__restrict __path,
1152 char *__restrict __buf, size_t __len), readlink)
1153 __nonnull ((1, 2)) __wur;
1154-extern ssize_t __REDIRECT_NTH (__readlink_chk_warn,
1155- (const char *__restrict __path,
1156- char *__restrict __buf, size_t __len,
1157- size_t __buflen), __readlink_chk)
1158- __nonnull ((1, 2)) __wur __warnattr ("readlink called with bigger length "
1159- "than size of destination buffer");
1160
1161-__fortify_function __nonnull ((1, 2)) __wur ssize_t
1162-__NTH (readlink (const char *__restrict __path, char *__restrict __buf,
1163+__fortify_potential_overload __nonnull ((1, 2)) __wur ssize_t
1164+__NTH (readlink (const char *__restrict __path,
1165+ char *__restrict const __clang_pass_object_size __buf,
1166 size_t __len))
1167+__FORTIFY_PRECONDITIONS
1168+ __FORTIFY_WARNING_ONLY_IF_BOS_LT (__readlink_warn, __len, __buf,
1169+ "readlink called with bigger length "
1170+ "than size of destination buffer")
1171 {
1172- if (__bos (__buf) != (size_t) -1)
1173- {
1174- if (!__builtin_constant_p (__len))
1175- return __readlink_chk (__path, __buf, __len, __bos (__buf));
1176-
1177- if ( __len > __bos (__buf))
1178- return __readlink_chk_warn (__path, __buf, __len, __bos (__buf));
1179- }
1180+ if (__FORTIFY_CALL_CHK && __bos (__buf) != (size_t) -1)
1181+ return __readlink_chk (__path, __buf, __len, __bos (__buf));
1182 return __readlink_alias (__path, __buf, __len);
1183 }
1184+__FORTIFY_FUNCTION_END
1185 #endif
1186
1187 #ifdef __USE_ATFILE
1188@@ -161,119 +131,104 @@ extern ssize_t __REDIRECT_NTH (__readlinkat_alias,
1189 char *__restrict __buf, size_t __len),
1190 readlinkat)
1191 __nonnull ((2, 3)) __wur;
1192-extern ssize_t __REDIRECT_NTH (__readlinkat_chk_warn,
1193- (int __fd, const char *__restrict __path,
1194- char *__restrict __buf, size_t __len,
1195- size_t __buflen), __readlinkat_chk)
1196- __nonnull ((2, 3)) __wur __warnattr ("readlinkat called with bigger "
1197- "length than size of destination "
1198- "buffer");
1199-
1200-__fortify_function __nonnull ((2, 3)) __wur ssize_t
1201-__NTH (readlinkat (int __fd, const char *__restrict __path,
1202- char *__restrict __buf, size_t __len))
1203+
1204+__fortify_potential_overload __nonnull ((2, 3)) __wur ssize_t
1205+__NTH (readlinkat (int __fd,
1206+ const char *__restrict __path,
1207+ char *__restrict const __clang_pass_object_size __buf,
1208+ size_t __len))
1209+__FORTIFY_PRECONDITIONS
1210+ __FORTIFY_WARNING_ONLY_IF_BOS_LT (__readlinkat_warn, __len, __buf,
1211+ "readlinkat called with bigger length "
1212+ "than size of destination buffer")
1213 {
1214- if (__bos (__buf) != (size_t) -1)
1215- {
1216- if (!__builtin_constant_p (__len))
1217- return __readlinkat_chk (__fd, __path, __buf, __len, __bos (__buf));
1218-
1219- if (__len > __bos (__buf))
1220- return __readlinkat_chk_warn (__fd, __path, __buf, __len,
1221- __bos (__buf));
1222- }
1223+ if (__FORTIFY_CALL_CHK && __bos (__buf) != (size_t) -1)
1224+ return __readlinkat_chk (__fd, __path, __buf, __len, __bos (__buf));
1225 return __readlinkat_alias (__fd, __path, __buf, __len);
1226 }
1227+__FORTIFY_FUNCTION_END
1228 #endif
1229
1230 extern char *__getcwd_chk (char *__buf, size_t __size, size_t __buflen)
1231 __THROW __wur;
1232 extern char *__REDIRECT_NTH (__getcwd_alias,
1233 (char *__buf, size_t __size), getcwd) __wur;
1234-extern char *__REDIRECT_NTH (__getcwd_chk_warn,
1235- (char *__buf, size_t __size, size_t __buflen),
1236- __getcwd_chk)
1237- __wur __warnattr ("getcwd caller with bigger length than size of "
1238- "destination buffer");
1239-
1240-__fortify_function __wur char *
1241-__NTH (getcwd (char *__buf, size_t __size))
1242-{
1243- if (__bos (__buf) != (size_t) -1)
1244- {
1245- if (!__builtin_constant_p (__size))
1246- return __getcwd_chk (__buf, __size, __bos (__buf));
1247
1248- if (__size > __bos (__buf))
1249- return __getcwd_chk_warn (__buf, __size, __bos (__buf));
1250- }
1251+__fortify_potential_overload __wur char *
1252+__NTH (getcwd (char *const __clang_pass_object_size __buf, size_t __size))
1253+__FORTIFY_PRECONDITIONS
1254+ __FORTIFY_WARNING_ONLY_IF_BOS_LT (__getcwd_warn, __size, __buf,
1255+ "getcwd called with bigger length than "
1256+ "size of destination buffer")
1257+{
1258+ if (__FORTIFY_CALL_CHK && __bos (__buf) != (size_t) -1)
1259+ return __getcwd_chk (__buf, __size, __bos (__buf));
1260 return __getcwd_alias (__buf, __size);
1261 }
1262+__FORTIFY_FUNCTION_END
1263
1264 #if defined __USE_MISC || defined __USE_XOPEN_EXTENDED
1265+# define __warn_getwd_use_something_else \
1266+ "please use getcwd instead, as getwd doesn't specify buffer size"
1267+
1268 extern char *__getwd_chk (char *__buf, size_t buflen)
1269 __THROW __nonnull ((1)) __wur;
1270 extern char *__REDIRECT_NTH (__getwd_warn, (char *__buf), getwd)
1271- __nonnull ((1)) __wur __warnattr ("please use getcwd instead, as getwd "
1272- "doesn't specify buffer size");
1273+ __nonnull ((1)) __wur __warnattr (__warn_getwd_use_something_else);
1274
1275-__fortify_function __nonnull ((1)) __attribute_deprecated__ __wur char *
1276-__NTH (getwd (char *__buf))
1277+extern char *__REDIRECT (__getwd_alias, (char *__str), getwd) __wur;
1278+
1279+__fortify_potential_overload __nonnull ((1)) __attribute_deprecated__ __wur
1280+char *
1281+__NTH (getwd (char *const __clang_pass_object_size __buf))
1282+ __clang_warning_if (__bos (__buf) == (size_t) -1,
1283+ __warn_getwd_use_something_else)
1284 {
1285 if (__bos (__buf) != (size_t) -1)
1286 return __getwd_chk (__buf, __bos (__buf));
1287 return __getwd_warn (__buf);
1288 }
1289+# undef __warn_getwd_use_something_else
1290 #endif
1291
1292 extern size_t __confstr_chk (int __name, char *__buf, size_t __len,
1293 size_t __buflen) __THROW;
1294 extern size_t __REDIRECT_NTH (__confstr_alias, (int __name, char *__buf,
1295 size_t __len), confstr);
1296-extern size_t __REDIRECT_NTH (__confstr_chk_warn,
1297- (int __name, char *__buf, size_t __len,
1298- size_t __buflen), __confstr_chk)
1299- __warnattr ("confstr called with bigger length than size of destination "
1300- "buffer");
1301-
1302-__fortify_function size_t
1303-__NTH (confstr (int __name, char *__buf, size_t __len))
1304-{
1305- if (__bos (__buf) != (size_t) -1)
1306- {
1307- if (!__builtin_constant_p (__len))
1308- return __confstr_chk (__name, __buf, __len, __bos (__buf));
1309
1310- if (__bos (__buf) < __len)
1311- return __confstr_chk_warn (__name, __buf, __len, __bos (__buf));
1312- }
1313+__fortify_potential_overload size_t
1314+__NTH (confstr (int __name, char *const __clang_pass_object_size __buf,
1315+ size_t __len))
1316+__FORTIFY_PRECONDITIONS
1317+ __FORTIFY_WARNING_ONLY_IF_BOS_LT (__confstr_warn, __len, __buf,
1318+ "confstr called with bigger length than "
1319+ "size of destination buffer")
1320+{
1321+ if (__FORTIFY_CALL_CHK && __bos (__buf) != (size_t) -1)
1322+ return __confstr_chk (__name, __buf, __len, __bos (__buf));
1323 return __confstr_alias (__name, __buf, __len);
1324 }
1325-
1326+__FORTIFY_FUNCTION_END
1327
1328 extern int __getgroups_chk (int __size, __gid_t __list[], size_t __listlen)
1329 __THROW __wur;
1330 extern int __REDIRECT_NTH (__getgroups_alias, (int __size, __gid_t __list[]),
1331 getgroups) __wur;
1332-extern int __REDIRECT_NTH (__getgroups_chk_warn,
1333- (int __size, __gid_t __list[], size_t __listlen),
1334- __getgroups_chk)
1335- __wur __warnattr ("getgroups called with bigger group count than what "
1336- "can fit into destination buffer");
1337-
1338-__fortify_function int
1339-__NTH (getgroups (int __size, __gid_t __list[]))
1340+
1341+__fortify_potential_overload int
1342+__NTH (getgroups (int __size, __gid_t *const __clang_pass_object_size __list))
1343+__FORTIFY_PRECONDITIONS
1344+ __FORTIFY_WARNING_ONLY_IF_BOS_LT (__getgroups_warn,
1345+ __size * sizeof (__gid_t), __list,
1346+ "getgroups called with bigger group "
1347+ "count than what can fit into "
1348+ "destination buffer")
1349 {
1350- if (__bos (__list) != (size_t) -1)
1351- {
1352- if (!__builtin_constant_p (__size) || __size < 0)
1353- return __getgroups_chk (__size, __list, __bos (__list));
1354-
1355- if (__size * sizeof (__gid_t) > __bos (__list))
1356- return __getgroups_chk_warn (__size, __list, __bos (__list));
1357- }
1358+ if (__FORTIFY_CALL_CHK && __bos (__list) != (size_t) -1)
1359+ return __getgroups_chk (__size, __list, __bos (__list));
1360 return __getgroups_alias (__size, __list);
1361 }
1362+__FORTIFY_FUNCTION_END
1363
1364
1365 extern int __ttyname_r_chk (int __fd, char *__buf, size_t __buflen,
1366@@ -287,19 +242,19 @@ extern int __REDIRECT_NTH (__ttyname_r_chk_warn,
1367 __nonnull ((2)) __warnattr ("ttyname_r called with bigger buflen than "
1368 "size of destination buffer");
1369
1370-__fortify_function int
1371-__NTH (ttyname_r (int __fd, char *__buf, size_t __buflen))
1372+__fortify_potential_overload int
1373+__NTH (ttyname_r (int __fd, char *const __clang_pass_object_size __buf,
1374+ size_t __buflen))
1375+__FORTIFY_PRECONDITIONS
1376+ __FORTIFY_WARNING_ONLY_IF_BOS_LT (__ttyname_r_warn, __buflen, __buf,
1377+ "ttyname_r called with bigger buflen "
1378+ "than size of destination buffer")
1379 {
1380- if (__bos (__buf) != (size_t) -1)
1381- {
1382- if (!__builtin_constant_p (__buflen))
1383- return __ttyname_r_chk (__fd, __buf, __buflen, __bos (__buf));
1384-
1385- if (__buflen > __bos (__buf))
1386- return __ttyname_r_chk_warn (__fd, __buf, __buflen, __bos (__buf));
1387- }
1388- return __ttyname_r_alias (__fd, __buf, __buflen);
1389-}
1390+ if (__FORTIFY_CALL_CHK && __bos (__buf) != (size_t) -1)
1391+ return __ttyname_r_chk (__fd, __buf, __buflen, __bos (__buf));
1392+ return __ttyname_r_alias (__fd, __buf, __buflen);
1393+ }
1394+__FORTIFY_FUNCTION_END
1395
1396
1397 #ifdef __USE_POSIX199506
1398@@ -307,25 +262,19 @@ extern int __getlogin_r_chk (char *__buf, size_t __buflen, size_t __nreal)
1399 __nonnull ((1));
1400 extern int __REDIRECT (__getlogin_r_alias, (char *__buf, size_t __buflen),
1401 getlogin_r) __nonnull ((1));
1402-extern int __REDIRECT (__getlogin_r_chk_warn,
1403- (char *__buf, size_t __buflen, size_t __nreal),
1404- __getlogin_r_chk)
1405- __nonnull ((1)) __warnattr ("getlogin_r called with bigger buflen than "
1406- "size of destination buffer");
1407
1408-__fortify_function int
1409-getlogin_r (char *__buf, size_t __buflen)
1410+__fortify_potential_overload int
1411+getlogin_r (char *const __clang_pass_object_size __buf, size_t __buflen)
1412+__FORTIFY_PRECONDITIONS
1413+ __FORTIFY_WARNING_ONLY_IF_BOS_LT (__getlogin_r_warn, __buflen, __buf,
1414+ "getlogin_r called with bigger buflen "
1415+ "than size of destination buffer")
1416 {
1417- if (__bos (__buf) != (size_t) -1)
1418- {
1419- if (!__builtin_constant_p (__buflen))
1420- return __getlogin_r_chk (__buf, __buflen, __bos (__buf));
1421-
1422- if (__buflen > __bos (__buf))
1423- return __getlogin_r_chk_warn (__buf, __buflen, __bos (__buf));
1424- }
1425+ if (__FORTIFY_CALL_CHK && __bos (__buf) != (size_t) -1)
1426+ return __getlogin_r_chk (__buf, __buflen, __bos (__buf));
1427 return __getlogin_r_alias (__buf, __buflen);
1428 }
1429+__FORTIFY_FUNCTION_END
1430 #endif
1431
1432
1433@@ -334,25 +283,20 @@ extern int __gethostname_chk (char *__buf, size_t __buflen, size_t __nreal)
1434 __THROW __nonnull ((1));
1435 extern int __REDIRECT_NTH (__gethostname_alias, (char *__buf, size_t __buflen),
1436 gethostname) __nonnull ((1));
1437-extern int __REDIRECT_NTH (__gethostname_chk_warn,
1438- (char *__buf, size_t __buflen, size_t __nreal),
1439- __gethostname_chk)
1440- __nonnull ((1)) __warnattr ("gethostname called with bigger buflen than "
1441- "size of destination buffer");
1442
1443-__fortify_function int
1444-__NTH (gethostname (char *__buf, size_t __buflen))
1445+__fortify_potential_overload int
1446+__NTH (gethostname (char *const __clang_pass_object_size __buf,
1447+ size_t __buflen))
1448+__FORTIFY_PRECONDITIONS
1449+ __FORTIFY_WARNING_ONLY_IF_BOS_LT (__gethostname_warn, __buflen, __buf,
1450+ "gethostname called with bigger buflen "
1451+ "than size of destination buffer")
1452 {
1453- if (__bos (__buf) != (size_t) -1)
1454- {
1455- if (!__builtin_constant_p (__buflen))
1456- return __gethostname_chk (__buf, __buflen, __bos (__buf));
1457-
1458- if (__buflen > __bos (__buf))
1459- return __gethostname_chk_warn (__buf, __buflen, __bos (__buf));
1460- }
1461+ if (__FORTIFY_CALL_CHK && __bos (__buf) != (size_t) -1)
1462+ return __gethostname_chk (__buf, __buflen, __bos (__buf));
1463 return __gethostname_alias (__buf, __buflen);
1464 }
1465+__FORTIFY_FUNCTION_END
1466 #endif
1467
1468
1469@@ -362,24 +306,18 @@ extern int __getdomainname_chk (char *__buf, size_t __buflen, size_t __nreal)
1470 extern int __REDIRECT_NTH (__getdomainname_alias, (char *__buf,
1471 size_t __buflen),
1472 getdomainname) __nonnull ((1)) __wur;
1473-extern int __REDIRECT_NTH (__getdomainname_chk_warn,
1474- (char *__buf, size_t __buflen, size_t __nreal),
1475- __getdomainname_chk)
1476- __nonnull ((1)) __wur __warnattr ("getdomainname called with bigger "
1477- "buflen than size of destination "
1478- "buffer");
1479-
1480-__fortify_function int
1481-__NTH (getdomainname (char *__buf, size_t __buflen))
1482-{
1483- if (__bos (__buf) != (size_t) -1)
1484- {
1485- if (!__builtin_constant_p (__buflen))
1486- return __getdomainname_chk (__buf, __buflen, __bos (__buf));
1487
1488- if (__buflen > __bos (__buf))
1489- return __getdomainname_chk_warn (__buf, __buflen, __bos (__buf));
1490- }
1491+__fortify_potential_overload int
1492+__NTH (getdomainname (char *const __clang_pass_object_size __buf,
1493+ size_t __buflen))
1494+__FORTIFY_PRECONDITIONS
1495+ __FORTIFY_WARNING_ONLY_IF_BOS_LT (__getdomainname_warn, __buflen, __buf,
1496+ "getdomainname called with bigger "
1497+ "buflen than size of destination buffer")
1498+{
1499+ if (__FORTIFY_CALL_CHK && __bos (__buf) != (size_t) -1)
1500+ return __getdomainname_chk (__buf, __buflen, __bos (__buf));
1501 return __getdomainname_alias (__buf, __buflen);
1502 }
1503+__FORTIFY_FUNCTION_END
1504 #endif
1505diff --git a/rt/bits/mqueue2.h b/rt/bits/mqueue2.h
1506index 354f0d53bf..388b63a4f8 100644
1507--- a/rt/bits/mqueue2.h
1508+++ b/rt/bits/mqueue2.h
1509@@ -29,10 +29,47 @@ extern mqd_t __mq_open_2 (const char *__name, int __oflag)
1510 extern mqd_t __REDIRECT_NTH (__mq_open_alias, (const char *__name,
1511 int __oflag, ...), mq_open)
1512 __nonnull ((1));
1513+
1514+#define __warn_mq_open_wrong_number_of_args "mq_open can be called either " \
1515+ "with 2 or 4 arguments"
1516+#define __warn_mq_open_missing_mode_and_attr "mq_open with O_CREAT in " \
1517+ "second argument needs 4 arguments"
1518+#ifdef __use_clang_fortify
1519+__fortify_overload __clang_error (__warn_mq_open_wrong_number_of_args) mqd_t
1520+__NTH (mq_open (const char *const __clang_pass_object_size __name, int __oflag,
1521+ int __mode))
1522+{
1523+ return __mq_open_alias (__name, __oflag, __mode);
1524+}
1525+
1526+__fortify_overload __clang_error (__warn_mq_open_wrong_number_of_args)
1527+mqd_t
1528+__NTH (mq_open (const char *const __clang_pass_object_size __name, int __oflag,
1529+ int __mode, struct mq_attr *__attr, ...))
1530+{
1531+ return __mq_open_alias (__name, __oflag, __mode, __attr);
1532+}
1533+
1534+__fortify_overload __clang_prefer_this_overload mqd_t
1535+__NTH (mq_open (const char *const __clang_pass_object_size __name,
1536+ int __oflag))
1537+ __clang_error_if ((__oflag & O_CREAT),
1538+ __warn_mq_open_missing_mode_and_attr)
1539+{
1540+ return __mq_open_alias (__name, __oflag);
1541+}
1542+
1543+__fortify_overload __clang_prefer_this_overload mqd_t
1544+__NTH (mq_open (const char *const __clang_pass_object_size __name, int __oflag,
1545+ int __mode, struct mq_attr *__attr))
1546+{
1547+ return __mq_open_alias (__name, __oflag, __mode, __attr);
1548+}
1549+#else
1550 __errordecl (__mq_open_wrong_number_of_args,
1551- "mq_open can be called either with 2 or 4 arguments");
1552+ __warn_mq_open_wrong_number_of_args);
1553 __errordecl (__mq_open_missing_mode_and_attr,
1554- "mq_open with O_CREAT in second argument needs 4 arguments");
1555+ __warn_mq_open_missing_mode_and_attr);
1556
1557 __fortify_function mqd_t
1558 __NTH (mq_open (const char *__name, int __oflag, ...))
1559@@ -55,3 +92,6 @@ __NTH (mq_open (const char *__name, int __oflag, ...))
1560
1561 return __mq_open_alias (__name, __oflag, __va_arg_pack ());
1562 }
1563+#endif
1564+#undef __warn_mq_open_wrong_number_of_args
1565+#undef __warn_mq_open_missing_mode_and_attr
1566diff --git a/rt/mqueue.h b/rt/mqueue.h
1567index a2a2aa1771..5a2976d1be 100644
1568--- a/rt/mqueue.h
1569+++ b/rt/mqueue.h
1570@@ -89,7 +89,7 @@ extern int mq_timedsend (mqd_t __mqdes, const char *__msg_ptr,
1571
1572 /* Define some inlines helping to catch common problems. */
1573 #if __USE_FORTIFY_LEVEL > 0 && defined __fortify_function \
1574- && defined __va_arg_pack_len
1575+ && (defined __va_arg_pack_len || defined __use_clang_fortify)
1576 # include <bits/mqueue2.h>
1577 #endif
1578
1579diff --git a/socket/bits/socket2.h b/socket/bits/socket2.h
1580index c0421ce244..12d2e75f57 100644
1581--- a/socket/bits/socket2.h
1582+++ b/socket/bits/socket2.h
1583@@ -24,25 +24,20 @@ extern ssize_t __recv_chk (int __fd, void *__buf, size_t __n, size_t __buflen,
1584 int __flags);
1585 extern ssize_t __REDIRECT (__recv_alias, (int __fd, void *__buf, size_t __n,
1586 int __flags), recv);
1587-extern ssize_t __REDIRECT (__recv_chk_warn,
1588- (int __fd, void *__buf, size_t __n, size_t __buflen,
1589- int __flags), __recv_chk)
1590- __warnattr ("recv called with bigger length than size of destination "
1591- "buffer");
1592
1593-__fortify_function ssize_t
1594-recv (int __fd, void *__buf, size_t __n, int __flags)
1595+__fortify_potential_overload ssize_t
1596+recv (int __fd, void *const __clang_pass_object_size0 __buf, size_t __n,
1597+ int __flags)
1598+__FORTIFY_PRECONDITIONS
1599+ __FORTIFY_WARNING_ONLY_IF_BOS0_LT (__recv_warn, __n, __buf,
1600+ "recv called with bigger length than "
1601+ "size of destination buffer")
1602 {
1603- if (__bos0 (__buf) != (size_t) -1)
1604- {
1605- if (!__builtin_constant_p (__n))
1606- return __recv_chk (__fd, __buf, __n, __bos0 (__buf), __flags);
1607-
1608- if (__n > __bos0 (__buf))
1609- return __recv_chk_warn (__fd, __buf, __n, __bos0 (__buf), __flags);
1610- }
1611+ if (__FORTIFY_CALL_CHK && __bos0 (__buf) != (size_t) -1)
1612+ return __recv_chk (__fd, __buf, __n, __bos0 (__buf), __flags);
1613 return __recv_alias (__fd, __buf, __n, __flags);
1614 }
1615+__FORTIFY_FUNCTION_END
1616
1617 extern ssize_t __recvfrom_chk (int __fd, void *__restrict __buf, size_t __n,
1618 size_t __buflen, int __flags,
1619@@ -52,26 +47,19 @@ extern ssize_t __REDIRECT (__recvfrom_alias,
1620 (int __fd, void *__restrict __buf, size_t __n,
1621 int __flags, __SOCKADDR_ARG __addr,
1622 socklen_t *__restrict __addr_len), recvfrom);
1623-extern ssize_t __REDIRECT (__recvfrom_chk_warn,
1624- (int __fd, void *__restrict __buf, size_t __n,
1625- size_t __buflen, int __flags,
1626- __SOCKADDR_ARG __addr,
1627- socklen_t *__restrict __addr_len), __recvfrom_chk)
1628- __warnattr ("recvfrom called with bigger length than size of "
1629- "destination buffer");
1630
1631-__fortify_function ssize_t
1632-recvfrom (int __fd, void *__restrict __buf, size_t __n, int __flags,
1633- __SOCKADDR_ARG __addr, socklen_t *__restrict __addr_len)
1634+__fortify_potential_overload ssize_t
1635+recvfrom (int __fd, void *__restrict const __clang_pass_object_size0 __buf,
1636+ size_t __n, int __flags, __SOCKADDR_ARG __addr,
1637+ socklen_t *__restrict __addr_len)
1638+__FORTIFY_PRECONDITIONS
1639+ __FORTIFY_WARNING_ONLY_IF_BOS0_LT (__recvfrom_warn, __n, __buf,
1640+ "recvfrom called with bigger length "
1641+ "than size of destination buffer")
1642 {
1643- if (__bos0 (__buf) != (size_t) -1)
1644- {
1645- if (!__builtin_constant_p (__n))
1646- return __recvfrom_chk (__fd, __buf, __n, __bos0 (__buf), __flags,
1647- __addr, __addr_len);
1648- if (__n > __bos0 (__buf))
1649- return __recvfrom_chk_warn (__fd, __buf, __n, __bos0 (__buf), __flags,
1650- __addr, __addr_len);
1651- }
1652+ if (__FORTIFY_CALL_CHK && __bos0 (__buf) != (size_t) -1)
1653+ return __recvfrom_chk (__fd, __buf, __n, __bos0 (__buf), __flags, __addr,
1654+ __addr_len);
1655 return __recvfrom_alias (__fd, __buf, __n, __flags, __addr, __addr_len);
1656 }
1657+__FORTIFY_FUNCTION_END
1658diff --git a/stdlib/bits/stdlib.h b/stdlib/bits/stdlib.h
1659index bfdee75073..a15f965b12 100644
1660--- a/stdlib/bits/stdlib.h
1661+++ b/stdlib/bits/stdlib.h
1662@@ -26,27 +26,27 @@ extern char *__realpath_chk (const char *__restrict __name,
1663 extern char *__REDIRECT_NTH (__realpath_alias,
1664 (const char *__restrict __name,
1665 char *__restrict __resolved), realpath) __wur;
1666-extern char *__REDIRECT_NTH (__realpath_chk_warn,
1667- (const char *__restrict __name,
1668- char *__restrict __resolved,
1669- size_t __resolvedlen), __realpath_chk) __wur
1670- __warnattr ("second argument of realpath must be either NULL or at "
1671- "least PATH_MAX bytes long buffer");
1672
1673-__fortify_function __wur char *
1674-__NTH (realpath (const char *__restrict __name, char *__restrict __resolved))
1675+__fortify_potential_overload __wur char *
1676+__NTH (realpath (const char *__restrict __name,
1677+ char *__restrict const __clang_pass_object_size __resolved))
1678+__FORTIFY_PRECONDITIONS
1679+#if defined _LIBC_LIMITS_H_ && defined PATH_MAX
1680+ __FORTIFY_WARNING_ONLY_IF_BOS_LT (__realpath_warn, PATH_MAX, __resolved,
1681+ "second argument of realpath must be "
1682+ "either NULL or at least PATH_MAX "
1683+ "bytes long buffer")
1684+#endif
1685 {
1686- if (__bos (__resolved) != (size_t) -1)
1687- {
1688+ if (
1689 #if defined _LIBC_LIMITS_H_ && defined PATH_MAX
1690- if (__bos (__resolved) < PATH_MAX)
1691- return __realpath_chk_warn (__name, __resolved, __bos (__resolved));
1692+ __FORTIFY_CALL_CHK &&
1693 #endif
1694- return __realpath_chk (__name, __resolved, __bos (__resolved));
1695- }
1696-
1697+ __bos (__resolved) != (size_t) -1)
1698+ return __realpath_chk (__name, __resolved, __bos (__resolved));
1699 return __realpath_alias (__name, __resolved);
1700 }
1701+__FORTIFY_FUNCTION_END
1702
1703
1704 extern int __ptsname_r_chk (int __fd, char *__buf, size_t __buflen,
1705@@ -54,33 +54,28 @@ extern int __ptsname_r_chk (int __fd, char *__buf, size_t __buflen,
1706 extern int __REDIRECT_NTH (__ptsname_r_alias, (int __fd, char *__buf,
1707 size_t __buflen), ptsname_r)
1708 __nonnull ((2));
1709-extern int __REDIRECT_NTH (__ptsname_r_chk_warn,
1710- (int __fd, char *__buf, size_t __buflen,
1711- size_t __nreal), __ptsname_r_chk)
1712- __nonnull ((2)) __warnattr ("ptsname_r called with buflen bigger than "
1713- "size of buf");
1714-
1715-__fortify_function int
1716-__NTH (ptsname_r (int __fd, char *__buf, size_t __buflen))
1717+
1718+__fortify_potential_overload int
1719+__NTH (ptsname_r (int __fd, char *const __clang_pass_object_size __buf,
1720+ size_t __buflen))
1721+__FORTIFY_PRECONDITIONS
1722+ __FORTIFY_WARNING_ONLY_IF_BOS_LT (__ptsname_r_warn, __buflen, __buf,
1723+ "ptsname_r called with buflen "
1724+ "bigger than size of buf")
1725 {
1726- if (__bos (__buf) != (size_t) -1)
1727- {
1728- if (!__builtin_constant_p (__buflen))
1729- return __ptsname_r_chk (__fd, __buf, __buflen, __bos (__buf));
1730- if (__buflen > __bos (__buf))
1731- return __ptsname_r_chk_warn (__fd, __buf, __buflen, __bos (__buf));
1732- }
1733+ if (__FORTIFY_CALL_CHK && __bos (__buf) != (size_t) -1)
1734+ return __ptsname_r_chk (__fd, __buf, __buflen, __bos (__buf));
1735 return __ptsname_r_alias (__fd, __buf, __buflen);
1736 }
1737-
1738+__FORTIFY_FUNCTION_END
1739
1740 extern int __wctomb_chk (char *__s, wchar_t __wchar, size_t __buflen)
1741 __THROW __wur;
1742 extern int __REDIRECT_NTH (__wctomb_alias, (char *__s, wchar_t __wchar),
1743 wctomb) __wur;
1744
1745-__fortify_function __wur int
1746-__NTH (wctomb (char *__s, wchar_t __wchar))
1747+__fortify_potential_overload __wur int
1748+__NTH (wctomb (char *const __clang_pass_object_size __s, wchar_t __wchar))
1749 {
1750 /* We would have to include <limits.h> to get a definition of MB_LEN_MAX.
1751 But this would only disturb the namespace. So we define our own
1752@@ -102,29 +97,22 @@ extern size_t __REDIRECT_NTH (__mbstowcs_alias,
1753 (wchar_t *__restrict __dst,
1754 const char *__restrict __src,
1755 size_t __len), mbstowcs);
1756-extern size_t __REDIRECT_NTH (__mbstowcs_chk_warn,
1757- (wchar_t *__restrict __dst,
1758- const char *__restrict __src,
1759- size_t __len, size_t __dstlen), __mbstowcs_chk)
1760- __warnattr ("mbstowcs called with dst buffer smaller than len "
1761- "* sizeof (wchar_t)");
1762
1763-__fortify_function size_t
1764-__NTH (mbstowcs (wchar_t *__restrict __dst, const char *__restrict __src,
1765- size_t __len))
1766+__fortify_potential_overload size_t
1767+__NTH (mbstowcs (wchar_t *__restrict const __clang_pass_object_size __dst,
1768+ const char *__restrict __src, size_t __len))
1769+__FORTIFY_PRECONDITIONS
1770+ __FORTIFY_WARNING_ONLY_IF_BOS_LT2 (__mbstowcs_warn, __len, __dst,
1771+ sizeof (wchar_t),
1772+ "mbstowcs called with dst buffer "
1773+ "smaller than len * sizeof (wchar_t)")
1774 {
1775- if (__bos (__dst) != (size_t) -1)
1776- {
1777- if (!__builtin_constant_p (__len))
1778- return __mbstowcs_chk (__dst, __src, __len,
1779- __bos (__dst) / sizeof (wchar_t));
1780-
1781- if (__len > __bos (__dst) / sizeof (wchar_t))
1782- return __mbstowcs_chk_warn (__dst, __src, __len,
1783- __bos (__dst) / sizeof (wchar_t));
1784- }
1785+ if (__FORTIFY_CALL_CHK && __bos (__dst) != (size_t) -1)
1786+ return __mbstowcs_chk (__dst, __src, __len,
1787+ __bos (__dst) / sizeof (wchar_t));
1788 return __mbstowcs_alias (__dst, __src, __len);
1789 }
1790+__FORTIFY_FUNCTION_END
1791
1792
1793 extern size_t __wcstombs_chk (char *__restrict __dst,
1794@@ -134,22 +122,17 @@ extern size_t __REDIRECT_NTH (__wcstombs_alias,
1795 (char *__restrict __dst,
1796 const wchar_t *__restrict __src,
1797 size_t __len), wcstombs);
1798-extern size_t __REDIRECT_NTH (__wcstombs_chk_warn,
1799- (char *__restrict __dst,
1800- const wchar_t *__restrict __src,
1801- size_t __len, size_t __dstlen), __wcstombs_chk)
1802- __warnattr ("wcstombs called with dst buffer smaller than len");
1803
1804-__fortify_function size_t
1805-__NTH (wcstombs (char *__restrict __dst, const wchar_t *__restrict __src,
1806- size_t __len))
1807+__fortify_potential_overload size_t
1808+__NTH (wcstombs (char *__restrict const __clang_pass_object_size __dst,
1809+ const wchar_t *__restrict __src, size_t __len))
1810+__FORTIFY_PRECONDITIONS
1811+ __FORTIFY_WARNING_ONLY_IF_BOS_LT (__wcstombs_warn, __len, __dst,
1812+ "wcstombs called with dst buffer "
1813+ "smaller than len")
1814 {
1815- if (__bos (__dst) != (size_t) -1)
1816- {
1817- if (!__builtin_constant_p (__len))
1818- return __wcstombs_chk (__dst, __src, __len, __bos (__dst));
1819- if (__len > __bos (__dst))
1820- return __wcstombs_chk_warn (__dst, __src, __len, __bos (__dst));
1821- }
1822+ if (__FORTIFY_CALL_CHK && __bos (__dst) != (size_t) -1)
1823+ return __wcstombs_chk (__dst, __src, __len, __bos (__dst));
1824 return __wcstombs_alias (__dst, __src, __len);
1825 }
1826+__FORTIFY_FUNCTION_END
1827diff --git a/string/bits/string_fortified.h b/string/bits/string_fortified.h
1828index e4d07cb50c..f73528ba7e 100644
1829--- a/string/bits/string_fortified.h
1830+++ b/string/bits/string_fortified.h
1831@@ -22,45 +22,82 @@
1832 # error "Never use <bits/string_fortified.h> directly; include <string.h> instead."
1833 #endif
1834
1835-#if !__GNUC_PREREQ (5,0)
1836-__warndecl (__warn_memset_zero_len,
1837- "memset used with constant zero length parameter; this could be due to transposed parameters");
1838-#endif
1839-
1840-__fortify_function void *
1841-__NTH (memcpy (void *__restrict __dest, const void *__restrict __src,
1842- size_t __len))
1843+#define __warn_len_too_large \
1844+ "function called with bigger length than the destination buffer"
1845+/* Repeat bodies here to reduce 'note's if we detect a problem. */
1846+#define __size_too_small(bos, dest, len) \
1847+ (bos (dest) != (size_t) -1 && bos (dest) < len)
1848+#define __warn_if_dest_too_small(dest, len) \
1849+ __clang_warning_if (__size_too_small (__bos, dest, len), \
1850+ __warn_len_too_large)
1851+#define __warn_if_dest_too_small0(dest, len) \
1852+ __clang_warning_if (__size_too_small (__bos0, dest, len), \
1853+ __warn_len_too_large)
1854+
1855+#define __warn_input_str_too_large \
1856+ "destination buffer will always be overflown by source"
1857+#define __warn_if_src_too_large(dest, src) \
1858+ __clang_warning_if (__size_too_small (__bos, dest, __builtin_strlen (src) + 1), \
1859+ __warn_input_str_too_large)
1860+
1861+__fortify_potential_overload void *
1862+__NTH (memcpy (void *__restrict const __clang_pass_object_size0 __dest,
1863+ const void *__restrict __src, size_t __len))
1864+ __warn_if_dest_too_small0 (__dest, __len)
1865 {
1866- return __builtin___memcpy_chk (__dest, __src, __len, __bos0 (__dest));
1867+ size_t __bos_dst = __bos0 (__dest);
1868+ if (__bos_dst == (size_t) -1 || (__builtin_constant_p (__len)
1869+ && __bos_dst >= __len))
1870+ return __builtin_memcpy (__dest, __src, __len);
1871+ return __builtin___memcpy_chk (__dest, __src, __len, __bos_dst);
1872 }
1873
1874-__fortify_function void *
1875-__NTH (memmove (void *__dest, const void *__src, size_t __len))
1876+__fortify_potential_overload void *
1877+__NTH (memmove (void *const __clang_pass_object_size0 __dest,
1878+ const void *__src, size_t __len))
1879+ __warn_if_dest_too_small0 (__dest, __len)
1880 {
1881- return __builtin___memmove_chk (__dest, __src, __len, __bos0 (__dest));
1882+ size_t __bos_dst = __bos0 (__dest);
1883+ if (__bos_dst == (size_t) -1 || (__builtin_constant_p (__len)
1884+ && __bos_dst >= __len))
1885+ return __builtin_memmove (__dest, __src, __len);
1886+ return __builtin___memmove_chk (__dest, __src, __len, __bos_dst);
1887 }
1888
1889 #ifdef __USE_GNU
1890-__fortify_function void *
1891-__NTH (mempcpy (void *__restrict __dest, const void *__restrict __src,
1892- size_t __len))
1893+__fortify_potential_overload void *
1894+__NTH (mempcpy (void *__restrict const __clang_pass_object_size0 __dest,
1895+ const void *__restrict __src, size_t __len))
1896+ __warn_if_dest_too_small0 (__dest, __len)
1897 {
1898- return __builtin___mempcpy_chk (__dest, __src, __len, __bos0 (__dest));
1899+ size_t __bos_dst = __bos0 (__dest);
1900+ if (__bos_dst == (size_t) -1 || (__builtin_constant_p (__len)
1901+ && __bos_dst >= __len))
1902+ return __builtin_mempcpy (__dest, __src, __len);
1903+ return __builtin___mempcpy_chk (__dest, __src, __len, __bos_dst);
1904 }
1905 #endif
1906
1907-
1908 /* The first two tests here help to catch a somewhat common problem
1909 where the second and third parameter are transposed. This is
1910 especially problematic if the intended fill value is zero. In this
1911 case no work is done at all. We detect these problems by referring
1912 non-existing functions. */
1913-__fortify_function void *
1914-__NTH (memset (void *__dest, int __ch, size_t __len))
1915+#define __warn_memset_zero_len_msg \
1916+ "memset used with constant zero length parameter; this could be due to " \
1917+ "transposed parameters"
1918+#if !__GNUC_PREREQ (5,0)
1919+__warndecl (__warn_memset_zero_len, __warn_memset_zero_len_msg);
1920+#endif
1921+__fortify_potential_overload void *
1922+__NTH (memset (void *const __clang_pass_object_size0 __dest, int __ch,
1923+ size_t __len))
1924+ __warn_if_dest_too_small0 (__dest, __len)
1925+ __clang_warning_if (__len == 0 && __ch != 0, __warn_memset_zero_len_msg)
1926 {
1927 /* GCC-5.0 and newer implements these checks in the compiler, so we don't
1928 need them here. */
1929-#if !__GNUC_PREREQ (5,0)
1930+#if !__GNUC_PREREQ (5,0) && !defined __use_clang_fortify
1931 if (__builtin_constant_p (__len) && __len == 0
1932 && (!__builtin_constant_p (__ch) || __ch != 0))
1933 {
1934@@ -68,8 +105,13 @@ __NTH (memset (void *__dest, int __ch, size_t __len))
1935 return __dest;
1936 }
1937 #endif
1938- return __builtin___memset_chk (__dest, __ch, __len, __bos0 (__dest));
1939+ size_t __bos_dst = __bos0 (__dest);
1940+ if (__bos_dst == (size_t) -1 || (__builtin_constant_p (__len)
1941+ && __bos_dst >= __len))
1942+ return __builtin_memset (__dest, __ch, __len);
1943+ return __builtin___memset_chk (__dest, __ch, __len, __bos_dst);
1944 }
1945+#undef __warn_memset_zero_len_msg
1946
1947 #ifdef __USE_MISC
1948 # include <bits/strings_fortified.h>
1949@@ -84,24 +126,30 @@ __NTH (explicit_bzero (void *__dest, size_t __len))
1950 }
1951 #endif
1952
1953-__fortify_function char *
1954-__NTH (strcpy (char *__restrict __dest, const char *__restrict __src))
1955+__fortify_potential_overload char *
1956+__NTH (strcpy (char *__restrict const __clang_pass_object_size __dest,
1957+ const char *__restrict __src))
1958+ __warn_if_src_too_large (__dest, __src)
1959 {
1960 return __builtin___strcpy_chk (__dest, __src, __bos (__dest));
1961 }
1962
1963 #ifdef __USE_GNU
1964-__fortify_function char *
1965-__NTH (stpcpy (char *__restrict __dest, const char *__restrict __src))
1966+__fortify_potential_overload char *
1967+__NTH (stpcpy (char *__restrict const __clang_pass_object_size __dest,
1968+ const char *__restrict __src))
1969+ __warn_if_src_too_large (__dest, __src)
1970 {
1971 return __builtin___stpcpy_chk (__dest, __src, __bos (__dest));
1972 }
1973 #endif
1974
1975-
1976-__fortify_function char *
1977-__NTH (strncpy (char *__restrict __dest, const char *__restrict __src,
1978- size_t __len))
1979+__fortify_potential_overload char *
1980+__NTH (strncpy (char *__restrict const __clang_pass_object_size __dest,
1981+ const char *__restrict __src, size_t __len))
1982+/* clang: Don't warn when __builtin_strlen (__src) < __bos (__dest),
1983+ but __len > __bos (__dest). The user should fix their code instead. */
1984+ __warn_if_dest_too_small (__dest, __len)
1985 {
1986 return __builtin___strncpy_chk (__dest, __src, __len, __bos (__dest));
1987 }
1988@@ -112,28 +160,36 @@ extern char *__stpncpy_chk (char *__dest, const char *__src, size_t __n,
1989 extern char *__REDIRECT_NTH (__stpncpy_alias, (char *__dest, const char *__src,
1990 size_t __n), stpncpy);
1991
1992-__fortify_function char *
1993-__NTH (stpncpy (char *__dest, const char *__src, size_t __n))
1994+__fortify_potential_overload char *
1995+__NTH (stpncpy (char *const __clang_pass_object_size __dest, const char *__src,
1996+ size_t __n))
1997+ __warn_if_dest_too_small (__dest, __n)
1998 {
1999- if (__bos (__dest) != (size_t) -1
2000- && (!__builtin_constant_p (__n) || __n > __bos (__dest)))
2001+ if (__bos (__dest) != (size_t) -1)
2002 return __stpncpy_chk (__dest, __src, __n, __bos (__dest));
2003 return __stpncpy_alias (__dest, __src, __n);
2004 }
2005
2006-
2007-__fortify_function char *
2008-__NTH (strcat (char *__restrict __dest, const char *__restrict __src))
2009+__fortify_potential_overload char *
2010+__NTH (strcat (char *__restrict const __clang_pass_object_size __dest,
2011+ const char *__restrict __src))
2012+ __warn_if_src_too_large (__dest, __src)
2013 {
2014 return __builtin___strcat_chk (__dest, __src, __bos (__dest));
2015 }
2016
2017-
2018-__fortify_function char *
2019-__NTH (strncat (char *__restrict __dest, const char *__restrict __src,
2020- size_t __len))
2021+__fortify_potential_overload char *
2022+__NTH (strncat (char *__restrict const __clang_pass_object_size __dest,
2023+ const char *__restrict __src, size_t __len))
2024+ __warn_if_src_too_large (__dest, __src)
2025 {
2026 return __builtin___strncat_chk (__dest, __src, __len, __bos (__dest));
2027 }
2028
2029+#undef __warn_len_too_large
2030+#undef __size_too_small
2031+#undef __warn_if_dest_too_small
2032+#undef __warn_if_dest_too_small0
2033+#undef __warn_input_str_too_large
2034+#undef __warn_if_src_too_large
2035 #endif /* bits/string_fortified.h */
2036diff --git a/string/bits/strings_fortified.h b/string/bits/strings_fortified.h
2037index d4091f4f69..4d0cd02612 100644
2038--- a/string/bits/strings_fortified.h
2039+++ b/string/bits/strings_fortified.h
2040@@ -19,16 +19,40 @@
2041 #ifndef __STRINGS_FORTIFIED
2042 # define __STRINGS_FORTIFIED 1
2043
2044-__fortify_function void
2045-__NTH (bcopy (const void *__src, void *__dest, size_t __len))
2046+#define __strings_warn_len_too_large \
2047+ "function called with bigger length than the destination buffer"
2048+
2049+#define __strings_size_too_small(dest, len) \
2050+ (__bos0 (dest) != (size_t) -1 && __bos0 (dest) < len)
2051+
2052+__fortify_potential_overload void
2053+__NTH (bcopy (const void *__src, void *const __clang_pass_object_size0 __dest,
2054+ size_t __len))
2055+ __clang_warning_if (__strings_size_too_small (__dest, __len),
2056+ __strings_warn_len_too_large)
2057 {
2058- (void) __builtin___memmove_chk (__dest, __src, __len, __bos0 (__dest));
2059+ size_t __bos_dst = __bos0 (__dest);
2060+ if (__bos_dst == (size_t) -1 || (__builtin_constant_p (__len)
2061+ && __bos_dst >= __len))
2062+ (void) __builtin_memmove (__dest, __src, __len);
2063+ else
2064+ (void) __builtin___memmove_chk (__dest, __src, __len, __bos_dst);
2065 }
2066
2067-__fortify_function void
2068-__NTH (bzero (void *__dest, size_t __len))
2069+__fortify_potential_overload void
2070+__NTH (bzero (void *const __clang_pass_object_size0 __dest, size_t __len))
2071+ __clang_warning_if (__strings_size_too_small (__dest, __len),
2072+ __strings_warn_len_too_large)
2073 {
2074- (void) __builtin___memset_chk (__dest, '\0', __len, __bos0 (__dest));
2075+ size_t __bos_dst = __bos0 (__dest);
2076+ if (__bos_dst == (size_t) -1 || (__builtin_constant_p (__len)
2077+ && __bos_dst >= __len))
2078+ (void) __builtin_memset (__dest, '\0', __len);
2079+ else
2080+ (void) __builtin___memset_chk (__dest, '\0', __len, __bos_dst);
2081 }
2082
2083+
2084+#undef __strings_size_too_small
2085+#undef __strings_warn_len_too_large
2086 #endif
2087diff --git a/wcsmbs/bits/wchar2.h b/wcsmbs/bits/wchar2.h
2088index 86e8e23e76..1b0718119a 100644
2089--- a/wcsmbs/bits/wchar2.h
2090+++ b/wcsmbs/bits/wchar2.h
2091@@ -20,7 +20,6 @@
2092 # error "Never include <bits/wchar2.h> directly; use <wchar.h> instead."
2093 #endif
2094
2095-
2096 extern wchar_t *__wmemcpy_chk (wchar_t *__restrict __s1,
2097 const wchar_t *__restrict __s2, size_t __n,
2098 size_t __ns1) __THROW;
2099@@ -28,57 +27,42 @@ extern wchar_t *__REDIRECT_NTH (__wmemcpy_alias,
2100 (wchar_t *__restrict __s1,
2101 const wchar_t *__restrict __s2, size_t __n),
2102 wmemcpy);
2103-extern wchar_t *__REDIRECT_NTH (__wmemcpy_chk_warn,
2104- (wchar_t *__restrict __s1,
2105- const wchar_t *__restrict __s2, size_t __n,
2106- size_t __ns1), __wmemcpy_chk)
2107- __warnattr ("wmemcpy called with length bigger than size of destination "
2108- "buffer");
2109
2110-__fortify_function wchar_t *
2111-__NTH (wmemcpy (wchar_t *__restrict __s1, const wchar_t *__restrict __s2,
2112- size_t __n))
2113+__fortify_potential_overload wchar_t *
2114+__NTH (wmemcpy (wchar_t *__restrict const __clang_pass_object_size0 __s1,
2115+ const wchar_t *__restrict __s2, size_t __n))
2116+__FORTIFY_PRECONDITIONS
2117+ __FORTIFY_WARNING_ONLY_IF_BOS0_LT2 (__wmemcpy_warn, __n, __s1,
2118+ sizeof (wchar_t),
2119+ "wmemcpy called with length bigger "
2120+ "than size of destination buffer")
2121 {
2122- if (__bos0 (__s1) != (size_t) -1)
2123- {
2124- if (!__builtin_constant_p (__n))
2125- return __wmemcpy_chk (__s1, __s2, __n,
2126- __bos0 (__s1) / sizeof (wchar_t));
2127-
2128- if (__n > __bos0 (__s1) / sizeof (wchar_t))
2129- return __wmemcpy_chk_warn (__s1, __s2, __n,
2130- __bos0 (__s1) / sizeof (wchar_t));
2131- }
2132- return __wmemcpy_alias (__s1, __s2, __n);
2133+ if (__FORTIFY_CALL_CHK && __bos0 (__s1) != (size_t)-1)
2134+ return __wmemcpy_chk(__s1, __s2, __n, __bos0(__s1) / sizeof (wchar_t));
2135+ return __wmemcpy_alias(__s1, __s2, __n);
2136 }
2137-
2138+__FORTIFY_FUNCTION_END
2139
2140 extern wchar_t *__wmemmove_chk (wchar_t *__s1, const wchar_t *__s2,
2141 size_t __n, size_t __ns1) __THROW;
2142 extern wchar_t *__REDIRECT_NTH (__wmemmove_alias, (wchar_t *__s1,
2143 const wchar_t *__s2,
2144 size_t __n), wmemmove);
2145-extern wchar_t *__REDIRECT_NTH (__wmemmove_chk_warn,
2146- (wchar_t *__s1, const wchar_t *__s2,
2147- size_t __n, size_t __ns1), __wmemmove_chk)
2148- __warnattr ("wmemmove called with length bigger than size of destination "
2149- "buffer");
2150-
2151-__fortify_function wchar_t *
2152-__NTH (wmemmove (wchar_t *__s1, const wchar_t *__s2, size_t __n))
2153+
2154+__fortify_potential_overload wchar_t *
2155+__NTH (wmemmove (wchar_t *const __clang_pass_object_size0 __s1,
2156+ const wchar_t *__s2, size_t __n))
2157+__FORTIFY_PRECONDITIONS
2158+ __FORTIFY_WARNING_ONLY_IF_BOS0_LT2 (__wmemmove_warn, __n, __s1,
2159+ sizeof (wchar_t),
2160+ "wmemmove called with length bigger "
2161+ "than size of destination buffer")
2162 {
2163- if (__bos0 (__s1) != (size_t) -1)
2164- {
2165- if (!__builtin_constant_p (__n))
2166- return __wmemmove_chk (__s1, __s2, __n,
2167- __bos0 (__s1) / sizeof (wchar_t));
2168-
2169- if (__n > __bos0 (__s1) / sizeof (wchar_t))
2170- return __wmemmove_chk_warn (__s1, __s2, __n,
2171- __bos0 (__s1) / sizeof (wchar_t));
2172- }
2173+ if (__FORTIFY_CALL_CHK && __bos0 (__s1) != (size_t) -1)
2174+ return __wmemmove_chk (__s1, __s2, __n, __bos0 (__s1) / sizeof (wchar_t));
2175 return __wmemmove_alias (__s1, __s2, __n);
2176 }
2177+__FORTIFY_FUNCTION_END
2178
2179
2180 #ifdef __USE_GNU
2181@@ -89,29 +73,21 @@ extern wchar_t *__REDIRECT_NTH (__wmempcpy_alias,
2182 (wchar_t *__restrict __s1,
2183 const wchar_t *__restrict __s2,
2184 size_t __n), wmempcpy);
2185-extern wchar_t *__REDIRECT_NTH (__wmempcpy_chk_warn,
2186- (wchar_t *__restrict __s1,
2187- const wchar_t *__restrict __s2, size_t __n,
2188- size_t __ns1), __wmempcpy_chk)
2189- __warnattr ("wmempcpy called with length bigger than size of destination "
2190- "buffer");
2191-
2192-__fortify_function wchar_t *
2193-__NTH (wmempcpy (wchar_t *__restrict __s1, const wchar_t *__restrict __s2,
2194- size_t __n))
2195+
2196+__fortify_potential_overload wchar_t *
2197+__NTH(wmempcpy(wchar_t *__restrict const __clang_pass_object_size0 __s1,
2198+ const wchar_t *__restrict __s2, size_t __n))
2199+__FORTIFY_PRECONDITIONS
2200+ __FORTIFY_WARNING_ONLY_IF_BOS0_LT2 (__wmempcpy_warn, __n, __s1,
2201+ sizeof (wchar_t),
2202+ "wmempcpy called with length bigger "
2203+ "than size of destination buffer")
2204 {
2205- if (__bos0 (__s1) != (size_t) -1)
2206- {
2207- if (!__builtin_constant_p (__n))
2208- return __wmempcpy_chk (__s1, __s2, __n,
2209- __bos0 (__s1) / sizeof (wchar_t));
2210-
2211- if (__n > __bos0 (__s1) / sizeof (wchar_t))
2212- return __wmempcpy_chk_warn (__s1, __s2, __n,
2213- __bos0 (__s1) / sizeof (wchar_t));
2214- }
2215- return __wmempcpy_alias (__s1, __s2, __n);
2216+ if (__FORTIFY_CALL_CHK && __bos0 (__s1) != (size_t)-1)
2217+ return __wmempcpy_chk(__s1, __s2, __n, __bos0(__s1) / sizeof (wchar_t));
2218+ return __wmempcpy_alias(__s1, __s2, __n);
2219 }
2220+__FORTIFY_FUNCTION_END
2221 #endif
2222
2223
2224@@ -119,26 +95,21 @@ extern wchar_t *__wmemset_chk (wchar_t *__s, wchar_t __c, size_t __n,
2225 size_t __ns) __THROW;
2226 extern wchar_t *__REDIRECT_NTH (__wmemset_alias, (wchar_t *__s, wchar_t __c,
2227 size_t __n), wmemset);
2228-extern wchar_t *__REDIRECT_NTH (__wmemset_chk_warn,
2229- (wchar_t *__s, wchar_t __c, size_t __n,
2230- size_t __ns), __wmemset_chk)
2231- __warnattr ("wmemset called with length bigger than size of destination "
2232- "buffer");
2233-
2234-__fortify_function wchar_t *
2235-__NTH (wmemset (wchar_t *__s, wchar_t __c, size_t __n))
2236+
2237+__fortify_potential_overload wchar_t *
2238+__NTH (wmemset (wchar_t *const __clang_pass_object_size0 __s, wchar_t __c,
2239+ size_t __n))
2240+__FORTIFY_PRECONDITIONS
2241+ __FORTIFY_WARNING_ONLY_IF_BOS0_LT2 (__wmemset_warn, __n, __s,
2242+ sizeof (wchar_t),
2243+ "wmemset called with length bigger "
2244+ "than size of destination buffer")
2245 {
2246- if (__bos0 (__s) != (size_t) -1)
2247- {
2248- if (!__builtin_constant_p (__n))
2249- return __wmemset_chk (__s, __c, __n, __bos0 (__s) / sizeof (wchar_t));
2250-
2251- if (__n > __bos0 (__s) / sizeof (wchar_t))
2252- return __wmemset_chk_warn (__s, __c, __n,
2253- __bos0 (__s) / sizeof (wchar_t));
2254- }
2255+ if (__FORTIFY_CALL_CHK && __bos0 (__s) != (size_t) -1)
2256+ return __wmemset_chk (__s, __c, __n, __bos0 (__s) / sizeof (wchar_t));
2257 return __wmemset_alias (__s, __c, __n);
2258 }
2259+__FORTIFY_FUNCTION_END
2260
2261
2262 extern wchar_t *__wcscpy_chk (wchar_t *__restrict __dest,
2263@@ -148,8 +119,9 @@ extern wchar_t *__REDIRECT_NTH (__wcscpy_alias,
2264 (wchar_t *__restrict __dest,
2265 const wchar_t *__restrict __src), wcscpy);
2266
2267-__fortify_function wchar_t *
2268-__NTH (wcscpy (wchar_t *__restrict __dest, const wchar_t *__restrict __src))
2269+__fortify_potential_overload wchar_t *
2270+__NTH (wcscpy (wchar_t *__restrict const __clang_pass_object_size __dest,
2271+ const wchar_t *__restrict __src))
2272 {
2273 if (__bos (__dest) != (size_t) -1)
2274 return __wcscpy_chk (__dest, __src, __bos (__dest) / sizeof (wchar_t));
2275@@ -164,8 +136,9 @@ extern wchar_t *__REDIRECT_NTH (__wcpcpy_alias,
2276 (wchar_t *__restrict __dest,
2277 const wchar_t *__restrict __src), wcpcpy);
2278
2279-__fortify_function wchar_t *
2280-__NTH (wcpcpy (wchar_t *__restrict __dest, const wchar_t *__restrict __src))
2281+__fortify_potential_overload wchar_t *
2282+__NTH (wcpcpy (wchar_t *__restrict const __clang_pass_object_size __dest,
2283+ const wchar_t *__restrict __src))
2284 {
2285 if (__bos (__dest) != (size_t) -1)
2286 return __wcpcpy_chk (__dest, __src, __bos (__dest) / sizeof (wchar_t));
2287@@ -180,28 +153,22 @@ extern wchar_t *__REDIRECT_NTH (__wcsncpy_alias,
2288 (wchar_t *__restrict __dest,
2289 const wchar_t *__restrict __src,
2290 size_t __n), wcsncpy);
2291-extern wchar_t *__REDIRECT_NTH (__wcsncpy_chk_warn,
2292- (wchar_t *__restrict __dest,
2293- const wchar_t *__restrict __src,
2294- size_t __n, size_t __destlen), __wcsncpy_chk)
2295- __warnattr ("wcsncpy called with length bigger than size of destination "
2296- "buffer");
2297
2298-__fortify_function wchar_t *
2299-__NTH (wcsncpy (wchar_t *__restrict __dest, const wchar_t *__restrict __src,
2300- size_t __n))
2301+__fortify_potential_overload wchar_t *
2302+__NTH (wcsncpy (wchar_t *__restrict const __clang_pass_object_size __dest,
2303+ const wchar_t *__restrict __src, size_t __n))
2304+__FORTIFY_PRECONDITIONS
2305+ __FORTIFY_WARNING_ONLY_IF_BOS_LT2 (__wcsncpy_warn, __n, __dest,
2306+ sizeof (wchar_t),
2307+ "wcsncpy called with length bigger "
2308+ "than size of destination buffer")
2309 {
2310- if (__bos (__dest) != (size_t) -1)
2311- {
2312- if (!__builtin_constant_p (__n))
2313- return __wcsncpy_chk (__dest, __src, __n,
2314- __bos (__dest) / sizeof (wchar_t));
2315- if (__n > __bos (__dest) / sizeof (wchar_t))
2316- return __wcsncpy_chk_warn (__dest, __src, __n,
2317- __bos (__dest) / sizeof (wchar_t));
2318- }
2319+ if (__FORTIFY_CALL_CHK && __bos (__dest) != (size_t) -1)
2320+ return __wcsncpy_chk (__dest, __src, __n,
2321+ __bos (__dest) / sizeof (wchar_t));
2322 return __wcsncpy_alias (__dest, __src, __n);
2323 }
2324+__FORTIFY_FUNCTION_END
2325
2326
2327 extern wchar_t *__wcpncpy_chk (wchar_t *__restrict __dest,
2328@@ -211,29 +178,22 @@ extern wchar_t *__REDIRECT_NTH (__wcpncpy_alias,
2329 (wchar_t *__restrict __dest,
2330 const wchar_t *__restrict __src,
2331 size_t __n), wcpncpy);
2332-extern wchar_t *__REDIRECT_NTH (__wcpncpy_chk_warn,
2333- (wchar_t *__restrict __dest,
2334- const wchar_t *__restrict __src,
2335- size_t __n, size_t __destlen), __wcpncpy_chk)
2336- __warnattr ("wcpncpy called with length bigger than size of destination "
2337- "buffer");
2338
2339-__fortify_function wchar_t *
2340-__NTH (wcpncpy (wchar_t *__restrict __dest, const wchar_t *__restrict __src,
2341- size_t __n))
2342+__fortify_potential_overload wchar_t *
2343+__NTH (wcpncpy (wchar_t *__restrict const __clang_pass_object_size __dest,
2344+ const wchar_t *__restrict __src, size_t __n))
2345+__FORTIFY_PRECONDITIONS
2346+ __FORTIFY_WARNING_ONLY_IF_BOS_LT2 (__wcpncpy_warn, __n, __dest,
2347+ sizeof (wchar_t),
2348+ "wcpncpy called with length bigger "
2349+ "than size of destination buffer")
2350 {
2351- if (__bos (__dest) != (size_t) -1)
2352- {
2353- if (!__builtin_constant_p (__n))
2354- return __wcpncpy_chk (__dest, __src, __n,
2355- __bos (__dest) / sizeof (wchar_t));
2356- if (__n > __bos (__dest) / sizeof (wchar_t))
2357- return __wcpncpy_chk_warn (__dest, __src, __n,
2358- __bos (__dest) / sizeof (wchar_t));
2359- }
2360+ if (__FORTIFY_CALL_CHK && __bos (__dest) != (size_t) -1)
2361+ return __wcpncpy_chk (__dest, __src, __n,
2362+ __bos (__dest) / sizeof (wchar_t));
2363 return __wcpncpy_alias (__dest, __src, __n);
2364 }
2365-
2366+__FORTIFY_FUNCTION_END
2367
2368 extern wchar_t *__wcscat_chk (wchar_t *__restrict __dest,
2369 const wchar_t *__restrict __src,
2370@@ -242,8 +202,9 @@ extern wchar_t *__REDIRECT_NTH (__wcscat_alias,
2371 (wchar_t *__restrict __dest,
2372 const wchar_t *__restrict __src), wcscat);
2373
2374-__fortify_function wchar_t *
2375-__NTH (wcscat (wchar_t *__restrict __dest, const wchar_t *__restrict __src))
2376+__fortify_potential_overload wchar_t *
2377+__NTH (wcscat (wchar_t *__restrict const __clang_pass_object_size __dest,
2378+ const wchar_t *__restrict __src))
2379 {
2380 if (__bos (__dest) != (size_t) -1)
2381 return __wcscat_chk (__dest, __src, __bos (__dest) / sizeof (wchar_t));
2382@@ -259,9 +220,9 @@ extern wchar_t *__REDIRECT_NTH (__wcsncat_alias,
2383 const wchar_t *__restrict __src,
2384 size_t __n), wcsncat);
2385
2386-__fortify_function wchar_t *
2387-__NTH (wcsncat (wchar_t *__restrict __dest, const wchar_t *__restrict __src,
2388- size_t __n))
2389+__fortify_potential_overload wchar_t *
2390+__NTH (wcsncat (wchar_t *__restrict const __clang_pass_object_size __dest,
2391+ const wchar_t *__restrict __src, size_t __n))
2392 {
2393 if (__bos (__dest) != (size_t) -1)
2394 return __wcsncat_chk (__dest, __src, __n,
2395@@ -280,16 +241,34 @@ extern int __REDIRECT_NTH_LDBL (__swprintf_alias,
2396 const wchar_t *__restrict __fmt, ...),
2397 swprintf);
2398
2399-#ifdef __va_arg_pack
2400-__fortify_function int
2401-__NTH (swprintf (wchar_t *__restrict __s, size_t __n,
2402- const wchar_t *__restrict __fmt, ...))
2403+extern int __vswprintf_chk (wchar_t *__restrict __s, size_t __n,
2404+ int __flag, size_t __s_len,
2405+ const wchar_t *__restrict __format,
2406+ __gnuc_va_list __arg)
2407+ __THROW /* __attribute__ ((__format__ (__wprintf__, 5, 0))) */;
2408+
2409+extern int __REDIRECT_NTH_LDBL (__vswprintf_alias,
2410+ (wchar_t *__restrict __s, size_t __n,
2411+ const wchar_t *__restrict __fmt,
2412+ __gnuc_va_list __ap), vswprintf);
2413+
2414+#ifdef __FORTIFY_ARG_PACK_OK
2415+__fortify_potential_overload int
2416+__NTH (swprintf (wchar_t *__restrict const __clang_pass_object_size __s,
2417+ size_t __n, const wchar_t *__restrict __fmt, ...))
2418 {
2419+ __FORTIFY_INIT_ARG_PACK(__fmt);
2420+ int __result;
2421 if (__bos (__s) != (size_t) -1 || __USE_FORTIFY_LEVEL > 1)
2422- return __swprintf_chk (__s, __n, __USE_FORTIFY_LEVEL - 1,
2423- __bos (__s) / sizeof (wchar_t),
2424- __fmt, __va_arg_pack ());
2425- return __swprintf_alias (__s, __n, __fmt, __va_arg_pack ());
2426+ __result = __FORTIFY_CALL_VA_CHK(swprintf, __s, __n,
2427+ __USE_FORTIFY_LEVEL - 1,
2428+ __bos (__s) / sizeof (wchar_t), __fmt,
2429+ __FORTIFY_ARG_PACK);
2430+ else
2431+ __result = __FORTIFY_CALL_VA_ALIAS(swprintf, __s, __n, __fmt,
2432+ __FORTIFY_ARG_PACK);
2433+ __FORTIFY_FREE_ARG_PACK();
2434+ return __result;
2435 }
2436 #elif !defined __cplusplus
2437 /* XXX We might want to have support in gcc for swprintf. */
2438@@ -300,20 +279,10 @@ __NTH (swprintf (wchar_t *__restrict __s, size_t __n,
2439 : swprintf (s, n, __VA_ARGS__))
2440 #endif
2441
2442-extern int __vswprintf_chk (wchar_t *__restrict __s, size_t __n,
2443- int __flag, size_t __s_len,
2444- const wchar_t *__restrict __format,
2445- __gnuc_va_list __arg)
2446- __THROW /* __attribute__ ((__format__ (__wprintf__, 5, 0))) */;
2447-
2448-extern int __REDIRECT_NTH_LDBL (__vswprintf_alias,
2449- (wchar_t *__restrict __s, size_t __n,
2450- const wchar_t *__restrict __fmt,
2451- __gnuc_va_list __ap), vswprintf);
2452-
2453-__fortify_function int
2454-__NTH (vswprintf (wchar_t *__restrict __s, size_t __n,
2455- const wchar_t *__restrict __fmt, __gnuc_va_list __ap))
2456+__fortify_potential_overload int
2457+__NTH (vswprintf (wchar_t *__restrict const __clang_pass_object_size __s,
2458+ size_t __n, const wchar_t *__restrict __fmt,
2459+ __gnuc_va_list __ap))
2460 {
2461 if (__bos (__s) != (size_t) -1 || __USE_FORTIFY_LEVEL > 1)
2462 return __vswprintf_chk (__s, __n, __USE_FORTIFY_LEVEL - 1,
2463@@ -334,18 +303,27 @@ extern int __vfwprintf_chk (__FILE *__restrict __stream, int __flag,
2464 extern int __vwprintf_chk (int __flag, const wchar_t *__restrict __format,
2465 __gnuc_va_list __ap);
2466
2467-# ifdef __va_arg_pack
2468-__fortify_function int
2469-wprintf (const wchar_t *__restrict __fmt, ...)
2470+
2471+#ifdef __FORTIFY_ARG_PACK_OK
2472+__fortify_potential_overload int
2473+wprintf (const wchar_t *__restrict const __clang_pass_object_size __fmt, ...)
2474 {
2475- return __wprintf_chk (__USE_FORTIFY_LEVEL - 1, __fmt, __va_arg_pack ());
2476+ __FORTIFY_INIT_ARG_PACK(__fmt);
2477+ int __r = __FORTIFY_CALL_VA_CHK (wprintf, __USE_FORTIFY_LEVEL - 1, __fmt,
2478+ __FORTIFY_ARG_PACK);
2479+ __FORTIFY_FREE_ARG_PACK();
2480+ return __r;
2481 }
2482
2483-__fortify_function int
2484-fwprintf (__FILE *__restrict __stream, const wchar_t *__restrict __fmt, ...)
2485+__fortify_potential_overload int
2486+fwprintf (__FILE *__restrict const __clang_pass_object_size __stream,
2487+ const wchar_t *__restrict __fmt, ...)
2488 {
2489- return __fwprintf_chk (__stream, __USE_FORTIFY_LEVEL - 1, __fmt,
2490- __va_arg_pack ());
2491+ __FORTIFY_INIT_ARG_PACK(__fmt);
2492+ int __r = __FORTIFY_CALL_VA_CHK (fwprintf, __stream, __USE_FORTIFY_LEVEL - 1,
2493+ __fmt, __FORTIFY_ARG_PACK);
2494+ __FORTIFY_FREE_ARG_PACK();
2495+ return __r;
2496 }
2497 # elif !defined __cplusplus
2498 # define wprintf(...) \
2499@@ -354,14 +332,15 @@ fwprintf (__FILE *__restrict __stream, const wchar_t *__restrict __fmt, ...)
2500 __fwprintf_chk (stream, __USE_FORTIFY_LEVEL - 1, __VA_ARGS__)
2501 # endif
2502
2503-__fortify_function int
2504-vwprintf (const wchar_t *__restrict __fmt, __gnuc_va_list __ap)
2505+__fortify_potential_overload int
2506+vwprintf (const wchar_t *__restrict const __clang_pass_object_size __fmt,
2507+ __gnuc_va_list __ap)
2508 {
2509 return __vwprintf_chk (__USE_FORTIFY_LEVEL - 1, __fmt, __ap);
2510 }
2511
2512-__fortify_function int
2513-vfwprintf (__FILE *__restrict __stream,
2514+__fortify_potential_overload int
2515+vfwprintf (__FILE *__restrict const __clang_pass_object_size __stream,
2516 const wchar_t *__restrict __fmt, __gnuc_va_list __ap)
2517 {
2518 return __vfwprintf_chk (__stream, __USE_FORTIFY_LEVEL - 1, __fmt, __ap);
2519@@ -374,27 +353,21 @@ extern wchar_t *__fgetws_chk (wchar_t *__restrict __s, size_t __size, int __n,
2520 extern wchar_t *__REDIRECT (__fgetws_alias,
2521 (wchar_t *__restrict __s, int __n,
2522 __FILE *__restrict __stream), fgetws) __wur;
2523-extern wchar_t *__REDIRECT (__fgetws_chk_warn,
2524- (wchar_t *__restrict __s, size_t __size, int __n,
2525- __FILE *__restrict __stream), __fgetws_chk)
2526- __wur __warnattr ("fgetws called with bigger size than length "
2527- "of destination buffer");
2528-
2529-__fortify_function __wur wchar_t *
2530-fgetws (wchar_t *__restrict __s, int __n, __FILE *__restrict __stream)
2531-{
2532- if (__bos (__s) != (size_t) -1)
2533- {
2534- if (!__builtin_constant_p (__n) || __n <= 0)
2535- return __fgetws_chk (__s, __bos (__s) / sizeof (wchar_t),
2536- __n, __stream);
2537
2538- if ((size_t) __n > __bos (__s) / sizeof (wchar_t))
2539- return __fgetws_chk_warn (__s, __bos (__s) / sizeof (wchar_t),
2540- __n, __stream);
2541- }
2542+__fortify_potential_overload __wur wchar_t *
2543+fgetws (wchar_t *__restrict const __clang_pass_object_size __s, int __n,
2544+ __FILE *__restrict __stream)
2545+__FORTIFY_PRECONDITIONS
2546+ __FORTIFY_WARNING_ONLY_IF_BOS_LT2 (__fgetws_warn, __n, __s,
2547+ sizeof (wchar_t),
2548+ "fgetws called with length bigger "
2549+ "than size of destination buffer")
2550+{
2551+ if (__FORTIFY_CALL_CHK && __bos (__s) != (size_t) -1)
2552+ return __fgetws_chk (__s, __bos (__s) / sizeof (wchar_t), __n, __stream);
2553 return __fgetws_alias (__s, __n, __stream);
2554 }
2555+__FORTIFY_FUNCTION_END
2556
2557 #ifdef __USE_GNU
2558 extern wchar_t *__fgetws_unlocked_chk (wchar_t *__restrict __s, size_t __size,
2559@@ -404,28 +377,23 @@ extern wchar_t *__REDIRECT (__fgetws_unlocked_alias,
2560 (wchar_t *__restrict __s, int __n,
2561 __FILE *__restrict __stream), fgetws_unlocked)
2562 __wur;
2563-extern wchar_t *__REDIRECT (__fgetws_unlocked_chk_warn,
2564- (wchar_t *__restrict __s, size_t __size, int __n,
2565- __FILE *__restrict __stream),
2566- __fgetws_unlocked_chk)
2567- __wur __warnattr ("fgetws_unlocked called with bigger size than length "
2568- "of destination buffer");
2569-
2570-__fortify_function __wur wchar_t *
2571-fgetws_unlocked (wchar_t *__restrict __s, int __n, __FILE *__restrict __stream)
2572+
2573+__fortify_potential_overload __wur wchar_t *
2574+fgetws_unlocked (wchar_t *__restrict const __clang_pass_object_size __s,
2575+ int __n, __FILE *__restrict __stream)
2576+__FORTIFY_PRECONDITIONS
2577+ __FORTIFY_WARNING_IF (__fgetws_unlocked_warn,
2578+ __n > 0
2579+ && __bos_static_lt2 (__n, __s, sizeof (wchar_t)),
2580+ "fgetws_unlocked called with bigger size than "
2581+ "length of destination buffer")
2582 {
2583 if (__bos (__s) != (size_t) -1)
2584- {
2585- if (!__builtin_constant_p (__n) || __n <= 0)
2586- return __fgetws_unlocked_chk (__s, __bos (__s) / sizeof (wchar_t),
2587- __n, __stream);
2588-
2589- if ((size_t) __n > __bos (__s) / sizeof (wchar_t))
2590- return __fgetws_unlocked_chk_warn (__s, __bos (__s) / sizeof (wchar_t),
2591- __n, __stream);
2592- }
2593+ return __fgetws_unlocked_chk (__s, __bos (__s) / sizeof (wchar_t),
2594+ __n, __stream);
2595 return __fgetws_unlocked_alias (__s, __n, __stream);
2596 }
2597+__FORTIFY_FUNCTION_END
2598 #endif
2599
2600
2601@@ -436,9 +404,9 @@ extern size_t __REDIRECT_NTH (__wcrtomb_alias,
2602 (char *__restrict __s, wchar_t __wchar,
2603 mbstate_t *__restrict __ps), wcrtomb) __wur;
2604
2605-__fortify_function __wur size_t
2606-__NTH (wcrtomb (char *__restrict __s, wchar_t __wchar,
2607- mbstate_t *__restrict __ps))
2608+__fortify_potential_overload __wur size_t
2609+__NTH (wcrtomb (char *__restrict const __clang_pass_object_size __s,
2610+ wchar_t __wchar, mbstate_t *__restrict __ps))
2611 {
2612 /* We would have to include <limits.h> to get a definition of MB_LEN_MAX.
2613 But this would only disturb the namespace. So we define our own
2614@@ -462,30 +430,23 @@ extern size_t __REDIRECT_NTH (__mbsrtowcs_alias,
2615 const char **__restrict __src,
2616 size_t __len, mbstate_t *__restrict __ps),
2617 mbsrtowcs);
2618-extern size_t __REDIRECT_NTH (__mbsrtowcs_chk_warn,
2619- (wchar_t *__restrict __dst,
2620- const char **__restrict __src,
2621- size_t __len, mbstate_t *__restrict __ps,
2622- size_t __dstlen), __mbsrtowcs_chk)
2623- __warnattr ("mbsrtowcs called with dst buffer smaller than len "
2624- "* sizeof (wchar_t)");
2625
2626-__fortify_function size_t
2627-__NTH (mbsrtowcs (wchar_t *__restrict __dst, const char **__restrict __src,
2628- size_t __len, mbstate_t *__restrict __ps))
2629+__fortify_potential_overload size_t
2630+__NTH (mbsrtowcs (wchar_t *__restrict const __clang_pass_object_size __dst,
2631+ const char **__restrict __src, size_t __len,
2632+ mbstate_t *__restrict __ps))
2633+__FORTIFY_PRECONDITIONS
2634+ __FORTIFY_WARNING_ONLY_IF_BOS_LT2 (__mbsrtowcs_warn, __len, __dst,
2635+ sizeof (wchar_t),
2636+ "mbsrtowcs called with dst buffer "
2637+ "smaller than len * sizeof (wchar_t)")
2638 {
2639- if (__bos (__dst) != (size_t) -1)
2640- {
2641- if (!__builtin_constant_p (__len))
2642- return __mbsrtowcs_chk (__dst, __src, __len, __ps,
2643- __bos (__dst) / sizeof (wchar_t));
2644-
2645- if (__len > __bos (__dst) / sizeof (wchar_t))
2646- return __mbsrtowcs_chk_warn (__dst, __src, __len, __ps,
2647- __bos (__dst) / sizeof (wchar_t));
2648- }
2649+ if (__FORTIFY_CALL_CHK && __bos (__dst) != (size_t) -1)
2650+ return __mbsrtowcs_chk (__dst, __src, __len, __ps,
2651+ __bos (__dst) / sizeof (wchar_t));
2652 return __mbsrtowcs_alias (__dst, __src, __len, __ps);
2653 }
2654+__FORTIFY_FUNCTION_END
2655
2656
2657 extern size_t __wcsrtombs_chk (char *__restrict __dst,
2658@@ -497,27 +458,21 @@ extern size_t __REDIRECT_NTH (__wcsrtombs_alias,
2659 const wchar_t **__restrict __src,
2660 size_t __len, mbstate_t *__restrict __ps),
2661 wcsrtombs);
2662-extern size_t __REDIRECT_NTH (__wcsrtombs_chk_warn,
2663- (char *__restrict __dst,
2664- const wchar_t **__restrict __src,
2665- size_t __len, mbstate_t *__restrict __ps,
2666- size_t __dstlen), __wcsrtombs_chk)
2667- __warnattr ("wcsrtombs called with dst buffer smaller than len");
2668
2669-__fortify_function size_t
2670-__NTH (wcsrtombs (char *__restrict __dst, const wchar_t **__restrict __src,
2671- size_t __len, mbstate_t *__restrict __ps))
2672+__fortify_potential_overload size_t
2673+__NTH (wcsrtombs (char *__restrict const __clang_pass_object_size __dst,
2674+ const wchar_t **__restrict __src, size_t __len,
2675+ mbstate_t *__restrict __ps))
2676+__FORTIFY_PRECONDITIONS
2677+ __FORTIFY_WARNING_ONLY_IF_BOS_LT (__wcsrtombs_warn, __len, __dst,
2678+ "wcsrtombs called with dst buffer "
2679+ "smaller than len")
2680 {
2681- if (__bos (__dst) != (size_t) -1)
2682- {
2683- if (!__builtin_constant_p (__len))
2684- return __wcsrtombs_chk (__dst, __src, __len, __ps, __bos (__dst));
2685-
2686- if (__len > __bos (__dst))
2687- return __wcsrtombs_chk_warn (__dst, __src, __len, __ps, __bos (__dst));
2688- }
2689+ if (__FORTIFY_CALL_CHK && __bos (__dst) != (size_t) -1)
2690+ return __wcsrtombs_chk (__dst, __src, __len, __ps, __bos (__dst));
2691 return __wcsrtombs_alias (__dst, __src, __len, __ps);
2692 }
2693+__FORTIFY_FUNCTION_END
2694
2695
2696 #ifdef __USE_GNU
2697@@ -530,30 +485,23 @@ extern size_t __REDIRECT_NTH (__mbsnrtowcs_alias,
2698 const char **__restrict __src, size_t __nmc,
2699 size_t __len, mbstate_t *__restrict __ps),
2700 mbsnrtowcs);
2701-extern size_t __REDIRECT_NTH (__mbsnrtowcs_chk_warn,
2702- (wchar_t *__restrict __dst,
2703- const char **__restrict __src, size_t __nmc,
2704- size_t __len, mbstate_t *__restrict __ps,
2705- size_t __dstlen), __mbsnrtowcs_chk)
2706- __warnattr ("mbsnrtowcs called with dst buffer smaller than len "
2707- "* sizeof (wchar_t)");
2708
2709-__fortify_function size_t
2710-__NTH (mbsnrtowcs (wchar_t *__restrict __dst, const char **__restrict __src,
2711- size_t __nmc, size_t __len, mbstate_t *__restrict __ps))
2712+__fortify_potential_overload size_t
2713+__NTH (mbsnrtowcs (wchar_t *__restrict const __clang_pass_object_size __dst,
2714+ const char **__restrict __src, size_t __nmc, size_t __len,
2715+ mbstate_t *__restrict __ps))
2716+__FORTIFY_PRECONDITIONS
2717+ __FORTIFY_WARNING_ONLY_IF_BOS_LT (__mbsnrtowcs_warn,
2718+ sizeof (wchar_t) * __len, __dst,
2719+ "mbsnrtowcs called with dst buffer "
2720+ "smaller than len * sizeof (wchar_t)")
2721 {
2722- if (__bos (__dst) != (size_t) -1)
2723- {
2724- if (!__builtin_constant_p (__len))
2725- return __mbsnrtowcs_chk (__dst, __src, __nmc, __len, __ps,
2726- __bos (__dst) / sizeof (wchar_t));
2727-
2728- if (__len > __bos (__dst) / sizeof (wchar_t))
2729- return __mbsnrtowcs_chk_warn (__dst, __src, __nmc, __len, __ps,
2730- __bos (__dst) / sizeof (wchar_t));
2731- }
2732+ if (__FORTIFY_CALL_CHK && __bos (__dst) != (size_t) -1)
2733+ return __mbsnrtowcs_chk (__dst, __src, __nmc, __len, __ps,
2734+ __bos (__dst) / sizeof (wchar_t));
2735 return __mbsnrtowcs_alias (__dst, __src, __nmc, __len, __ps);
2736 }
2737+__FORTIFY_FUNCTION_END
2738
2739
2740 extern size_t __wcsnrtombs_chk (char *__restrict __dst,
2741@@ -566,28 +514,19 @@ extern size_t __REDIRECT_NTH (__wcsnrtombs_alias,
2742 const wchar_t **__restrict __src,
2743 size_t __nwc, size_t __len,
2744 mbstate_t *__restrict __ps), wcsnrtombs);
2745-extern size_t __REDIRECT_NTH (__wcsnrtombs_chk_warn,
2746- (char *__restrict __dst,
2747- const wchar_t **__restrict __src,
2748- size_t __nwc, size_t __len,
2749- mbstate_t *__restrict __ps,
2750- size_t __dstlen), __wcsnrtombs_chk)
2751- __warnattr ("wcsnrtombs called with dst buffer smaller than len");
2752
2753-__fortify_function size_t
2754-__NTH (wcsnrtombs (char *__restrict __dst, const wchar_t **__restrict __src,
2755- size_t __nwc, size_t __len, mbstate_t *__restrict __ps))
2756+__fortify_potential_overload size_t
2757+__NTH (wcsnrtombs (char *__restrict const __clang_pass_object_size __dst,
2758+ const wchar_t **__restrict __src, size_t __nwc, size_t __len,
2759+ mbstate_t *__restrict __ps))
2760+__FORTIFY_PRECONDITIONS
2761+ __FORTIFY_WARNING_ONLY_IF_BOS_LT (__wcsnrtombs_warn, __len, __dst,
2762+ "wcsnrtombs called with dst buffer "
2763+ "smaller than len")
2764 {
2765- if (__bos (__dst) != (size_t) -1)
2766- {
2767- if (!__builtin_constant_p (__len))
2768- return __wcsnrtombs_chk (__dst, __src, __nwc, __len, __ps,
2769- __bos (__dst));
2770-
2771- if (__len > __bos (__dst))
2772- return __wcsnrtombs_chk_warn (__dst, __src, __nwc, __len, __ps,
2773- __bos (__dst));
2774- }
2775+ if (__FORTIFY_CALL_CHK && __bos (__dst) != (size_t) -1)
2776+ return __wcsnrtombs_chk (__dst, __src, __nwc, __len, __ps, __bos (__dst));
2777 return __wcsnrtombs_alias (__dst, __src, __nwc, __len, __ps);
2778 }
2779+__FORTIFY_FUNCTION_END
2780 #endif
diff --git a/meta/recipes-core/glibc/glibc_2.31.bb b/meta/recipes-core/glibc/glibc_2.31.bb
index 3dec43e537..9f299a7bc3 100644
--- a/meta/recipes-core/glibc/glibc_2.31.bb
+++ b/meta/recipes-core/glibc/glibc_2.31.bb
@@ -40,7 +40,6 @@ SRC_URI = "${GLIBC_GIT_URI};branch=${SRCBRANCH};name=glibc \
40 file://0027-intl-Emit-no-lines-in-bison-generated-files.patch \ 40 file://0027-intl-Emit-no-lines-in-bison-generated-files.patch \
41 file://0028-inject-file-assembly-directives.patch \ 41 file://0028-inject-file-assembly-directives.patch \
42 file://0029-locale-prevent-maybe-uninitialized-errors-with-Os-BZ.patch \ 42 file://0029-locale-prevent-maybe-uninitialized-errors-with-Os-BZ.patch \
43 file://0030-Refactor-FORTIFY-in-glibc.patch \
44 " 43 "
45S = "${WORKDIR}/git" 44S = "${WORKDIR}/git"
46B = "${WORKDIR}/build-${TARGET_SYS}" 45B = "${WORKDIR}/build-${TARGET_SYS}"