diff options
Diffstat (limited to 'meta/recipes-core/glibc/glibc/0031-Refactor-FORTIFY-in-glibc.patch')
-rw-r--r-- | meta/recipes-core/glibc/glibc/0031-Refactor-FORTIFY-in-glibc.patch | 2780 |
1 files changed, 2780 insertions, 0 deletions
diff --git a/meta/recipes-core/glibc/glibc/0031-Refactor-FORTIFY-in-glibc.patch b/meta/recipes-core/glibc/glibc/0031-Refactor-FORTIFY-in-glibc.patch new file mode 100644 index 0000000000..fe10218c31 --- /dev/null +++ b/meta/recipes-core/glibc/glibc/0031-Refactor-FORTIFY-in-glibc.patch | |||
@@ -0,0 +1,2780 @@ | |||
1 | From 4a6f67ae2438c5e7f9cd627d5cf4a7148b9ad18d Mon Sep 17 00:00:00 2001 | ||
2 | From: George Burgess IV <gbiv@google.com> | ||
3 | Date: Sat, 11 Jan 2020 10:33:19 -0800 | ||
4 | Subject: [PATCH] Refactor FORTIFY in glibc | ||
5 | |||
6 | Upstream-Status: Submitted [https://sourceware.org/ml/libc-alpha/2017-09/msg00434.html] | ||
7 | |||
8 | Signed-off-by: George Burgess IV <gbiv@google.com> | ||
9 | Signed-off-by: Khem Raj <raj.khem@gmail.com> | ||
10 | --- | ||
11 | io/bits/fcntl2.h | 125 ++++++-- | ||
12 | io/bits/poll2.h | 54 ++-- | ||
13 | io/fcntl.h | 2 +- | ||
14 | libio/bits/stdio2.h | 303 +++++++++++--------- | ||
15 | misc/bits/syslog.h | 38 ++- | ||
16 | misc/sys/cdefs.h | 164 ++++++++++- | ||
17 | posix/bits/unistd.h | 366 ++++++++++-------------- | ||
18 | rt/bits/mqueue2.h | 44 ++- | ||
19 | rt/mqueue.h | 2 +- | ||
20 | socket/bits/socket2.h | 56 ++-- | ||
21 | stdlib/bits/stdlib.h | 117 ++++---- | ||
22 | string/bits/string_fortified.h | 136 ++++++--- | ||
23 | string/bits/strings_fortified.h | 36 ++- | ||
24 | wcsmbs/bits/wchar2.h | 487 ++++++++++++++------------------ | ||
25 | 14 files changed, 1093 insertions(+), 837 deletions(-) | ||
26 | |||
27 | --- a/io/bits/fcntl2.h | ||
28 | +++ b/io/bits/fcntl2.h | ||
29 | @@ -32,10 +32,28 @@ extern int __REDIRECT (__open_2, (const | ||
30 | extern int __REDIRECT (__open_alias, (const char *__path, int __oflag, ...), | ||
31 | open64) __nonnull ((1)); | ||
32 | #endif | ||
33 | -__errordecl (__open_too_many_args, | ||
34 | - "open can be called either with 2 or 3 arguments, not more"); | ||
35 | -__errordecl (__open_missing_mode, | ||
36 | - "open with O_CREAT or O_TMPFILE in second argument needs 3 arguments"); | ||
37 | + | ||
38 | +#define __warn_open_too_many_args \ | ||
39 | + "open can be called either with 2 or 3 arguments, not more" | ||
40 | +#define __warn_open_missing_mode \ | ||
41 | + "open with O_CREAT in second argument needs 3 arguments" | ||
42 | +#ifdef __use_clang_fortify | ||
43 | +__fortify_overload __clang_prefer_this_overload int | ||
44 | +open (const char *const __clang_pass_object_size __path, int __oflag) | ||
45 | + __clang_error_if (__OPEN_NEEDS_MODE (__oflag), __warn_open_missing_mode) | ||
46 | +{ | ||
47 | + return __open_2 (__path, __oflag); | ||
48 | +} | ||
49 | + | ||
50 | +__fortify_overload int | ||
51 | +open (const char *const __clang_pass_object_size __path, int __oflag, | ||
52 | + mode_t __mode) | ||
53 | +{ | ||
54 | + return __open_alias (__path, __oflag, __mode); | ||
55 | +} | ||
56 | +#else | ||
57 | +__errordecl (__open_too_many_args, __warn_open_too_many_args); | ||
58 | +__errordecl (__open_missing_mode, __warn_open_missing_mode); | ||
59 | |||
60 | __fortify_function int | ||
61 | open (const char *__path, int __oflag, ...) | ||
62 | @@ -58,16 +76,37 @@ open (const char *__path, int __oflag, . | ||
63 | |||
64 | return __open_alias (__path, __oflag, __va_arg_pack ()); | ||
65 | } | ||
66 | +#endif | ||
67 | +#undef __warn_open_too_many_args | ||
68 | +#undef __warn_open_missing_mode | ||
69 | |||
70 | |||
71 | #ifdef __USE_LARGEFILE64 | ||
72 | extern int __open64_2 (const char *__path, int __oflag) __nonnull ((1)); | ||
73 | extern int __REDIRECT (__open64_alias, (const char *__path, int __oflag, | ||
74 | ...), open64) __nonnull ((1)); | ||
75 | -__errordecl (__open64_too_many_args, | ||
76 | - "open64 can be called either with 2 or 3 arguments, not more"); | ||
77 | -__errordecl (__open64_missing_mode, | ||
78 | - "open64 with O_CREAT or O_TMPFILE in second argument needs 3 arguments"); | ||
79 | + | ||
80 | +# define __warn_open64_too_many_args \ | ||
81 | + "open64 can be called either with 2 or 3 arguments, not more" | ||
82 | +# define __warn_open64_missing_mode \ | ||
83 | + "open64 with O_CREAT in second argument needs 3 arguments" | ||
84 | +# ifdef __use_clang_fortify | ||
85 | +__fortify_overload __clang_prefer_this_overload int | ||
86 | +open64 (const char *const __clang_pass_object_size __path, int __oflag) | ||
87 | + __clang_error_if (__OPEN_NEEDS_MODE (__oflag), __warn_open64_missing_mode) | ||
88 | +{ | ||
89 | + return __open64_2 (__path, __oflag); | ||
90 | +} | ||
91 | + | ||
92 | +__fortify_overload __clang_prefer_this_overload int | ||
93 | +open64 (const char *const __clang_pass_object_size __path, int __oflag, | ||
94 | + int __mode) | ||
95 | +{ | ||
96 | + return __open64_alias (__path, __oflag, __mode); | ||
97 | +} | ||
98 | +# else | ||
99 | +__errordecl (__open64_too_many_args, __warn_open64_too_many_args); | ||
100 | +__errordecl (__open64_missing_mode, __warn_open64_missing_mode); | ||
101 | |||
102 | __fortify_function int | ||
103 | open64 (const char *__path, int __oflag, ...) | ||
104 | @@ -90,6 +129,9 @@ open64 (const char *__path, int __oflag, | ||
105 | |||
106 | return __open64_alias (__path, __oflag, __va_arg_pack ()); | ||
107 | } | ||
108 | +# endif | ||
109 | +# undef __warn_open64_too_many_args | ||
110 | +# undef __warn_open64_missing_mode | ||
111 | #endif | ||
112 | |||
113 | |||
114 | @@ -108,10 +150,32 @@ extern int __REDIRECT (__openat_alias, ( | ||
115 | int __oflag, ...), openat64) | ||
116 | __nonnull ((2)); | ||
117 | # endif | ||
118 | -__errordecl (__openat_too_many_args, | ||
119 | - "openat can be called either with 3 or 4 arguments, not more"); | ||
120 | -__errordecl (__openat_missing_mode, | ||
121 | - "openat with O_CREAT or O_TMPFILE in third argument needs 4 arguments"); | ||
122 | + | ||
123 | +# define __warn_openat_too_many_args "openat can be called either with 3 or " \ | ||
124 | + "4 arguments, not more" | ||
125 | +# define __warn_openat_missing_mode "openat with O_CREAT in third argument " \ | ||
126 | + "needs 4 arguments" | ||
127 | +# ifdef __use_clang_fortify | ||
128 | +__fortify_error_function __clang_error (__warn_openat_too_many_args) int | ||
129 | +openat (int __fd, const char *__path, int __oflag, int __mode, ...); | ||
130 | + | ||
131 | +__fortify_overload __clang_prefer_this_overload int | ||
132 | +openat (int __fd, const char *const __clang_pass_object_size __path, | ||
133 | + int __oflag) | ||
134 | + __clang_error_if (__OPEN_NEEDS_MODE (__oflag), __warn_openat_missing_mode) | ||
135 | +{ | ||
136 | + return __openat_2 (__fd, __path, __oflag); | ||
137 | +} | ||
138 | + | ||
139 | +__fortify_overload __clang_prefer_this_overload int | ||
140 | +openat (int __fd, const char *const __clang_pass_object_size __path, | ||
141 | + int __oflag, int __mode) | ||
142 | +{ | ||
143 | + return __openat_alias (__fd, __path, __oflag, __mode); | ||
144 | +} | ||
145 | +# else | ||
146 | +__errordecl (__openat_too_many_args, __warn_openat_too_many_args); | ||
147 | +__errordecl (__openat_missing_mode, __warn_openat_missing_mode); | ||
148 | |||
149 | __fortify_function int | ||
150 | openat (int __fd, const char *__path, int __oflag, ...) | ||
151 | @@ -134,6 +198,9 @@ openat (int __fd, const char *__path, in | ||
152 | |||
153 | return __openat_alias (__fd, __path, __oflag, __va_arg_pack ()); | ||
154 | } | ||
155 | +# endif | ||
156 | +# undef __warn_openat_too_many_args | ||
157 | +# undef __warn_openat_missing_mode | ||
158 | |||
159 | |||
160 | # ifdef __USE_LARGEFILE64 | ||
161 | @@ -142,11 +209,34 @@ extern int __openat64_2 (int __fd, const | ||
162 | extern int __REDIRECT (__openat64_alias, (int __fd, const char *__path, | ||
163 | int __oflag, ...), openat64) | ||
164 | __nonnull ((2)); | ||
165 | -__errordecl (__openat64_too_many_args, | ||
166 | - "openat64 can be called either with 3 or 4 arguments, not more"); | ||
167 | -__errordecl (__openat64_missing_mode, | ||
168 | - "openat64 with O_CREAT or O_TMPFILE in third argument needs 4 arguments"); | ||
169 | |||
170 | +# define __warn_openat64_too_many_args "openat64 can be called either with " \ | ||
171 | + "3 or 4 arguments, not more" | ||
172 | +# define __warn_openat64_missing_mode "openat64 with O_CREAT in third " \ | ||
173 | + "argument needs 4 arguments" | ||
174 | + | ||
175 | +# ifdef __use_clang_fortify | ||
176 | +__fortify_error_function __clang_error (__warn_openat64_too_many_args) int | ||
177 | +openat64 (int __fd, const char *__path, int __oflag, int __mode, ...); | ||
178 | + | ||
179 | +__fortify_overload __clang_prefer_this_overload int | ||
180 | +openat64 (int __fd, const char *const __clang_pass_object_size __path, | ||
181 | + int __oflag) | ||
182 | + __clang_error_if (__OPEN_NEEDS_MODE (__oflag), | ||
183 | + __warn_openat64_missing_mode) | ||
184 | +{ | ||
185 | + return __openat64_2 (__fd, __path, __oflag); | ||
186 | +} | ||
187 | + | ||
188 | +__fortify_overload __clang_prefer_this_overload int | ||
189 | +openat64 (int __fd, const char *const __clang_pass_object_size __path, | ||
190 | + int __oflag, int __mode) | ||
191 | +{ | ||
192 | + return __openat64_alias (__fd, __path, __oflag, __mode); | ||
193 | +} | ||
194 | +# else | ||
195 | +__errordecl (__openat64_too_many_args, __warn_openat64_too_many_args); | ||
196 | +__errordecl (__openat64_missing_mode, __warn_openat64_missing_mode); | ||
197 | __fortify_function int | ||
198 | openat64 (int __fd, const char *__path, int __oflag, ...) | ||
199 | { | ||
200 | @@ -168,5 +258,8 @@ openat64 (int __fd, const char *__path, | ||
201 | |||
202 | return __openat64_alias (__fd, __path, __oflag, __va_arg_pack ()); | ||
203 | } | ||
204 | +# endif | ||
205 | +# undef __warn_openat64_too_many_args | ||
206 | +# undef __warn_openat64_missing_mode | ||
207 | # endif | ||
208 | #endif | ||
209 | --- a/io/bits/poll2.h | ||
210 | +++ b/io/bits/poll2.h | ||
211 | @@ -27,25 +27,20 @@ extern int __REDIRECT (__poll_alias, (st | ||
212 | int __timeout), poll); | ||
213 | extern int __poll_chk (struct pollfd *__fds, nfds_t __nfds, int __timeout, | ||
214 | __SIZE_TYPE__ __fdslen); | ||
215 | -extern int __REDIRECT (__poll_chk_warn, (struct pollfd *__fds, nfds_t __nfds, | ||
216 | - int __timeout, __SIZE_TYPE__ __fdslen), | ||
217 | - __poll_chk) | ||
218 | - __warnattr ("poll called with fds buffer too small file nfds entries"); | ||
219 | |||
220 | -__fortify_function int | ||
221 | -poll (struct pollfd *__fds, nfds_t __nfds, int __timeout) | ||
222 | +__fortify_potential_overload int | ||
223 | +poll (struct pollfd *const __clang_pass_object_size __fds, nfds_t __nfds, | ||
224 | + int __timeout) | ||
225 | +__FORTIFY_PRECONDITIONS | ||
226 | + __FORTIFY_WARNING_ONLY_IF_BOS_LT2 (__poll_warn, __nfds, __fds, | ||
227 | + sizeof (*__fds), | ||
228 | + "poll called with fds buffer too small") | ||
229 | { | ||
230 | - if (__bos (__fds) != (__SIZE_TYPE__) -1) | ||
231 | - { | ||
232 | - if (! __builtin_constant_p (__nfds)) | ||
233 | - return __poll_chk (__fds, __nfds, __timeout, __bos (__fds)); | ||
234 | - else if (__bos (__fds) / sizeof (*__fds) < __nfds) | ||
235 | - return __poll_chk_warn (__fds, __nfds, __timeout, __bos (__fds)); | ||
236 | - } | ||
237 | - | ||
238 | + if (__FORTIFY_CALL_CHK && __bos (__fds) != (__SIZE_TYPE__) -1) | ||
239 | + return __poll_chk (__fds, __nfds, __timeout, __bos (__fds)); | ||
240 | return __poll_alias (__fds, __nfds, __timeout); | ||
241 | } | ||
242 | - | ||
243 | +__FORTIFY_FUNCTION_END | ||
244 | |||
245 | #ifdef __USE_GNU | ||
246 | extern int __REDIRECT (__ppoll_alias, (struct pollfd *__fds, nfds_t __nfds, | ||
247 | @@ -54,28 +49,21 @@ extern int __REDIRECT (__ppoll_alias, (s | ||
248 | extern int __ppoll_chk (struct pollfd *__fds, nfds_t __nfds, | ||
249 | const struct timespec *__timeout, | ||
250 | const __sigset_t *__ss, __SIZE_TYPE__ __fdslen); | ||
251 | -extern int __REDIRECT (__ppoll_chk_warn, (struct pollfd *__fds, nfds_t __nfds, | ||
252 | - const struct timespec *__timeout, | ||
253 | - const __sigset_t *__ss, | ||
254 | - __SIZE_TYPE__ __fdslen), | ||
255 | - __ppoll_chk) | ||
256 | - __warnattr ("ppoll called with fds buffer too small file nfds entries"); | ||
257 | |||
258 | -__fortify_function int | ||
259 | -ppoll (struct pollfd *__fds, nfds_t __nfds, const struct timespec *__timeout, | ||
260 | - const __sigset_t *__ss) | ||
261 | +__fortify_potential_overload int | ||
262 | +ppoll (struct pollfd *const __clang_pass_object_size __fds, nfds_t __nfds, | ||
263 | + const struct timespec *__timeout, const __sigset_t *__ss) | ||
264 | +__FORTIFY_PRECONDITIONS | ||
265 | + __FORTIFY_WARNING_ONLY_IF_BOS_LT2 (__ppoll_warn, __nfds, __fds, | ||
266 | + sizeof (*__fds), | ||
267 | + "ppoll called with fds buffer too " | ||
268 | + "small file nfds entries") | ||
269 | { | ||
270 | - if (__bos (__fds) != (__SIZE_TYPE__) -1) | ||
271 | - { | ||
272 | - if (! __builtin_constant_p (__nfds)) | ||
273 | - return __ppoll_chk (__fds, __nfds, __timeout, __ss, __bos (__fds)); | ||
274 | - else if (__bos (__fds) / sizeof (*__fds) < __nfds) | ||
275 | - return __ppoll_chk_warn (__fds, __nfds, __timeout, __ss, | ||
276 | - __bos (__fds)); | ||
277 | - } | ||
278 | - | ||
279 | + if (__FORTIFY_CALL_CHK && __bos (__fds) != (__SIZE_TYPE__) -1) | ||
280 | + return __ppoll_chk (__fds, __nfds, __timeout, __ss, __bos (__fds)); | ||
281 | return __ppoll_alias (__fds, __nfds, __timeout, __ss); | ||
282 | } | ||
283 | +__FORTIFY_FUNCTION_END | ||
284 | #endif | ||
285 | |||
286 | __END_DECLS | ||
287 | --- a/io/fcntl.h | ||
288 | +++ b/io/fcntl.h | ||
289 | @@ -325,7 +325,7 @@ extern int posix_fallocate64 (int __fd, | ||
290 | |||
291 | /* Define some inlines helping to catch common problems. */ | ||
292 | #if __USE_FORTIFY_LEVEL > 0 && defined __fortify_function \ | ||
293 | - && defined __va_arg_pack_len | ||
294 | + && (defined __va_arg_pack_len || defined __use_clang_fortify) | ||
295 | # include <bits/fcntl2.h> | ||
296 | #endif | ||
297 | |||
298 | --- a/libio/bits/stdio2.h | ||
299 | +++ b/libio/bits/stdio2.h | ||
300 | @@ -29,12 +29,23 @@ extern int __vsprintf_chk (char *__restr | ||
301 | const char *__restrict __format, | ||
302 | __gnuc_va_list __ap) __THROW; | ||
303 | |||
304 | -#ifdef __va_arg_pack | ||
305 | -__fortify_function int | ||
306 | -__NTH (sprintf (char *__restrict __s, const char *__restrict __fmt, ...)) | ||
307 | -{ | ||
308 | - return __builtin___sprintf_chk (__s, __USE_FORTIFY_LEVEL - 1, | ||
309 | - __bos (__s), __fmt, __va_arg_pack ()); | ||
310 | +#define __mul_may_overflow(size, n) \ | ||
311 | + ((size | n) >= (((size_t)1) << (8 * sizeof (size_t) / 2))) | ||
312 | + | ||
313 | +#ifdef __FORTIFY_ARG_PACK_OK | ||
314 | +/* clang doesn't have __va_arg_pack, so we need to defer to the va_arg versions | ||
315 | + of these functions. */ | ||
316 | +__fortify_potential_overload int | ||
317 | +__NTH (sprintf (char *__restrict const __clang_pass_object_size __s, | ||
318 | + const char *__restrict __fmt, ...)) | ||
319 | +{ | ||
320 | + __FORTIFY_INIT_ARG_PACK(__fmt); | ||
321 | + int __result = __FORTIFY_CALL_VA_BUILTIN (sprintf, __s, | ||
322 | + __USE_FORTIFY_LEVEL - 1, | ||
323 | + __bos (__s), __fmt, | ||
324 | + __FORTIFY_ARG_PACK); | ||
325 | + __FORTIFY_FREE_ARG_PACK(); | ||
326 | + return __result; | ||
327 | } | ||
328 | #elif !defined __cplusplus | ||
329 | # define sprintf(str, ...) \ | ||
330 | @@ -42,9 +53,9 @@ __NTH (sprintf (char *__restrict __s, co | ||
331 | __VA_ARGS__) | ||
332 | #endif | ||
333 | |||
334 | -__fortify_function int | ||
335 | -__NTH (vsprintf (char *__restrict __s, const char *__restrict __fmt, | ||
336 | - __gnuc_va_list __ap)) | ||
337 | +__fortify_potential_overload int | ||
338 | +__NTH (vsprintf (char *__restrict const __clang_pass_object_size __s, | ||
339 | + const char *__restrict __fmt, __gnuc_va_list __ap)) | ||
340 | { | ||
341 | return __builtin___vsprintf_chk (__s, __USE_FORTIFY_LEVEL - 1, | ||
342 | __bos (__s), __fmt, __ap); | ||
343 | @@ -59,13 +70,21 @@ extern int __vsnprintf_chk (char *__rest | ||
344 | size_t __slen, const char *__restrict __format, | ||
345 | __gnuc_va_list __ap) __THROW; | ||
346 | |||
347 | -# ifdef __va_arg_pack | ||
348 | -__fortify_function int | ||
349 | -__NTH (snprintf (char *__restrict __s, size_t __n, | ||
350 | - const char *__restrict __fmt, ...)) | ||
351 | -{ | ||
352 | - return __builtin___snprintf_chk (__s, __n, __USE_FORTIFY_LEVEL - 1, | ||
353 | - __bos (__s), __fmt, __va_arg_pack ()); | ||
354 | +# ifdef __FORTIFY_ARG_PACK_OK | ||
355 | +__fortify_potential_overload __attribute__ ((__format__ (__printf__, 3, 4))) int | ||
356 | +__NTH (snprintf (char *__restrict const __clang_pass_object_size __s, | ||
357 | + size_t __n, const char *__restrict __fmt, ...)) | ||
358 | + /* GCC's builtin will catch this, so we just need to cover clang here. */ | ||
359 | + __clang_warning_if (__bos_static_lt (__n, __s), | ||
360 | + "call to snprintf may overflow the destination buffer") | ||
361 | +{ | ||
362 | + __FORTIFY_INIT_ARG_PACK(__fmt); | ||
363 | + int __result = __FORTIFY_CALL_VA_BUILTIN (snprintf, __s, __n, | ||
364 | + __USE_FORTIFY_LEVEL - 1, | ||
365 | + __bos (__s), __fmt, | ||
366 | + __FORTIFY_ARG_PACK); | ||
367 | + __FORTIFY_FREE_ARG_PACK(); | ||
368 | + return __result; | ||
369 | } | ||
370 | # elif !defined __cplusplus | ||
371 | # define snprintf(str, len, ...) \ | ||
372 | @@ -73,9 +92,12 @@ __NTH (snprintf (char *__restrict __s, s | ||
373 | __VA_ARGS__) | ||
374 | # endif | ||
375 | |||
376 | -__fortify_function int | ||
377 | -__NTH (vsnprintf (char *__restrict __s, size_t __n, | ||
378 | - const char *__restrict __fmt, __gnuc_va_list __ap)) | ||
379 | +__fortify_potential_overload __attribute__ ((__format__ (__printf__, 3, 0))) int | ||
380 | +__NTH (vsnprintf (char *__restrict const __clang_pass_object_size __s, | ||
381 | + size_t __n, const char *__restrict __fmt, __gnuc_va_list __ap)) | ||
382 | + __clang_warning_if (__bos_static_lt (__n, __s), | ||
383 | + "call to vsnprintf may overflow the destination " | ||
384 | + "buffer") | ||
385 | { | ||
386 | return __builtin___vsnprintf_chk (__s, __n, __USE_FORTIFY_LEVEL - 1, | ||
387 | __bos (__s), __fmt, __ap); | ||
388 | @@ -93,18 +115,27 @@ extern int __vfprintf_chk (FILE *__restr | ||
389 | extern int __vprintf_chk (int __flag, const char *__restrict __format, | ||
390 | __gnuc_va_list __ap); | ||
391 | |||
392 | -# ifdef __va_arg_pack | ||
393 | -__fortify_function int | ||
394 | -fprintf (FILE *__restrict __stream, const char *__restrict __fmt, ...) | ||
395 | -{ | ||
396 | - return __fprintf_chk (__stream, __USE_FORTIFY_LEVEL - 1, __fmt, | ||
397 | - __va_arg_pack ()); | ||
398 | -} | ||
399 | - | ||
400 | -__fortify_function int | ||
401 | -printf (const char *__restrict __fmt, ...) | ||
402 | -{ | ||
403 | - return __printf_chk (__USE_FORTIFY_LEVEL - 1, __fmt, __va_arg_pack ()); | ||
404 | +# ifdef __FORTIFY_ARG_PACK_OK | ||
405 | +__fortify_potential_overload __attribute__ ((__format__ (__printf__, 2, 3))) int | ||
406 | +fprintf (FILE *__restrict const __clang_pass_object_size __stream, | ||
407 | + const char *__restrict __fmt, ...) | ||
408 | +{ | ||
409 | + __FORTIFY_INIT_ARG_PACK(__fmt); | ||
410 | + int __result = __FORTIFY_CALL_VA_CHK (fprintf, __stream, | ||
411 | + __USE_FORTIFY_LEVEL - 1, __fmt, | ||
412 | + __FORTIFY_ARG_PACK); | ||
413 | + __FORTIFY_FREE_ARG_PACK(); | ||
414 | + return __result; | ||
415 | +} | ||
416 | + | ||
417 | +__fortify_potential_overload __attribute__ ((__format__ (__printf__, 1, 2))) int | ||
418 | +printf (const char *__restrict const __clang_pass_object_size __fmt, ...) | ||
419 | +{ | ||
420 | + __FORTIFY_INIT_ARG_PACK(__fmt); | ||
421 | + int __result = __FORTIFY_CALL_VA_CHK (printf, __USE_FORTIFY_LEVEL - 1, __fmt, | ||
422 | + __FORTIFY_ARG_PACK); | ||
423 | + __FORTIFY_FREE_ARG_PACK(); | ||
424 | + return __result; | ||
425 | } | ||
426 | # elif !defined __cplusplus | ||
427 | # define printf(...) \ | ||
428 | @@ -113,8 +144,9 @@ printf (const char *__restrict __fmt, .. | ||
429 | __fprintf_chk (stream, __USE_FORTIFY_LEVEL - 1, __VA_ARGS__) | ||
430 | # endif | ||
431 | |||
432 | -__fortify_function int | ||
433 | -vprintf (const char *__restrict __fmt, __gnuc_va_list __ap) | ||
434 | +__fortify_potential_overload __attribute__ ((__format__ (__printf__, 1, 0))) int | ||
435 | +vprintf (const char *__restrict const __clang_pass_object_size __fmt, | ||
436 | + __gnuc_va_list __ap) | ||
437 | { | ||
438 | #ifdef __USE_EXTERN_INLINES | ||
439 | return __vfprintf_chk (stdout, __USE_FORTIFY_LEVEL - 1, __fmt, __ap); | ||
440 | @@ -122,9 +154,8 @@ vprintf (const char *__restrict __fmt, _ | ||
441 | return __vprintf_chk (__USE_FORTIFY_LEVEL - 1, __fmt, __ap); | ||
442 | #endif | ||
443 | } | ||
444 | - | ||
445 | -__fortify_function int | ||
446 | -vfprintf (FILE *__restrict __stream, | ||
447 | +__fortify_potential_overload __attribute__ ((__format__ (__printf__, 2, 0))) int | ||
448 | +vfprintf (FILE *__restrict const __clang_pass_object_size __stream, | ||
449 | const char *__restrict __fmt, __gnuc_va_list __ap) | ||
450 | { | ||
451 | return __vfprintf_chk (__stream, __USE_FORTIFY_LEVEL - 1, __fmt, __ap); | ||
452 | @@ -137,20 +168,26 @@ extern int __vdprintf_chk (int __fd, int | ||
453 | const char *__restrict __fmt, __gnuc_va_list __arg) | ||
454 | __attribute__ ((__format__ (__printf__, 3, 0))); | ||
455 | |||
456 | -# ifdef __va_arg_pack | ||
457 | -__fortify_function int | ||
458 | -dprintf (int __fd, const char *__restrict __fmt, ...) | ||
459 | -{ | ||
460 | - return __dprintf_chk (__fd, __USE_FORTIFY_LEVEL - 1, __fmt, | ||
461 | - __va_arg_pack ()); | ||
462 | +# ifdef __FORTIFY_ARG_PACK_OK | ||
463 | +__fortify_potential_overload __attribute__ ((__format__ (__printf__, 2, 3))) int | ||
464 | +dprintf (int __fd, const char *__restrict const __clang_pass_object_size __fmt, | ||
465 | + ...) | ||
466 | +{ | ||
467 | + __FORTIFY_INIT_ARG_PACK(__fmt); | ||
468 | + int __result = __FORTIFY_CALL_VA_CHK (dprintf, __fd, __USE_FORTIFY_LEVEL - 1, | ||
469 | + __fmt, __FORTIFY_ARG_PACK); | ||
470 | + __FORTIFY_FREE_ARG_PACK(); | ||
471 | + return __result; | ||
472 | } | ||
473 | # elif !defined __cplusplus | ||
474 | # define dprintf(fd, ...) \ | ||
475 | __dprintf_chk (fd, __USE_FORTIFY_LEVEL - 1, __VA_ARGS__) | ||
476 | # endif | ||
477 | |||
478 | -__fortify_function int | ||
479 | -vdprintf (int __fd, const char *__restrict __fmt, __gnuc_va_list __ap) | ||
480 | +__fortify_potential_overload __attribute__ ((__format__ (__printf__, 2, 0))) int | ||
481 | +vdprintf (int __fd, | ||
482 | + const char *__restrict const __clang_pass_object_size __fmt, | ||
483 | + __gnuc_va_list __ap) | ||
484 | { | ||
485 | return __vdprintf_chk (__fd, __USE_FORTIFY_LEVEL - 1, __fmt, __ap); | ||
486 | } | ||
487 | @@ -174,28 +211,49 @@ extern int __obstack_vprintf_chk (struct | ||
488 | __gnuc_va_list __args) | ||
489 | __THROW __attribute__ ((__format__ (__printf__, 3, 0))); | ||
490 | |||
491 | -# ifdef __va_arg_pack | ||
492 | -__fortify_function int | ||
493 | -__NTH (asprintf (char **__restrict __ptr, const char *__restrict __fmt, ...)) | ||
494 | -{ | ||
495 | - return __asprintf_chk (__ptr, __USE_FORTIFY_LEVEL - 1, __fmt, | ||
496 | - __va_arg_pack ()); | ||
497 | -} | ||
498 | - | ||
499 | -__fortify_function int | ||
500 | -__NTH (__asprintf (char **__restrict __ptr, const char *__restrict __fmt, | ||
501 | - ...)) | ||
502 | +# ifdef __FORTIFY_ARG_PACK_OK | ||
503 | +__fortify_potential_overload __attribute__ ((__format__ (__printf__, 2, 3))) | ||
504 | +__wur int | ||
505 | +__NTH (asprintf (char **__restrict const __clang_pass_object_size __ptr, | ||
506 | + const char *__restrict __fmt, ...)) | ||
507 | { | ||
508 | - return __asprintf_chk (__ptr, __USE_FORTIFY_LEVEL - 1, __fmt, | ||
509 | - __va_arg_pack ()); | ||
510 | -} | ||
511 | - | ||
512 | -__fortify_function int | ||
513 | -__NTH (obstack_printf (struct obstack *__restrict __obstack, | ||
514 | + __FORTIFY_INIT_ARG_PACK(__fmt); | ||
515 | + int __result = __FORTIFY_CALL_VA_CHK (asprintf, __ptr, | ||
516 | + __USE_FORTIFY_LEVEL - 1, __fmt, | ||
517 | + __FORTIFY_ARG_PACK); | ||
518 | + __FORTIFY_FREE_ARG_PACK(); | ||
519 | + return __result; | ||
520 | +} | ||
521 | + | ||
522 | +__fortify_potential_overload __attribute__ ((__format__ (__printf__, 2, 3))) | ||
523 | +__wur int | ||
524 | +__NTH (__asprintf (char **__restrict const __clang_pass_object_size __ptr, | ||
525 | + const char *__restrict __fmt, ...)) | ||
526 | +{ | ||
527 | + __FORTIFY_INIT_ARG_PACK(__fmt); | ||
528 | + int __result = __FORTIFY_CALL_VA_CHK (asprintf, __ptr, | ||
529 | + __USE_FORTIFY_LEVEL - 1, __fmt, | ||
530 | + __FORTIFY_ARG_PACK); | ||
531 | + __FORTIFY_FREE_ARG_PACK(); | ||
532 | + return __result; | ||
533 | +} | ||
534 | + | ||
535 | +__fortify_potential_overload __attribute__ ((__format__ (__printf__, 2, 3))) int | ||
536 | +__NTH (obstack_printf (struct obstack * | ||
537 | + __restrict const __clang_pass_object_size __obstack, | ||
538 | const char *__restrict __fmt, ...)) | ||
539 | { | ||
540 | - return __obstack_printf_chk (__obstack, __USE_FORTIFY_LEVEL - 1, __fmt, | ||
541 | - __va_arg_pack ()); | ||
542 | + __FORTIFY_INIT_ARG_PACK(__fmt); | ||
543 | + int __result = | ||
544 | +# ifdef __use_clang_fortify | ||
545 | + __obstack_vprintf_chk | ||
546 | +# else | ||
547 | + __obstack_printf_chk | ||
548 | +# endif | ||
549 | + (__obstack, __USE_FORTIFY_LEVEL - 1, __fmt, | ||
550 | + __FORTIFY_ARG_PACK); | ||
551 | + __FORTIFY_FREE_ARG_PACK(); | ||
552 | + return __result; | ||
553 | } | ||
554 | # elif !defined __cplusplus | ||
555 | # define asprintf(ptr, ...) \ | ||
556 | @@ -206,15 +264,17 @@ __NTH (obstack_printf (struct obstack *_ | ||
557 | __obstack_printf_chk (obstack, __USE_FORTIFY_LEVEL - 1, __VA_ARGS__) | ||
558 | # endif | ||
559 | |||
560 | -__fortify_function int | ||
561 | -__NTH (vasprintf (char **__restrict __ptr, const char *__restrict __fmt, | ||
562 | - __gnuc_va_list __ap)) | ||
563 | +__fortify_potential_overload __attribute__ ((__format__ (__printf__, 2, 0))) | ||
564 | +__wur int | ||
565 | +__NTH (vasprintf (char **__restrict const __clang_pass_object_size __ptr, | ||
566 | + const char *__restrict __fmt, __gnuc_va_list __ap)) | ||
567 | { | ||
568 | return __vasprintf_chk (__ptr, __USE_FORTIFY_LEVEL - 1, __fmt, __ap); | ||
569 | } | ||
570 | |||
571 | -__fortify_function int | ||
572 | -__NTH (obstack_vprintf (struct obstack *__restrict __obstack, | ||
573 | +__fortify_potential_overload __attribute__ ((__format__ (__printf__, 2, 0))) int | ||
574 | +__NTH (obstack_vprintf (struct obstack * | ||
575 | + __restrict const __clang_pass_object_size __obstack, | ||
576 | const char *__restrict __fmt, __gnuc_va_list __ap)) | ||
577 | { | ||
578 | return __obstack_vprintf_chk (__obstack, __USE_FORTIFY_LEVEL - 1, __fmt, | ||
579 | @@ -227,17 +287,20 @@ __NTH (obstack_vprintf (struct obstack * | ||
580 | |||
581 | #if __GLIBC_USE (DEPRECATED_GETS) | ||
582 | extern char *__gets_chk (char *__str, size_t) __wur; | ||
583 | -extern char *__REDIRECT (__gets_warn, (char *__str), gets) | ||
584 | - __wur __warnattr ("please use fgets or getline instead, gets can't " | ||
585 | - "specify buffer size"); | ||
586 | +extern char *__REDIRECT_NTH (__gets_alias, (char *__buf), gets) __wur; | ||
587 | |||
588 | -__fortify_function __wur char * | ||
589 | -gets (char *__str) | ||
590 | +__fortify_potential_overload __wur char * | ||
591 | +gets (char *const __clang_pass_object_size __str) | ||
592 | +__FORTIFY_PRECONDITIONS | ||
593 | + __FORTIFY_WARNING_IF (__gets_warn, __bos (__str) == (size_t) -1, | ||
594 | + "please use fgets or getline instead, gets can't " | ||
595 | + "specify buffer size") | ||
596 | { | ||
597 | if (__bos (__str) != (size_t) -1) | ||
598 | return __gets_chk (__str, __bos (__str)); | ||
599 | - return __gets_warn (__str); | ||
600 | + return __gets_alias (__str); | ||
601 | } | ||
602 | +__FORTIFY_FUNCTION_END | ||
603 | #endif | ||
604 | |||
605 | extern char *__fgets_chk (char *__restrict __s, size_t __size, int __n, | ||
606 | @@ -245,25 +308,20 @@ extern char *__fgets_chk (char *__restri | ||
607 | extern char *__REDIRECT (__fgets_alias, | ||
608 | (char *__restrict __s, int __n, | ||
609 | FILE *__restrict __stream), fgets) __wur; | ||
610 | -extern char *__REDIRECT (__fgets_chk_warn, | ||
611 | - (char *__restrict __s, size_t __size, int __n, | ||
612 | - FILE *__restrict __stream), __fgets_chk) | ||
613 | - __wur __warnattr ("fgets called with bigger size than length " | ||
614 | - "of destination buffer"); | ||
615 | |||
616 | -__fortify_function __wur char * | ||
617 | -fgets (char *__restrict __s, int __n, FILE *__restrict __stream) | ||
618 | +__fortify_potential_overload __wur char * | ||
619 | +fgets (char *__restrict const __clang_pass_object_size __s, int __n, | ||
620 | + FILE *__restrict __stream) | ||
621 | +__FORTIFY_PRECONDITIONS | ||
622 | + __FORTIFY_WARNING_IF (__fgets_warn, __bos_static_lt (__n, __s) && __n > 0, | ||
623 | + "fgets called with bigger size than length of " | ||
624 | + "destination buffer") | ||
625 | { | ||
626 | if (__bos (__s) != (size_t) -1) | ||
627 | - { | ||
628 | - if (!__builtin_constant_p (__n) || __n <= 0) | ||
629 | - return __fgets_chk (__s, __bos (__s), __n, __stream); | ||
630 | - | ||
631 | - if ((size_t) __n > __bos (__s)) | ||
632 | - return __fgets_chk_warn (__s, __bos (__s), __n, __stream); | ||
633 | - } | ||
634 | + return __fgets_chk (__s, __bos (__s), __n, __stream); | ||
635 | return __fgets_alias (__s, __n, __stream); | ||
636 | } | ||
637 | +__FORTIFY_FUNCTION_END | ||
638 | |||
639 | extern size_t __fread_chk (void *__restrict __ptr, size_t __ptrlen, | ||
640 | size_t __size, size_t __n, | ||
641 | @@ -272,30 +330,21 @@ extern size_t __REDIRECT (__fread_alias, | ||
642 | (void *__restrict __ptr, size_t __size, | ||
643 | size_t __n, FILE *__restrict __stream), | ||
644 | fread) __wur; | ||
645 | -extern size_t __REDIRECT (__fread_chk_warn, | ||
646 | - (void *__restrict __ptr, size_t __ptrlen, | ||
647 | - size_t __size, size_t __n, | ||
648 | - FILE *__restrict __stream), | ||
649 | - __fread_chk) | ||
650 | - __wur __warnattr ("fread called with bigger size * nmemb than length " | ||
651 | - "of destination buffer"); | ||
652 | |||
653 | -__fortify_function __wur size_t | ||
654 | -fread (void *__restrict __ptr, size_t __size, size_t __n, | ||
655 | - FILE *__restrict __stream) | ||
656 | +__fortify_potential_overload __wur size_t | ||
657 | +fread (void *__restrict const __clang_pass_object_size0 __ptr, size_t __size, | ||
658 | + size_t __n, FILE *__restrict __stream) | ||
659 | +__FORTIFY_PRECONDITIONS | ||
660 | + __FORTIFY_WARNING_IF (__fread_warn, __bos0_static_lt (__size * __n, __ptr) | ||
661 | + && !__mul_may_overflow (__size, __n), | ||
662 | + "fread called with bigger size * nmemb than length " | ||
663 | + "of destination buffer") | ||
664 | { | ||
665 | if (__bos0 (__ptr) != (size_t) -1) | ||
666 | - { | ||
667 | - if (!__builtin_constant_p (__size) | ||
668 | - || !__builtin_constant_p (__n) | ||
669 | - || (__size | __n) >= (((size_t) 1) << (8 * sizeof (size_t) / 2))) | ||
670 | - return __fread_chk (__ptr, __bos0 (__ptr), __size, __n, __stream); | ||
671 | - | ||
672 | - if (__size * __n > __bos0 (__ptr)) | ||
673 | - return __fread_chk_warn (__ptr, __bos0 (__ptr), __size, __n, __stream); | ||
674 | - } | ||
675 | + return __fread_chk (__ptr, __bos0 (__ptr), __size, __n, __stream); | ||
676 | return __fread_alias (__ptr, __size, __n, __stream); | ||
677 | } | ||
678 | +__FORTIFY_FUNCTION_END | ||
679 | |||
680 | #ifdef __USE_GNU | ||
681 | extern char *__fgets_unlocked_chk (char *__restrict __s, size_t __size, | ||
682 | @@ -303,25 +352,21 @@ extern char *__fgets_unlocked_chk (char | ||
683 | extern char *__REDIRECT (__fgets_unlocked_alias, | ||
684 | (char *__restrict __s, int __n, | ||
685 | FILE *__restrict __stream), fgets_unlocked) __wur; | ||
686 | -extern char *__REDIRECT (__fgets_unlocked_chk_warn, | ||
687 | - (char *__restrict __s, size_t __size, int __n, | ||
688 | - FILE *__restrict __stream), __fgets_unlocked_chk) | ||
689 | - __wur __warnattr ("fgets_unlocked called with bigger size than length " | ||
690 | - "of destination buffer"); | ||
691 | |||
692 | -__fortify_function __wur char * | ||
693 | -fgets_unlocked (char *__restrict __s, int __n, FILE *__restrict __stream) | ||
694 | +__fortify_potential_overload __wur char * | ||
695 | +fgets_unlocked (char *__restrict const __clang_pass_object_size __s, int __n, | ||
696 | + FILE *__restrict __stream) | ||
697 | +__FORTIFY_PRECONDITIONS | ||
698 | + __FORTIFY_WARNING_IF (__fgets_unlocked_warn, | ||
699 | + __bos_static_lt (__n, __s) && __n > 0, | ||
700 | + "fgets_unlocked called with bigger size than length " | ||
701 | + "of destination buffer") | ||
702 | { | ||
703 | if (__bos (__s) != (size_t) -1) | ||
704 | - { | ||
705 | - if (!__builtin_constant_p (__n) || __n <= 0) | ||
706 | - return __fgets_unlocked_chk (__s, __bos (__s), __n, __stream); | ||
707 | - | ||
708 | - if ((size_t) __n > __bos (__s)) | ||
709 | - return __fgets_unlocked_chk_warn (__s, __bos (__s), __n, __stream); | ||
710 | - } | ||
711 | + return __fgets_unlocked_chk (__s, __bos (__s), __n, __stream); | ||
712 | return __fgets_unlocked_alias (__s, __n, __stream); | ||
713 | } | ||
714 | +__FORTIFY_FUNCTION_END | ||
715 | #endif | ||
716 | |||
717 | #ifdef __USE_MISC | ||
718 | @@ -333,30 +378,19 @@ extern size_t __REDIRECT (__fread_unlock | ||
719 | (void *__restrict __ptr, size_t __size, | ||
720 | size_t __n, FILE *__restrict __stream), | ||
721 | fread_unlocked) __wur; | ||
722 | -extern size_t __REDIRECT (__fread_unlocked_chk_warn, | ||
723 | - (void *__restrict __ptr, size_t __ptrlen, | ||
724 | - size_t __size, size_t __n, | ||
725 | - FILE *__restrict __stream), | ||
726 | - __fread_unlocked_chk) | ||
727 | - __wur __warnattr ("fread_unlocked called with bigger size * nmemb than " | ||
728 | - "length of destination buffer"); | ||
729 | |||
730 | -__fortify_function __wur size_t | ||
731 | -fread_unlocked (void *__restrict __ptr, size_t __size, size_t __n, | ||
732 | - FILE *__restrict __stream) | ||
733 | +__fortify_potential_overload __wur size_t | ||
734 | +fread_unlocked (void *__restrict const __clang_pass_object_size0 __ptr, | ||
735 | + size_t __size, size_t __n, FILE *__restrict __stream) | ||
736 | +__FORTIFY_PRECONDITIONS | ||
737 | + __FORTIFY_WARNING_IF (__fread_unlocked_warn, | ||
738 | + __bos0_static_lt (__size * __n, __ptr) | ||
739 | + && !__mul_may_overflow(__size, __n), | ||
740 | + "fread_unlocked called with bigger size * n than " | ||
741 | + "length of destination buffer") | ||
742 | { | ||
743 | if (__bos0 (__ptr) != (size_t) -1) | ||
744 | - { | ||
745 | - if (!__builtin_constant_p (__size) | ||
746 | - || !__builtin_constant_p (__n) | ||
747 | - || (__size | __n) >= (((size_t) 1) << (8 * sizeof (size_t) / 2))) | ||
748 | - return __fread_unlocked_chk (__ptr, __bos0 (__ptr), __size, __n, | ||
749 | - __stream); | ||
750 | - | ||
751 | - if (__size * __n > __bos0 (__ptr)) | ||
752 | - return __fread_unlocked_chk_warn (__ptr, __bos0 (__ptr), __size, __n, | ||
753 | - __stream); | ||
754 | - } | ||
755 | + return __fread_unlocked_chk (__ptr, __bos0 (__ptr), __size, __n, __stream); | ||
756 | |||
757 | # ifdef __USE_EXTERN_INLINES | ||
758 | if (__builtin_constant_p (__size) | ||
759 | @@ -381,6 +415,7 @@ fread_unlocked (void *__restrict __ptr, | ||
760 | # endif | ||
761 | return __fread_unlocked_alias (__ptr, __size, __n, __stream); | ||
762 | } | ||
763 | +__FORTIFY_FUNCTION_END | ||
764 | #endif | ||
765 | - | ||
766 | +#undef __mul_may_overflow | ||
767 | #endif /* bits/stdio2.h. */ | ||
768 | --- a/misc/bits/syslog.h | ||
769 | +++ b/misc/bits/syslog.h | ||
770 | @@ -20,11 +20,34 @@ | ||
771 | # error "Never include <bits/syslog.h> directly; use <sys/syslog.h> instead." | ||
772 | #endif | ||
773 | |||
774 | +#ifdef __USE_MISC | ||
775 | +extern void __vsyslog_chk (int __pri, int __flag, const char *__fmt, | ||
776 | + __gnuc_va_list __ap) | ||
777 | + __attribute__ ((__format__ (__printf__, 3, 0))); | ||
778 | + | ||
779 | +__fortify_potential_overload __attribute__ ((__format__ (__printf__, 2, 0))) void | ||
780 | +vsyslog (int __pri, const char *const __clang_pass_object_size __fmt, | ||
781 | + __gnuc_va_list __ap) | ||
782 | +{ | ||
783 | + __vsyslog_chk (__pri, __USE_FORTIFY_LEVEL - 1, __fmt, __ap); | ||
784 | +} | ||
785 | +#endif | ||
786 | |||
787 | extern void __syslog_chk (int __pri, int __flag, const char *__fmt, ...) | ||
788 | __attribute__ ((__format__ (__printf__, 3, 4))); | ||
789 | |||
790 | -#ifdef __va_arg_pack | ||
791 | +#if defined __use_clang_fortify && __USE_MISC | ||
792 | +/* clang doesn't support __va_arg_pack, so this is only possible if we have | ||
793 | + vsyslog. */ | ||
794 | +__fortify_overload __attribute__ ((__format__ (__printf__, 2, 3))) void | ||
795 | +syslog (int __pri, const char *const __clang_pass_object_size __fmt, ...) | ||
796 | +{ | ||
797 | + __gnuc_va_list __ap; | ||
798 | + va_start (__ap, __fmt); | ||
799 | + __vsyslog_chk (__pri, __USE_FORTIFY_LEVEL - 1, __fmt, __ap); | ||
800 | + va_end (__ap); | ||
801 | +} | ||
802 | +#elif defined __va_arg_pack | ||
803 | __fortify_function void | ||
804 | syslog (int __pri, const char *__fmt, ...) | ||
805 | { | ||
806 | @@ -34,16 +57,3 @@ syslog (int __pri, const char *__fmt, .. | ||
807 | # define syslog(pri, ...) \ | ||
808 | __syslog_chk (pri, __USE_FORTIFY_LEVEL - 1, __VA_ARGS__) | ||
809 | #endif | ||
810 | - | ||
811 | - | ||
812 | -#ifdef __USE_MISC | ||
813 | -extern void __vsyslog_chk (int __pri, int __flag, const char *__fmt, | ||
814 | - __gnuc_va_list __ap) | ||
815 | - __attribute__ ((__format__ (__printf__, 3, 0))); | ||
816 | - | ||
817 | -__fortify_function void | ||
818 | -vsyslog (int __pri, const char *__fmt, __gnuc_va_list __ap) | ||
819 | -{ | ||
820 | - __vsyslog_chk (__pri, __USE_FORTIFY_LEVEL - 1, __fmt, __ap); | ||
821 | -} | ||
822 | -#endif | ||
823 | --- a/misc/sys/cdefs.h | ||
824 | +++ b/misc/sys/cdefs.h | ||
825 | @@ -118,11 +118,150 @@ | ||
826 | # define __END_DECLS | ||
827 | #endif | ||
828 | |||
829 | +#if defined __clang__ && defined __has_extension | ||
830 | +# define __clang_has_extension(x) __has_extension (x) | ||
831 | +#else | ||
832 | +# define __clang_has_extension(x) 0 | ||
833 | +#endif | ||
834 | |||
835 | /* Fortify support. */ | ||
836 | -#define __bos(ptr) __builtin_object_size (ptr, __USE_FORTIFY_LEVEL > 1) | ||
837 | +#define __fortify_function __extern_always_inline __attribute_artificial__ | ||
838 | +#if defined __clang__ && __USE_FORTIFY_LEVEL > 0 \ | ||
839 | + && !defined _CLANG_FORTIFY_DISABLE \ | ||
840 | + && __clang_has_extension(overloadable_unmarked) | ||
841 | +# define __use_clang_fortify 1 | ||
842 | +/* Clang-style FORTIFY creates a different symbol for each FORTIFY'ed function, | ||
843 | + whereas GCC-style doesn't. Thus, GCC can assume that the FORTIFY'ed | ||
844 | + function is always available externally, but clang can't. */ | ||
845 | +# define __attribute_overloadable__ __attribute__ ((__overloadable__)) | ||
846 | +# define __attribute_transparent_overload__ \ | ||
847 | + __attribute__ ((__overloadable__("transparent"))) | ||
848 | +# define __fortify_overload static __always_inline __attribute_overloadable__ | ||
849 | +/* For FORTIFY functions that exist only as decls. */ | ||
850 | +# define __fortify_error_function static __attribute_overloadable__ | ||
851 | +# define __clang_pass_object_size_n(n) __attribute__ ((pass_object_size (n))) | ||
852 | +# define __clang_warning(what) __attribute__ ((deprecated(what))) | ||
853 | +# define __clang_prefer_this_overload __attribute__ ((enable_if (1, ""))) | ||
854 | +# define __clang_warning_if(c, m) \ | ||
855 | + __attribute__ ((__diagnose_if__ ((c), (m), "warning"))) | ||
856 | +# define __clang_error(what) __attribute__ ((unavailable(what))) | ||
857 | +# define __clang_error_if(c, m) \ | ||
858 | + __attribute__ ((__diagnose_if__ ((c), (m), "error"))) | ||
859 | +# define __fortify_potential_overload __fortify_overload | ||
860 | +#else | ||
861 | +# define __fortify_potential_overload __fortify_function | ||
862 | +/* Some functions/decls can be shared between clang and non-clang FORTIFY. | ||
863 | + Turning these into nops makes that possible. */ | ||
864 | +# define __clang_pass_object_size_n(n) | ||
865 | +# define __attribute_overloadable__ | ||
866 | +# define __bos_n(ptr, n) __builtin_object_size (ptr, n) | ||
867 | +# define __clang_warning_if(c, m) | ||
868 | +# define __clang_error_if(c, m) | ||
869 | +#endif | ||
870 | + | ||
871 | +#define __bos_level (__USE_FORTIFY_LEVEL > 1) | ||
872 | +#define __bos(ptr) __builtin_object_size (ptr, __bos_level) | ||
873 | #define __bos0(ptr) __builtin_object_size (ptr, 0) | ||
874 | |||
875 | +#define __clang_pass_object_size0 __clang_pass_object_size_n (0) | ||
876 | +#define __clang_pass_object_size __clang_pass_object_size_n (__bos_level) | ||
877 | + | ||
878 | +/* Some of these macros are awkwardly written, and more repetitive than they'd | ||
879 | + ideally need to be. This is because both clang and gcc will emit 'note's | ||
880 | + about where these warnings originate from. For every macro that's expanded, | ||
881 | + the user sees a note that ultimately doesn't matter to them... */ | ||
882 | +#ifdef __use_clang_fortify | ||
883 | +# define __FORTIFY_PRECONDITIONS | ||
884 | +# define __FORTIFY_FUNCTION_END | ||
885 | +# define __FORTIFY_WARNING_IF(_, c, msg) __clang_warning_if(c, msg) | ||
886 | +/* __builtin_constant_p isn't needed: this is only used in constructs that | ||
887 | + must be fully evaluated at compile-time. */ | ||
888 | +# define __bos_static_lt_impl(bos_val, n, s) \ | ||
889 | + ((bos_val) != -1ULL && (n) > (bos_val) / (s)) | ||
890 | +# define __FORTIFY_CALL_CHK 1 | ||
891 | + | ||
892 | +# define __FORTIFY_BOSN_ARGS(bos_fn, n, buf, div, complaint) \ | ||
893 | + (__bos_static_lt_impl (bos_fn (buf), n, div)), (complaint), "warning" | ||
894 | + | ||
895 | +#define __FORTIFY_WARNING_ONLY_IF_BOS0_LT2(fn_name, n, buf, div, complaint) \ | ||
896 | + __attribute__ ((__diagnose_if__ \ | ||
897 | + (__FORTIFY_BOSN_ARGS (__bos0, n, buf, div, complaint)))) | ||
898 | +#define __FORTIFY_WARNING_ONLY_IF_BOS0_LT(fn_name, n, buf, complaint) \ | ||
899 | + __attribute__ ((__diagnose_if__ \ | ||
900 | + (__FORTIFY_BOSN_ARGS (__bos0, n, buf, 1, complaint)))) | ||
901 | +#define __FORTIFY_WARNING_ONLY_IF_BOS_LT2(fn_name, n, buf, div, complaint) \ | ||
902 | + __attribute__ ((__diagnose_if__ \ | ||
903 | + (__FORTIFY_BOSN_ARGS (__bos, n, buf, div, complaint)))) | ||
904 | +#define __FORTIFY_WARNING_ONLY_IF_BOS_LT(fn_name, n, buf, complaint) \ | ||
905 | + __attribute__ ((__diagnose_if__ \ | ||
906 | + (__FORTIFY_BOSN_ARGS (__bos, n, buf, 1, complaint)))) | ||
907 | +#else | ||
908 | +# define __FORTIFY_PRECONDITIONS { | ||
909 | +# define __FORTIFY_FUNCTION_END } | ||
910 | +/* __chk_fail was chosen arbitrarily. The function should never be called | ||
911 | + anyway; it just exists to be reachable after optimizations. */ | ||
912 | +# define __FORTIFY_DECLARE_WARNING_FUNCTION(name, msg) \ | ||
913 | + __attribute ((__warning__(msg))) \ | ||
914 | + extern void __REDIRECT_NTH (name, (void), __chk_fail) | ||
915 | + | ||
916 | +# define __FORTIFY_WARNING_IF_BEGIN(fn_name, cond, complaint, if_cond_true) \ | ||
917 | + { \ | ||
918 | + if (cond) { \ | ||
919 | + if_cond_true; \ | ||
920 | + __FORTIFY_DECLARE_WARNING_FUNCTION (fn_name, complaint); \ | ||
921 | + volatile char __t = 0; \ | ||
922 | + if (__glibc_unlikely (__t)) \ | ||
923 | + { | ||
924 | + | ||
925 | +# define __FORTIFY_WARNING_IF_END \ | ||
926 | + } \ | ||
927 | + } \ | ||
928 | + } | ||
929 | + | ||
930 | +# define __FORTIFY_WARNING_IF(err_fn, cond, complaint) \ | ||
931 | + __FORTIFY_WARNING_IF_BEGIN (err_fn, cond, complaint, (void)0) \ | ||
932 | + err_fn (); \ | ||
933 | + __FORTIFY_WARNING_IF_END | ||
934 | + | ||
935 | +# define __bos_static_lt_impl(bos_val, n, s) \ | ||
936 | + (__builtin_constant_p (n) && (bos_val) != -1ULL && (n) > (bos_val) / (s)) | ||
937 | + | ||
938 | +#define __FORTIFY_BOS_WARNING_BEGIN(fn_name, bos_fn, n, buf, div, complaint) \ | ||
939 | + char __need_dynamic_check = !__builtin_constant_p (n); \ | ||
940 | + __FORTIFY_WARNING_IF_BEGIN (fn_name, \ | ||
941 | + __bos_static_lt_impl (bos_fn (buf), n, div), \ | ||
942 | + complaint, (__need_dynamic_check = 1)) | ||
943 | + | ||
944 | +/* Duplicate this so that the fn_name call happens with the smallest possible | ||
945 | + macro "call stack". This minimizes diagnostics about expanding macros. */ | ||
946 | +#define __FORTIFY_WARNING_ONLY_IF_BOS0_LT2(err_fn, n, buf, div, complaint) \ | ||
947 | + __FORTIFY_BOS_WARNING_BEGIN (err_fn, __bos0, n, buf, div, complaint) \ | ||
948 | + err_fn (); \ | ||
949 | + __FORTIFY_WARNING_IF_END | ||
950 | + | ||
951 | +#define __FORTIFY_WARNING_ONLY_IF_BOS0_LT(err_fn, n, buf, complaint) \ | ||
952 | + __FORTIFY_BOS_WARNING_BEGIN (err_fn, __bos0, n, buf, 1, complaint) \ | ||
953 | + err_fn (); \ | ||
954 | + __FORTIFY_WARNING_IF_END | ||
955 | + | ||
956 | +#define __FORTIFY_WARNING_ONLY_IF_BOS_LT2(err_fn, n, buf, div, complaint) \ | ||
957 | + __FORTIFY_BOS_WARNING_BEGIN (err_fn, __bos, n, buf, div, complaint) \ | ||
958 | + err_fn (); \ | ||
959 | + __FORTIFY_WARNING_IF_END | ||
960 | + | ||
961 | +#define __FORTIFY_WARNING_ONLY_IF_BOS_LT(err_fn, n, buf, complaint) \ | ||
962 | + __FORTIFY_BOS_WARNING_BEGIN (err_fn, __bos, n, buf, 1, complaint) \ | ||
963 | + err_fn (); \ | ||
964 | + __FORTIFY_WARNING_IF_END | ||
965 | + | ||
966 | +# define __FORTIFY_CALL_CHK (__need_dynamic_check) | ||
967 | +#endif | ||
968 | + | ||
969 | +#define __bos_static_lt2(n, e, s) __bos_static_lt_impl (__bos (e), n, s) | ||
970 | +#define __bos_static_lt(n, e) __bos_static_lt2 (n, e, 1) | ||
971 | +#define __bos0_static_lt2(n, e, s) __bos_static_lt_impl (__bos0 (e), n, s) | ||
972 | +#define __bos0_static_lt(n, e) __bos0_static_lt2 (n, e, 1) | ||
973 | + | ||
974 | #if __GNUC_PREREQ (4,3) | ||
975 | # define __warndecl(name, msg) \ | ||
976 | extern void name (void) __attribute__((__warning__ (msg))) | ||
977 | @@ -363,6 +502,29 @@ | ||
978 | # define __va_arg_pack_len() __builtin_va_arg_pack_len () | ||
979 | #endif | ||
980 | |||
981 | +#if defined(__use_clang_fortify) | ||
982 | +/* clang doesn't support __va_arg_pack, so we need to call the v* version of | ||
983 | + FORTIFY'ed functions. */ | ||
984 | +#define __FORTIFY_ARG_PACK __fortify_ap | ||
985 | +#define __FORTIFY_INIT_ARG_PACK(va_arg) \ | ||
986 | + __gnuc_va_list __FORTIFY_ARG_PACK; \ | ||
987 | + va_start (__FORTIFY_ARG_PACK, va_arg) | ||
988 | +#define __FORTIFY_CALL_VA_ALIAS(fn, ...) __v##fn##_alias (__VA_ARGS__) | ||
989 | +#define __FORTIFY_CALL_VA_CHK(fn, ...) __v##fn##_chk (__VA_ARGS__) | ||
990 | +#define __FORTIFY_CALL_VA_BUILTIN(fn, ...) \ | ||
991 | + __builtin___v##fn##_chk (__VA_ARGS__) | ||
992 | +#define __FORTIFY_FREE_ARG_PACK() va_end (__FORTIFY_ARG_PACK) | ||
993 | +#define __FORTIFY_ARG_PACK_OK 1 | ||
994 | +#elif defined(__va_arg_pack) | ||
995 | +#define __FORTIFY_ARG_PACK __va_arg_pack () | ||
996 | +#define __FORTIFY_INIT_ARG_PACK(va_arg) | ||
997 | +#define __FORTIFY_CALL_VA_ALIAS(fn, ...) __##fn##_alias (__VA_ARGS__) | ||
998 | +#define __FORTIFY_CALL_VA_CHK(fn, ...) __##fn##_chk (__VA_ARGS__) | ||
999 | +#define __FORTIFY_CALL_VA_BUILTIN(fn, ...) __builtin___##fn##_chk (__VA_ARGS__) | ||
1000 | +#define __FORTIFY_FREE_ARG_PACK() | ||
1001 | +#define __FORTIFY_ARG_PACK_OK 1 | ||
1002 | +#endif | ||
1003 | + | ||
1004 | /* It is possible to compile containing GCC extensions even if GCC is | ||
1005 | run in pedantic mode if the uses are carefully marked using the | ||
1006 | `__extension__' keyword. But this is not generally available before | ||
1007 | --- a/posix/bits/unistd.h | ||
1008 | +++ b/posix/bits/unistd.h | ||
1009 | @@ -24,25 +24,19 @@ extern ssize_t __read_chk (int __fd, voi | ||
1010 | size_t __buflen) __wur; | ||
1011 | extern ssize_t __REDIRECT (__read_alias, (int __fd, void *__buf, | ||
1012 | size_t __nbytes), read) __wur; | ||
1013 | -extern ssize_t __REDIRECT (__read_chk_warn, | ||
1014 | - (int __fd, void *__buf, size_t __nbytes, | ||
1015 | - size_t __buflen), __read_chk) | ||
1016 | - __wur __warnattr ("read called with bigger length than size of " | ||
1017 | - "the destination buffer"); | ||
1018 | - | ||
1019 | -__fortify_function __wur ssize_t | ||
1020 | -read (int __fd, void *__buf, size_t __nbytes) | ||
1021 | -{ | ||
1022 | - if (__bos0 (__buf) != (size_t) -1) | ||
1023 | - { | ||
1024 | - if (!__builtin_constant_p (__nbytes)) | ||
1025 | - return __read_chk (__fd, __buf, __nbytes, __bos0 (__buf)); | ||
1026 | - | ||
1027 | - if (__nbytes > __bos0 (__buf)) | ||
1028 | - return __read_chk_warn (__fd, __buf, __nbytes, __bos0 (__buf)); | ||
1029 | - } | ||
1030 | + | ||
1031 | +__fortify_potential_overload __wur ssize_t | ||
1032 | +read (int __fd, void *const __clang_pass_object_size0 __buf, size_t __nbytes) | ||
1033 | +__FORTIFY_PRECONDITIONS | ||
1034 | + __FORTIFY_WARNING_ONLY_IF_BOS0_LT (__read_warn, __nbytes, __buf, | ||
1035 | + "read called with bigger length than " | ||
1036 | + "size of the destination buffer") | ||
1037 | +{ | ||
1038 | + if (__FORTIFY_CALL_CHK && __bos0 (__buf) != (size_t) -1) | ||
1039 | + return __read_chk (__fd, __buf, __nbytes, __bos0 (__buf)); | ||
1040 | return __read_alias (__fd, __buf, __nbytes); | ||
1041 | } | ||
1042 | +__FORTIFY_FUNCTION_END | ||
1043 | |||
1044 | #ifdef __USE_UNIX98 | ||
1045 | extern ssize_t __pread_chk (int __fd, void *__buf, size_t __nbytes, | ||
1046 | @@ -55,67 +49,49 @@ extern ssize_t __REDIRECT (__pread_alias | ||
1047 | extern ssize_t __REDIRECT (__pread64_alias, | ||
1048 | (int __fd, void *__buf, size_t __nbytes, | ||
1049 | __off64_t __offset), pread64) __wur; | ||
1050 | -extern ssize_t __REDIRECT (__pread_chk_warn, | ||
1051 | - (int __fd, void *__buf, size_t __nbytes, | ||
1052 | - __off_t __offset, size_t __bufsize), __pread_chk) | ||
1053 | - __wur __warnattr ("pread called with bigger length than size of " | ||
1054 | - "the destination buffer"); | ||
1055 | -extern ssize_t __REDIRECT (__pread64_chk_warn, | ||
1056 | - (int __fd, void *__buf, size_t __nbytes, | ||
1057 | - __off64_t __offset, size_t __bufsize), | ||
1058 | - __pread64_chk) | ||
1059 | - __wur __warnattr ("pread64 called with bigger length than size of " | ||
1060 | - "the destination buffer"); | ||
1061 | |||
1062 | # ifndef __USE_FILE_OFFSET64 | ||
1063 | -__fortify_function __wur ssize_t | ||
1064 | -pread (int __fd, void *__buf, size_t __nbytes, __off_t __offset) | ||
1065 | -{ | ||
1066 | - if (__bos0 (__buf) != (size_t) -1) | ||
1067 | - { | ||
1068 | - if (!__builtin_constant_p (__nbytes)) | ||
1069 | - return __pread_chk (__fd, __buf, __nbytes, __offset, __bos0 (__buf)); | ||
1070 | - | ||
1071 | - if ( __nbytes > __bos0 (__buf)) | ||
1072 | - return __pread_chk_warn (__fd, __buf, __nbytes, __offset, | ||
1073 | - __bos0 (__buf)); | ||
1074 | - } | ||
1075 | - return __pread_alias (__fd, __buf, __nbytes, __offset); | ||
1076 | -} | ||
1077 | +# define __fo_pread_chk __pread_chk | ||
1078 | +# define __fo_pread_alias __pread_alias | ||
1079 | +# define __fo_off_t __off_t | ||
1080 | # else | ||
1081 | -__fortify_function __wur ssize_t | ||
1082 | -pread (int __fd, void *__buf, size_t __nbytes, __off64_t __offset) | ||
1083 | -{ | ||
1084 | - if (__bos0 (__buf) != (size_t) -1) | ||
1085 | - { | ||
1086 | - if (!__builtin_constant_p (__nbytes)) | ||
1087 | - return __pread64_chk (__fd, __buf, __nbytes, __offset, __bos0 (__buf)); | ||
1088 | - | ||
1089 | - if ( __nbytes > __bos0 (__buf)) | ||
1090 | - return __pread64_chk_warn (__fd, __buf, __nbytes, __offset, | ||
1091 | - __bos0 (__buf)); | ||
1092 | - } | ||
1093 | - | ||
1094 | - return __pread64_alias (__fd, __buf, __nbytes, __offset); | ||
1095 | -} | ||
1096 | +# define __fo_pread_chk __pread64_chk | ||
1097 | +# define __fo_pread_alias __pread64_alias | ||
1098 | +# define __fo_off_t __off64_t | ||
1099 | # endif | ||
1100 | |||
1101 | +__fortify_potential_overload __wur ssize_t | ||
1102 | +pread (int __fd, void *const __clang_pass_object_size0 __buf, size_t __nbytes, | ||
1103 | + __fo_off_t __offset) | ||
1104 | +__FORTIFY_PRECONDITIONS | ||
1105 | + __FORTIFY_WARNING_ONLY_IF_BOS0_LT (__pread_chk_warn, __nbytes, __buf, | ||
1106 | + "pread called with bigger length than " | ||
1107 | + "size of the destination buffer") | ||
1108 | +{ | ||
1109 | + if (__FORTIFY_CALL_CHK && __bos0 (__buf) != (size_t) -1) | ||
1110 | + return __fo_pread_chk (__fd, __buf, __nbytes, __offset, __bos0 (__buf)); | ||
1111 | + return __fo_pread_alias (__fd, __buf, __nbytes, __offset); | ||
1112 | +} | ||
1113 | +__FORTIFY_FUNCTION_END | ||
1114 | + | ||
1115 | +#undef __fo_pread_chk | ||
1116 | +#undef __fo_pread_alias | ||
1117 | +#undef __fo_off_t | ||
1118 | + | ||
1119 | # ifdef __USE_LARGEFILE64 | ||
1120 | -__fortify_function __wur ssize_t | ||
1121 | -pread64 (int __fd, void *__buf, size_t __nbytes, __off64_t __offset) | ||
1122 | +__fortify_potential_overload __wur ssize_t | ||
1123 | +pread64 (int __fd, void *const __clang_pass_object_size0 __buf, | ||
1124 | + size_t __nbytes, __off64_t __offset) | ||
1125 | +__FORTIFY_PRECONDITIONS | ||
1126 | + __FORTIFY_WARNING_ONLY_IF_BOS0_LT (__pread64_warn, __nbytes, __buf, | ||
1127 | + "pread64 called with bigger length " | ||
1128 | + "than size of the destination buffer") | ||
1129 | { | ||
1130 | - if (__bos0 (__buf) != (size_t) -1) | ||
1131 | - { | ||
1132 | - if (!__builtin_constant_p (__nbytes)) | ||
1133 | - return __pread64_chk (__fd, __buf, __nbytes, __offset, __bos0 (__buf)); | ||
1134 | - | ||
1135 | - if ( __nbytes > __bos0 (__buf)) | ||
1136 | - return __pread64_chk_warn (__fd, __buf, __nbytes, __offset, | ||
1137 | - __bos0 (__buf)); | ||
1138 | - } | ||
1139 | - | ||
1140 | + if (__FORTIFY_CALL_CHK && __bos0 (__buf) != (size_t) -1) | ||
1141 | + return __pread64_chk (__fd, __buf, __nbytes, __offset, __bos0 (__buf)); | ||
1142 | return __pread64_alias (__fd, __buf, __nbytes, __offset); | ||
1143 | } | ||
1144 | +__FORTIFY_FUNCTION_END | ||
1145 | # endif | ||
1146 | #endif | ||
1147 | |||
1148 | @@ -128,27 +104,21 @@ extern ssize_t __REDIRECT_NTH (__readlin | ||
1149 | (const char *__restrict __path, | ||
1150 | char *__restrict __buf, size_t __len), readlink) | ||
1151 | __nonnull ((1, 2)) __wur; | ||
1152 | -extern ssize_t __REDIRECT_NTH (__readlink_chk_warn, | ||
1153 | - (const char *__restrict __path, | ||
1154 | - char *__restrict __buf, size_t __len, | ||
1155 | - size_t __buflen), __readlink_chk) | ||
1156 | - __nonnull ((1, 2)) __wur __warnattr ("readlink called with bigger length " | ||
1157 | - "than size of destination buffer"); | ||
1158 | |||
1159 | -__fortify_function __nonnull ((1, 2)) __wur ssize_t | ||
1160 | -__NTH (readlink (const char *__restrict __path, char *__restrict __buf, | ||
1161 | +__fortify_potential_overload __nonnull ((1, 2)) __wur ssize_t | ||
1162 | +__NTH (readlink (const char *__restrict __path, | ||
1163 | + char *__restrict const __clang_pass_object_size __buf, | ||
1164 | size_t __len)) | ||
1165 | +__FORTIFY_PRECONDITIONS | ||
1166 | + __FORTIFY_WARNING_ONLY_IF_BOS_LT (__readlink_warn, __len, __buf, | ||
1167 | + "readlink called with bigger length " | ||
1168 | + "than size of destination buffer") | ||
1169 | { | ||
1170 | - if (__bos (__buf) != (size_t) -1) | ||
1171 | - { | ||
1172 | - if (!__builtin_constant_p (__len)) | ||
1173 | - return __readlink_chk (__path, __buf, __len, __bos (__buf)); | ||
1174 | - | ||
1175 | - if ( __len > __bos (__buf)) | ||
1176 | - return __readlink_chk_warn (__path, __buf, __len, __bos (__buf)); | ||
1177 | - } | ||
1178 | + if (__FORTIFY_CALL_CHK && __bos (__buf) != (size_t) -1) | ||
1179 | + return __readlink_chk (__path, __buf, __len, __bos (__buf)); | ||
1180 | return __readlink_alias (__path, __buf, __len); | ||
1181 | } | ||
1182 | +__FORTIFY_FUNCTION_END | ||
1183 | #endif | ||
1184 | |||
1185 | #ifdef __USE_ATFILE | ||
1186 | @@ -161,119 +131,104 @@ extern ssize_t __REDIRECT_NTH (__readlin | ||
1187 | char *__restrict __buf, size_t __len), | ||
1188 | readlinkat) | ||
1189 | __nonnull ((2, 3)) __wur; | ||
1190 | -extern ssize_t __REDIRECT_NTH (__readlinkat_chk_warn, | ||
1191 | - (int __fd, const char *__restrict __path, | ||
1192 | - char *__restrict __buf, size_t __len, | ||
1193 | - size_t __buflen), __readlinkat_chk) | ||
1194 | - __nonnull ((2, 3)) __wur __warnattr ("readlinkat called with bigger " | ||
1195 | - "length than size of destination " | ||
1196 | - "buffer"); | ||
1197 | - | ||
1198 | -__fortify_function __nonnull ((2, 3)) __wur ssize_t | ||
1199 | -__NTH (readlinkat (int __fd, const char *__restrict __path, | ||
1200 | - char *__restrict __buf, size_t __len)) | ||
1201 | + | ||
1202 | +__fortify_potential_overload __nonnull ((2, 3)) __wur ssize_t | ||
1203 | +__NTH (readlinkat (int __fd, | ||
1204 | + const char *__restrict __path, | ||
1205 | + char *__restrict const __clang_pass_object_size __buf, | ||
1206 | + size_t __len)) | ||
1207 | +__FORTIFY_PRECONDITIONS | ||
1208 | + __FORTIFY_WARNING_ONLY_IF_BOS_LT (__readlinkat_warn, __len, __buf, | ||
1209 | + "readlinkat called with bigger length " | ||
1210 | + "than size of destination buffer") | ||
1211 | { | ||
1212 | - if (__bos (__buf) != (size_t) -1) | ||
1213 | - { | ||
1214 | - if (!__builtin_constant_p (__len)) | ||
1215 | - return __readlinkat_chk (__fd, __path, __buf, __len, __bos (__buf)); | ||
1216 | - | ||
1217 | - if (__len > __bos (__buf)) | ||
1218 | - return __readlinkat_chk_warn (__fd, __path, __buf, __len, | ||
1219 | - __bos (__buf)); | ||
1220 | - } | ||
1221 | + if (__FORTIFY_CALL_CHK && __bos (__buf) != (size_t) -1) | ||
1222 | + return __readlinkat_chk (__fd, __path, __buf, __len, __bos (__buf)); | ||
1223 | return __readlinkat_alias (__fd, __path, __buf, __len); | ||
1224 | } | ||
1225 | +__FORTIFY_FUNCTION_END | ||
1226 | #endif | ||
1227 | |||
1228 | extern char *__getcwd_chk (char *__buf, size_t __size, size_t __buflen) | ||
1229 | __THROW __wur; | ||
1230 | extern char *__REDIRECT_NTH (__getcwd_alias, | ||
1231 | (char *__buf, size_t __size), getcwd) __wur; | ||
1232 | -extern char *__REDIRECT_NTH (__getcwd_chk_warn, | ||
1233 | - (char *__buf, size_t __size, size_t __buflen), | ||
1234 | - __getcwd_chk) | ||
1235 | - __wur __warnattr ("getcwd caller with bigger length than size of " | ||
1236 | - "destination buffer"); | ||
1237 | |||
1238 | -__fortify_function __wur char * | ||
1239 | -__NTH (getcwd (char *__buf, size_t __size)) | ||
1240 | +__fortify_potential_overload __wur char * | ||
1241 | +__NTH (getcwd (char *const __clang_pass_object_size __buf, size_t __size)) | ||
1242 | +__FORTIFY_PRECONDITIONS | ||
1243 | + __FORTIFY_WARNING_ONLY_IF_BOS_LT (__getcwd_warn, __size, __buf, | ||
1244 | + "getcwd called with bigger length than " | ||
1245 | + "size of destination buffer") | ||
1246 | { | ||
1247 | - if (__bos (__buf) != (size_t) -1) | ||
1248 | - { | ||
1249 | - if (!__builtin_constant_p (__size)) | ||
1250 | - return __getcwd_chk (__buf, __size, __bos (__buf)); | ||
1251 | - | ||
1252 | - if (__size > __bos (__buf)) | ||
1253 | - return __getcwd_chk_warn (__buf, __size, __bos (__buf)); | ||
1254 | - } | ||
1255 | + if (__FORTIFY_CALL_CHK && __bos (__buf) != (size_t) -1) | ||
1256 | + return __getcwd_chk (__buf, __size, __bos (__buf)); | ||
1257 | return __getcwd_alias (__buf, __size); | ||
1258 | } | ||
1259 | +__FORTIFY_FUNCTION_END | ||
1260 | |||
1261 | #if defined __USE_MISC || defined __USE_XOPEN_EXTENDED | ||
1262 | +# define __warn_getwd_use_something_else \ | ||
1263 | + "please use getcwd instead, as getwd doesn't specify buffer size" | ||
1264 | + | ||
1265 | extern char *__getwd_chk (char *__buf, size_t buflen) | ||
1266 | __THROW __nonnull ((1)) __wur; | ||
1267 | extern char *__REDIRECT_NTH (__getwd_warn, (char *__buf), getwd) | ||
1268 | - __nonnull ((1)) __wur __warnattr ("please use getcwd instead, as getwd " | ||
1269 | - "doesn't specify buffer size"); | ||
1270 | + __nonnull ((1)) __wur __warnattr (__warn_getwd_use_something_else); | ||
1271 | + | ||
1272 | +extern char *__REDIRECT (__getwd_alias, (char *__str), getwd) __wur; | ||
1273 | |||
1274 | -__fortify_function __nonnull ((1)) __attribute_deprecated__ __wur char * | ||
1275 | -__NTH (getwd (char *__buf)) | ||
1276 | +__fortify_potential_overload __nonnull ((1)) __attribute_deprecated__ __wur | ||
1277 | +char * | ||
1278 | +__NTH (getwd (char *const __clang_pass_object_size __buf)) | ||
1279 | + __clang_warning_if (__bos (__buf) == (size_t) -1, | ||
1280 | + __warn_getwd_use_something_else) | ||
1281 | { | ||
1282 | if (__bos (__buf) != (size_t) -1) | ||
1283 | return __getwd_chk (__buf, __bos (__buf)); | ||
1284 | return __getwd_warn (__buf); | ||
1285 | } | ||
1286 | +# undef __warn_getwd_use_something_else | ||
1287 | #endif | ||
1288 | |||
1289 | extern size_t __confstr_chk (int __name, char *__buf, size_t __len, | ||
1290 | size_t __buflen) __THROW; | ||
1291 | extern size_t __REDIRECT_NTH (__confstr_alias, (int __name, char *__buf, | ||
1292 | size_t __len), confstr); | ||
1293 | -extern size_t __REDIRECT_NTH (__confstr_chk_warn, | ||
1294 | - (int __name, char *__buf, size_t __len, | ||
1295 | - size_t __buflen), __confstr_chk) | ||
1296 | - __warnattr ("confstr called with bigger length than size of destination " | ||
1297 | - "buffer"); | ||
1298 | |||
1299 | -__fortify_function size_t | ||
1300 | -__NTH (confstr (int __name, char *__buf, size_t __len)) | ||
1301 | +__fortify_potential_overload size_t | ||
1302 | +__NTH (confstr (int __name, char *const __clang_pass_object_size __buf, | ||
1303 | + size_t __len)) | ||
1304 | +__FORTIFY_PRECONDITIONS | ||
1305 | + __FORTIFY_WARNING_ONLY_IF_BOS_LT (__confstr_warn, __len, __buf, | ||
1306 | + "confstr called with bigger length than " | ||
1307 | + "size of destination buffer") | ||
1308 | { | ||
1309 | - if (__bos (__buf) != (size_t) -1) | ||
1310 | - { | ||
1311 | - if (!__builtin_constant_p (__len)) | ||
1312 | - return __confstr_chk (__name, __buf, __len, __bos (__buf)); | ||
1313 | - | ||
1314 | - if (__bos (__buf) < __len) | ||
1315 | - return __confstr_chk_warn (__name, __buf, __len, __bos (__buf)); | ||
1316 | - } | ||
1317 | + if (__FORTIFY_CALL_CHK && __bos (__buf) != (size_t) -1) | ||
1318 | + return __confstr_chk (__name, __buf, __len, __bos (__buf)); | ||
1319 | return __confstr_alias (__name, __buf, __len); | ||
1320 | } | ||
1321 | - | ||
1322 | +__FORTIFY_FUNCTION_END | ||
1323 | |||
1324 | extern int __getgroups_chk (int __size, __gid_t __list[], size_t __listlen) | ||
1325 | __THROW __wur; | ||
1326 | extern int __REDIRECT_NTH (__getgroups_alias, (int __size, __gid_t __list[]), | ||
1327 | getgroups) __wur; | ||
1328 | -extern int __REDIRECT_NTH (__getgroups_chk_warn, | ||
1329 | - (int __size, __gid_t __list[], size_t __listlen), | ||
1330 | - __getgroups_chk) | ||
1331 | - __wur __warnattr ("getgroups called with bigger group count than what " | ||
1332 | - "can fit into destination buffer"); | ||
1333 | - | ||
1334 | -__fortify_function int | ||
1335 | -__NTH (getgroups (int __size, __gid_t __list[])) | ||
1336 | -{ | ||
1337 | - if (__bos (__list) != (size_t) -1) | ||
1338 | - { | ||
1339 | - if (!__builtin_constant_p (__size) || __size < 0) | ||
1340 | - return __getgroups_chk (__size, __list, __bos (__list)); | ||
1341 | - | ||
1342 | - if (__size * sizeof (__gid_t) > __bos (__list)) | ||
1343 | - return __getgroups_chk_warn (__size, __list, __bos (__list)); | ||
1344 | - } | ||
1345 | + | ||
1346 | +__fortify_potential_overload int | ||
1347 | +__NTH (getgroups (int __size, __gid_t *const __clang_pass_object_size __list)) | ||
1348 | +__FORTIFY_PRECONDITIONS | ||
1349 | + __FORTIFY_WARNING_ONLY_IF_BOS_LT (__getgroups_warn, | ||
1350 | + __size * sizeof (__gid_t), __list, | ||
1351 | + "getgroups called with bigger group " | ||
1352 | + "count than what can fit into " | ||
1353 | + "destination buffer") | ||
1354 | +{ | ||
1355 | + if (__FORTIFY_CALL_CHK && __bos (__list) != (size_t) -1) | ||
1356 | + return __getgroups_chk (__size, __list, __bos (__list)); | ||
1357 | return __getgroups_alias (__size, __list); | ||
1358 | } | ||
1359 | +__FORTIFY_FUNCTION_END | ||
1360 | |||
1361 | |||
1362 | extern int __ttyname_r_chk (int __fd, char *__buf, size_t __buflen, | ||
1363 | @@ -287,19 +242,19 @@ extern int __REDIRECT_NTH (__ttyname_r_c | ||
1364 | __nonnull ((2)) __warnattr ("ttyname_r called with bigger buflen than " | ||
1365 | "size of destination buffer"); | ||
1366 | |||
1367 | -__fortify_function int | ||
1368 | -__NTH (ttyname_r (int __fd, char *__buf, size_t __buflen)) | ||
1369 | -{ | ||
1370 | - if (__bos (__buf) != (size_t) -1) | ||
1371 | - { | ||
1372 | - if (!__builtin_constant_p (__buflen)) | ||
1373 | - return __ttyname_r_chk (__fd, __buf, __buflen, __bos (__buf)); | ||
1374 | - | ||
1375 | - if (__buflen > __bos (__buf)) | ||
1376 | - return __ttyname_r_chk_warn (__fd, __buf, __buflen, __bos (__buf)); | ||
1377 | - } | ||
1378 | - return __ttyname_r_alias (__fd, __buf, __buflen); | ||
1379 | -} | ||
1380 | +__fortify_potential_overload int | ||
1381 | +__NTH (ttyname_r (int __fd, char *const __clang_pass_object_size __buf, | ||
1382 | + size_t __buflen)) | ||
1383 | +__FORTIFY_PRECONDITIONS | ||
1384 | + __FORTIFY_WARNING_ONLY_IF_BOS_LT (__ttyname_r_warn, __buflen, __buf, | ||
1385 | + "ttyname_r called with bigger buflen " | ||
1386 | + "than size of destination buffer") | ||
1387 | +{ | ||
1388 | + if (__FORTIFY_CALL_CHK && __bos (__buf) != (size_t) -1) | ||
1389 | + return __ttyname_r_chk (__fd, __buf, __buflen, __bos (__buf)); | ||
1390 | + return __ttyname_r_alias (__fd, __buf, __buflen); | ||
1391 | + } | ||
1392 | +__FORTIFY_FUNCTION_END | ||
1393 | |||
1394 | |||
1395 | #ifdef __USE_POSIX199506 | ||
1396 | @@ -307,25 +262,19 @@ extern int __getlogin_r_chk (char *__buf | ||
1397 | __nonnull ((1)); | ||
1398 | extern int __REDIRECT (__getlogin_r_alias, (char *__buf, size_t __buflen), | ||
1399 | getlogin_r) __nonnull ((1)); | ||
1400 | -extern int __REDIRECT (__getlogin_r_chk_warn, | ||
1401 | - (char *__buf, size_t __buflen, size_t __nreal), | ||
1402 | - __getlogin_r_chk) | ||
1403 | - __nonnull ((1)) __warnattr ("getlogin_r called with bigger buflen than " | ||
1404 | - "size of destination buffer"); | ||
1405 | |||
1406 | -__fortify_function int | ||
1407 | -getlogin_r (char *__buf, size_t __buflen) | ||
1408 | +__fortify_potential_overload int | ||
1409 | +getlogin_r (char *const __clang_pass_object_size __buf, size_t __buflen) | ||
1410 | +__FORTIFY_PRECONDITIONS | ||
1411 | + __FORTIFY_WARNING_ONLY_IF_BOS_LT (__getlogin_r_warn, __buflen, __buf, | ||
1412 | + "getlogin_r called with bigger buflen " | ||
1413 | + "than size of destination buffer") | ||
1414 | { | ||
1415 | - if (__bos (__buf) != (size_t) -1) | ||
1416 | - { | ||
1417 | - if (!__builtin_constant_p (__buflen)) | ||
1418 | - return __getlogin_r_chk (__buf, __buflen, __bos (__buf)); | ||
1419 | - | ||
1420 | - if (__buflen > __bos (__buf)) | ||
1421 | - return __getlogin_r_chk_warn (__buf, __buflen, __bos (__buf)); | ||
1422 | - } | ||
1423 | + if (__FORTIFY_CALL_CHK && __bos (__buf) != (size_t) -1) | ||
1424 | + return __getlogin_r_chk (__buf, __buflen, __bos (__buf)); | ||
1425 | return __getlogin_r_alias (__buf, __buflen); | ||
1426 | } | ||
1427 | +__FORTIFY_FUNCTION_END | ||
1428 | #endif | ||
1429 | |||
1430 | |||
1431 | @@ -334,25 +283,20 @@ extern int __gethostname_chk (char *__bu | ||
1432 | __THROW __nonnull ((1)); | ||
1433 | extern int __REDIRECT_NTH (__gethostname_alias, (char *__buf, size_t __buflen), | ||
1434 | gethostname) __nonnull ((1)); | ||
1435 | -extern int __REDIRECT_NTH (__gethostname_chk_warn, | ||
1436 | - (char *__buf, size_t __buflen, size_t __nreal), | ||
1437 | - __gethostname_chk) | ||
1438 | - __nonnull ((1)) __warnattr ("gethostname called with bigger buflen than " | ||
1439 | - "size of destination buffer"); | ||
1440 | |||
1441 | -__fortify_function int | ||
1442 | -__NTH (gethostname (char *__buf, size_t __buflen)) | ||
1443 | +__fortify_potential_overload int | ||
1444 | +__NTH (gethostname (char *const __clang_pass_object_size __buf, | ||
1445 | + size_t __buflen)) | ||
1446 | +__FORTIFY_PRECONDITIONS | ||
1447 | + __FORTIFY_WARNING_ONLY_IF_BOS_LT (__gethostname_warn, __buflen, __buf, | ||
1448 | + "gethostname called with bigger buflen " | ||
1449 | + "than size of destination buffer") | ||
1450 | { | ||
1451 | - if (__bos (__buf) != (size_t) -1) | ||
1452 | - { | ||
1453 | - if (!__builtin_constant_p (__buflen)) | ||
1454 | - return __gethostname_chk (__buf, __buflen, __bos (__buf)); | ||
1455 | - | ||
1456 | - if (__buflen > __bos (__buf)) | ||
1457 | - return __gethostname_chk_warn (__buf, __buflen, __bos (__buf)); | ||
1458 | - } | ||
1459 | + if (__FORTIFY_CALL_CHK && __bos (__buf) != (size_t) -1) | ||
1460 | + return __gethostname_chk (__buf, __buflen, __bos (__buf)); | ||
1461 | return __gethostname_alias (__buf, __buflen); | ||
1462 | } | ||
1463 | +__FORTIFY_FUNCTION_END | ||
1464 | #endif | ||
1465 | |||
1466 | |||
1467 | @@ -362,24 +306,18 @@ extern int __getdomainname_chk (char *__ | ||
1468 | extern int __REDIRECT_NTH (__getdomainname_alias, (char *__buf, | ||
1469 | size_t __buflen), | ||
1470 | getdomainname) __nonnull ((1)) __wur; | ||
1471 | -extern int __REDIRECT_NTH (__getdomainname_chk_warn, | ||
1472 | - (char *__buf, size_t __buflen, size_t __nreal), | ||
1473 | - __getdomainname_chk) | ||
1474 | - __nonnull ((1)) __wur __warnattr ("getdomainname called with bigger " | ||
1475 | - "buflen than size of destination " | ||
1476 | - "buffer"); | ||
1477 | |||
1478 | -__fortify_function int | ||
1479 | -__NTH (getdomainname (char *__buf, size_t __buflen)) | ||
1480 | +__fortify_potential_overload int | ||
1481 | +__NTH (getdomainname (char *const __clang_pass_object_size __buf, | ||
1482 | + size_t __buflen)) | ||
1483 | +__FORTIFY_PRECONDITIONS | ||
1484 | + __FORTIFY_WARNING_ONLY_IF_BOS_LT (__getdomainname_warn, __buflen, __buf, | ||
1485 | + "getdomainname called with bigger " | ||
1486 | + "buflen than size of destination buffer") | ||
1487 | { | ||
1488 | - if (__bos (__buf) != (size_t) -1) | ||
1489 | - { | ||
1490 | - if (!__builtin_constant_p (__buflen)) | ||
1491 | - return __getdomainname_chk (__buf, __buflen, __bos (__buf)); | ||
1492 | - | ||
1493 | - if (__buflen > __bos (__buf)) | ||
1494 | - return __getdomainname_chk_warn (__buf, __buflen, __bos (__buf)); | ||
1495 | - } | ||
1496 | + if (__FORTIFY_CALL_CHK && __bos (__buf) != (size_t) -1) | ||
1497 | + return __getdomainname_chk (__buf, __buflen, __bos (__buf)); | ||
1498 | return __getdomainname_alias (__buf, __buflen); | ||
1499 | } | ||
1500 | +__FORTIFY_FUNCTION_END | ||
1501 | #endif | ||
1502 | --- a/rt/bits/mqueue2.h | ||
1503 | +++ b/rt/bits/mqueue2.h | ||
1504 | @@ -29,10 +29,47 @@ extern mqd_t __mq_open_2 (const char *__ | ||
1505 | extern mqd_t __REDIRECT_NTH (__mq_open_alias, (const char *__name, | ||
1506 | int __oflag, ...), mq_open) | ||
1507 | __nonnull ((1)); | ||
1508 | + | ||
1509 | +#define __warn_mq_open_wrong_number_of_args "mq_open can be called either " \ | ||
1510 | + "with 2 or 4 arguments" | ||
1511 | +#define __warn_mq_open_missing_mode_and_attr "mq_open with O_CREAT in " \ | ||
1512 | + "second argument needs 4 arguments" | ||
1513 | +#ifdef __use_clang_fortify | ||
1514 | +__fortify_overload __clang_error (__warn_mq_open_wrong_number_of_args) mqd_t | ||
1515 | +__NTH (mq_open (const char *const __clang_pass_object_size __name, int __oflag, | ||
1516 | + int __mode)) | ||
1517 | +{ | ||
1518 | + return __mq_open_alias (__name, __oflag, __mode); | ||
1519 | +} | ||
1520 | + | ||
1521 | +__fortify_overload __clang_error (__warn_mq_open_wrong_number_of_args) | ||
1522 | +mqd_t | ||
1523 | +__NTH (mq_open (const char *const __clang_pass_object_size __name, int __oflag, | ||
1524 | + int __mode, struct mq_attr *__attr, ...)) | ||
1525 | +{ | ||
1526 | + return __mq_open_alias (__name, __oflag, __mode, __attr); | ||
1527 | +} | ||
1528 | + | ||
1529 | +__fortify_overload __clang_prefer_this_overload mqd_t | ||
1530 | +__NTH (mq_open (const char *const __clang_pass_object_size __name, | ||
1531 | + int __oflag)) | ||
1532 | + __clang_error_if ((__oflag & O_CREAT), | ||
1533 | + __warn_mq_open_missing_mode_and_attr) | ||
1534 | +{ | ||
1535 | + return __mq_open_alias (__name, __oflag); | ||
1536 | +} | ||
1537 | + | ||
1538 | +__fortify_overload __clang_prefer_this_overload mqd_t | ||
1539 | +__NTH (mq_open (const char *const __clang_pass_object_size __name, int __oflag, | ||
1540 | + int __mode, struct mq_attr *__attr)) | ||
1541 | +{ | ||
1542 | + return __mq_open_alias (__name, __oflag, __mode, __attr); | ||
1543 | +} | ||
1544 | +#else | ||
1545 | __errordecl (__mq_open_wrong_number_of_args, | ||
1546 | - "mq_open can be called either with 2 or 4 arguments"); | ||
1547 | + __warn_mq_open_wrong_number_of_args); | ||
1548 | __errordecl (__mq_open_missing_mode_and_attr, | ||
1549 | - "mq_open with O_CREAT in second argument needs 4 arguments"); | ||
1550 | + __warn_mq_open_missing_mode_and_attr); | ||
1551 | |||
1552 | __fortify_function mqd_t | ||
1553 | __NTH (mq_open (const char *__name, int __oflag, ...)) | ||
1554 | @@ -55,3 +92,6 @@ __NTH (mq_open (const char *__name, int | ||
1555 | |||
1556 | return __mq_open_alias (__name, __oflag, __va_arg_pack ()); | ||
1557 | } | ||
1558 | +#endif | ||
1559 | +#undef __warn_mq_open_wrong_number_of_args | ||
1560 | +#undef __warn_mq_open_missing_mode_and_attr | ||
1561 | --- a/rt/mqueue.h | ||
1562 | +++ b/rt/mqueue.h | ||
1563 | @@ -89,7 +89,7 @@ extern int mq_timedsend (mqd_t __mqdes, | ||
1564 | |||
1565 | /* Define some inlines helping to catch common problems. */ | ||
1566 | #if __USE_FORTIFY_LEVEL > 0 && defined __fortify_function \ | ||
1567 | - && defined __va_arg_pack_len | ||
1568 | + && (defined __va_arg_pack_len || defined __use_clang_fortify) | ||
1569 | # include <bits/mqueue2.h> | ||
1570 | #endif | ||
1571 | |||
1572 | --- a/socket/bits/socket2.h | ||
1573 | +++ b/socket/bits/socket2.h | ||
1574 | @@ -24,25 +24,20 @@ extern ssize_t __recv_chk (int __fd, voi | ||
1575 | int __flags); | ||
1576 | extern ssize_t __REDIRECT (__recv_alias, (int __fd, void *__buf, size_t __n, | ||
1577 | int __flags), recv); | ||
1578 | -extern ssize_t __REDIRECT (__recv_chk_warn, | ||
1579 | - (int __fd, void *__buf, size_t __n, size_t __buflen, | ||
1580 | - int __flags), __recv_chk) | ||
1581 | - __warnattr ("recv called with bigger length than size of destination " | ||
1582 | - "buffer"); | ||
1583 | |||
1584 | -__fortify_function ssize_t | ||
1585 | -recv (int __fd, void *__buf, size_t __n, int __flags) | ||
1586 | +__fortify_potential_overload ssize_t | ||
1587 | +recv (int __fd, void *const __clang_pass_object_size0 __buf, size_t __n, | ||
1588 | + int __flags) | ||
1589 | +__FORTIFY_PRECONDITIONS | ||
1590 | + __FORTIFY_WARNING_ONLY_IF_BOS0_LT (__recv_warn, __n, __buf, | ||
1591 | + "recv called with bigger length than " | ||
1592 | + "size of destination buffer") | ||
1593 | { | ||
1594 | - if (__bos0 (__buf) != (size_t) -1) | ||
1595 | - { | ||
1596 | - if (!__builtin_constant_p (__n)) | ||
1597 | - return __recv_chk (__fd, __buf, __n, __bos0 (__buf), __flags); | ||
1598 | - | ||
1599 | - if (__n > __bos0 (__buf)) | ||
1600 | - return __recv_chk_warn (__fd, __buf, __n, __bos0 (__buf), __flags); | ||
1601 | - } | ||
1602 | + if (__FORTIFY_CALL_CHK && __bos0 (__buf) != (size_t) -1) | ||
1603 | + return __recv_chk (__fd, __buf, __n, __bos0 (__buf), __flags); | ||
1604 | return __recv_alias (__fd, __buf, __n, __flags); | ||
1605 | } | ||
1606 | +__FORTIFY_FUNCTION_END | ||
1607 | |||
1608 | extern ssize_t __recvfrom_chk (int __fd, void *__restrict __buf, size_t __n, | ||
1609 | size_t __buflen, int __flags, | ||
1610 | @@ -52,26 +47,19 @@ extern ssize_t __REDIRECT (__recvfrom_al | ||
1611 | (int __fd, void *__restrict __buf, size_t __n, | ||
1612 | int __flags, __SOCKADDR_ARG __addr, | ||
1613 | socklen_t *__restrict __addr_len), recvfrom); | ||
1614 | -extern ssize_t __REDIRECT (__recvfrom_chk_warn, | ||
1615 | - (int __fd, void *__restrict __buf, size_t __n, | ||
1616 | - size_t __buflen, int __flags, | ||
1617 | - __SOCKADDR_ARG __addr, | ||
1618 | - socklen_t *__restrict __addr_len), __recvfrom_chk) | ||
1619 | - __warnattr ("recvfrom called with bigger length than size of " | ||
1620 | - "destination buffer"); | ||
1621 | |||
1622 | -__fortify_function ssize_t | ||
1623 | -recvfrom (int __fd, void *__restrict __buf, size_t __n, int __flags, | ||
1624 | - __SOCKADDR_ARG __addr, socklen_t *__restrict __addr_len) | ||
1625 | +__fortify_potential_overload ssize_t | ||
1626 | +recvfrom (int __fd, void *__restrict const __clang_pass_object_size0 __buf, | ||
1627 | + size_t __n, int __flags, __SOCKADDR_ARG __addr, | ||
1628 | + socklen_t *__restrict __addr_len) | ||
1629 | +__FORTIFY_PRECONDITIONS | ||
1630 | + __FORTIFY_WARNING_ONLY_IF_BOS0_LT (__recvfrom_warn, __n, __buf, | ||
1631 | + "recvfrom called with bigger length " | ||
1632 | + "than size of destination buffer") | ||
1633 | { | ||
1634 | - if (__bos0 (__buf) != (size_t) -1) | ||
1635 | - { | ||
1636 | - if (!__builtin_constant_p (__n)) | ||
1637 | - return __recvfrom_chk (__fd, __buf, __n, __bos0 (__buf), __flags, | ||
1638 | - __addr, __addr_len); | ||
1639 | - if (__n > __bos0 (__buf)) | ||
1640 | - return __recvfrom_chk_warn (__fd, __buf, __n, __bos0 (__buf), __flags, | ||
1641 | - __addr, __addr_len); | ||
1642 | - } | ||
1643 | + if (__FORTIFY_CALL_CHK && __bos0 (__buf) != (size_t) -1) | ||
1644 | + return __recvfrom_chk (__fd, __buf, __n, __bos0 (__buf), __flags, __addr, | ||
1645 | + __addr_len); | ||
1646 | return __recvfrom_alias (__fd, __buf, __n, __flags, __addr, __addr_len); | ||
1647 | } | ||
1648 | +__FORTIFY_FUNCTION_END | ||
1649 | --- a/stdlib/bits/stdlib.h | ||
1650 | +++ b/stdlib/bits/stdlib.h | ||
1651 | @@ -26,27 +26,27 @@ extern char *__realpath_chk (const char | ||
1652 | extern char *__REDIRECT_NTH (__realpath_alias, | ||
1653 | (const char *__restrict __name, | ||
1654 | char *__restrict __resolved), realpath) __wur; | ||
1655 | -extern char *__REDIRECT_NTH (__realpath_chk_warn, | ||
1656 | - (const char *__restrict __name, | ||
1657 | - char *__restrict __resolved, | ||
1658 | - size_t __resolvedlen), __realpath_chk) __wur | ||
1659 | - __warnattr ("second argument of realpath must be either NULL or at " | ||
1660 | - "least PATH_MAX bytes long buffer"); | ||
1661 | |||
1662 | -__fortify_function __wur char * | ||
1663 | -__NTH (realpath (const char *__restrict __name, char *__restrict __resolved)) | ||
1664 | +__fortify_potential_overload __wur char * | ||
1665 | +__NTH (realpath (const char *__restrict __name, | ||
1666 | + char *__restrict const __clang_pass_object_size __resolved)) | ||
1667 | +__FORTIFY_PRECONDITIONS | ||
1668 | +#if defined _LIBC_LIMITS_H_ && defined PATH_MAX | ||
1669 | + __FORTIFY_WARNING_ONLY_IF_BOS_LT (__realpath_warn, PATH_MAX, __resolved, | ||
1670 | + "second argument of realpath must be " | ||
1671 | + "either NULL or at least PATH_MAX " | ||
1672 | + "bytes long buffer") | ||
1673 | +#endif | ||
1674 | { | ||
1675 | - if (__bos (__resolved) != (size_t) -1) | ||
1676 | - { | ||
1677 | + if ( | ||
1678 | #if defined _LIBC_LIMITS_H_ && defined PATH_MAX | ||
1679 | - if (__bos (__resolved) < PATH_MAX) | ||
1680 | - return __realpath_chk_warn (__name, __resolved, __bos (__resolved)); | ||
1681 | + __FORTIFY_CALL_CHK && | ||
1682 | #endif | ||
1683 | - return __realpath_chk (__name, __resolved, __bos (__resolved)); | ||
1684 | - } | ||
1685 | - | ||
1686 | + __bos (__resolved) != (size_t) -1) | ||
1687 | + return __realpath_chk (__name, __resolved, __bos (__resolved)); | ||
1688 | return __realpath_alias (__name, __resolved); | ||
1689 | } | ||
1690 | +__FORTIFY_FUNCTION_END | ||
1691 | |||
1692 | |||
1693 | extern int __ptsname_r_chk (int __fd, char *__buf, size_t __buflen, | ||
1694 | @@ -54,33 +54,28 @@ extern int __ptsname_r_chk (int __fd, ch | ||
1695 | extern int __REDIRECT_NTH (__ptsname_r_alias, (int __fd, char *__buf, | ||
1696 | size_t __buflen), ptsname_r) | ||
1697 | __nonnull ((2)); | ||
1698 | -extern int __REDIRECT_NTH (__ptsname_r_chk_warn, | ||
1699 | - (int __fd, char *__buf, size_t __buflen, | ||
1700 | - size_t __nreal), __ptsname_r_chk) | ||
1701 | - __nonnull ((2)) __warnattr ("ptsname_r called with buflen bigger than " | ||
1702 | - "size of buf"); | ||
1703 | |||
1704 | -__fortify_function int | ||
1705 | -__NTH (ptsname_r (int __fd, char *__buf, size_t __buflen)) | ||
1706 | +__fortify_potential_overload int | ||
1707 | +__NTH (ptsname_r (int __fd, char *const __clang_pass_object_size __buf, | ||
1708 | + size_t __buflen)) | ||
1709 | +__FORTIFY_PRECONDITIONS | ||
1710 | + __FORTIFY_WARNING_ONLY_IF_BOS_LT (__ptsname_r_warn, __buflen, __buf, | ||
1711 | + "ptsname_r called with buflen " | ||
1712 | + "bigger than size of buf") | ||
1713 | { | ||
1714 | - if (__bos (__buf) != (size_t) -1) | ||
1715 | - { | ||
1716 | - if (!__builtin_constant_p (__buflen)) | ||
1717 | - return __ptsname_r_chk (__fd, __buf, __buflen, __bos (__buf)); | ||
1718 | - if (__buflen > __bos (__buf)) | ||
1719 | - return __ptsname_r_chk_warn (__fd, __buf, __buflen, __bos (__buf)); | ||
1720 | - } | ||
1721 | + if (__FORTIFY_CALL_CHK && __bos (__buf) != (size_t) -1) | ||
1722 | + return __ptsname_r_chk (__fd, __buf, __buflen, __bos (__buf)); | ||
1723 | return __ptsname_r_alias (__fd, __buf, __buflen); | ||
1724 | } | ||
1725 | - | ||
1726 | +__FORTIFY_FUNCTION_END | ||
1727 | |||
1728 | extern int __wctomb_chk (char *__s, wchar_t __wchar, size_t __buflen) | ||
1729 | __THROW __wur; | ||
1730 | extern int __REDIRECT_NTH (__wctomb_alias, (char *__s, wchar_t __wchar), | ||
1731 | wctomb) __wur; | ||
1732 | |||
1733 | -__fortify_function __wur int | ||
1734 | -__NTH (wctomb (char *__s, wchar_t __wchar)) | ||
1735 | +__fortify_potential_overload __wur int | ||
1736 | +__NTH (wctomb (char *const __clang_pass_object_size __s, wchar_t __wchar)) | ||
1737 | { | ||
1738 | /* We would have to include <limits.h> to get a definition of MB_LEN_MAX. | ||
1739 | But this would only disturb the namespace. So we define our own | ||
1740 | @@ -102,29 +97,22 @@ extern size_t __REDIRECT_NTH (__mbstowcs | ||
1741 | (wchar_t *__restrict __dst, | ||
1742 | const char *__restrict __src, | ||
1743 | size_t __len), mbstowcs); | ||
1744 | -extern size_t __REDIRECT_NTH (__mbstowcs_chk_warn, | ||
1745 | - (wchar_t *__restrict __dst, | ||
1746 | - const char *__restrict __src, | ||
1747 | - size_t __len, size_t __dstlen), __mbstowcs_chk) | ||
1748 | - __warnattr ("mbstowcs called with dst buffer smaller than len " | ||
1749 | - "* sizeof (wchar_t)"); | ||
1750 | - | ||
1751 | -__fortify_function size_t | ||
1752 | -__NTH (mbstowcs (wchar_t *__restrict __dst, const char *__restrict __src, | ||
1753 | - size_t __len)) | ||
1754 | + | ||
1755 | +__fortify_potential_overload size_t | ||
1756 | +__NTH (mbstowcs (wchar_t *__restrict const __clang_pass_object_size __dst, | ||
1757 | + const char *__restrict __src, size_t __len)) | ||
1758 | +__FORTIFY_PRECONDITIONS | ||
1759 | + __FORTIFY_WARNING_ONLY_IF_BOS_LT2 (__mbstowcs_warn, __len, __dst, | ||
1760 | + sizeof (wchar_t), | ||
1761 | + "mbstowcs called with dst buffer " | ||
1762 | + "smaller than len * sizeof (wchar_t)") | ||
1763 | { | ||
1764 | - if (__bos (__dst) != (size_t) -1) | ||
1765 | - { | ||
1766 | - if (!__builtin_constant_p (__len)) | ||
1767 | - return __mbstowcs_chk (__dst, __src, __len, | ||
1768 | - __bos (__dst) / sizeof (wchar_t)); | ||
1769 | - | ||
1770 | - if (__len > __bos (__dst) / sizeof (wchar_t)) | ||
1771 | - return __mbstowcs_chk_warn (__dst, __src, __len, | ||
1772 | - __bos (__dst) / sizeof (wchar_t)); | ||
1773 | - } | ||
1774 | + if (__FORTIFY_CALL_CHK && __bos (__dst) != (size_t) -1) | ||
1775 | + return __mbstowcs_chk (__dst, __src, __len, | ||
1776 | + __bos (__dst) / sizeof (wchar_t)); | ||
1777 | return __mbstowcs_alias (__dst, __src, __len); | ||
1778 | } | ||
1779 | +__FORTIFY_FUNCTION_END | ||
1780 | |||
1781 | |||
1782 | extern size_t __wcstombs_chk (char *__restrict __dst, | ||
1783 | @@ -134,22 +122,17 @@ extern size_t __REDIRECT_NTH (__wcstombs | ||
1784 | (char *__restrict __dst, | ||
1785 | const wchar_t *__restrict __src, | ||
1786 | size_t __len), wcstombs); | ||
1787 | -extern size_t __REDIRECT_NTH (__wcstombs_chk_warn, | ||
1788 | - (char *__restrict __dst, | ||
1789 | - const wchar_t *__restrict __src, | ||
1790 | - size_t __len, size_t __dstlen), __wcstombs_chk) | ||
1791 | - __warnattr ("wcstombs called with dst buffer smaller than len"); | ||
1792 | |||
1793 | -__fortify_function size_t | ||
1794 | -__NTH (wcstombs (char *__restrict __dst, const wchar_t *__restrict __src, | ||
1795 | - size_t __len)) | ||
1796 | +__fortify_potential_overload size_t | ||
1797 | +__NTH (wcstombs (char *__restrict const __clang_pass_object_size __dst, | ||
1798 | + const wchar_t *__restrict __src, size_t __len)) | ||
1799 | +__FORTIFY_PRECONDITIONS | ||
1800 | + __FORTIFY_WARNING_ONLY_IF_BOS_LT (__wcstombs_warn, __len, __dst, | ||
1801 | + "wcstombs called with dst buffer " | ||
1802 | + "smaller than len") | ||
1803 | { | ||
1804 | - if (__bos (__dst) != (size_t) -1) | ||
1805 | - { | ||
1806 | - if (!__builtin_constant_p (__len)) | ||
1807 | - return __wcstombs_chk (__dst, __src, __len, __bos (__dst)); | ||
1808 | - if (__len > __bos (__dst)) | ||
1809 | - return __wcstombs_chk_warn (__dst, __src, __len, __bos (__dst)); | ||
1810 | - } | ||
1811 | + if (__FORTIFY_CALL_CHK && __bos (__dst) != (size_t) -1) | ||
1812 | + return __wcstombs_chk (__dst, __src, __len, __bos (__dst)); | ||
1813 | return __wcstombs_alias (__dst, __src, __len); | ||
1814 | } | ||
1815 | +__FORTIFY_FUNCTION_END | ||
1816 | --- a/string/bits/string_fortified.h | ||
1817 | +++ b/string/bits/string_fortified.h | ||
1818 | @@ -22,45 +22,82 @@ | ||
1819 | # error "Never use <bits/string_fortified.h> directly; include <string.h> instead." | ||
1820 | #endif | ||
1821 | |||
1822 | -#if !__GNUC_PREREQ (5,0) | ||
1823 | -__warndecl (__warn_memset_zero_len, | ||
1824 | - "memset used with constant zero length parameter; this could be due to transposed parameters"); | ||
1825 | -#endif | ||
1826 | - | ||
1827 | -__fortify_function void * | ||
1828 | -__NTH (memcpy (void *__restrict __dest, const void *__restrict __src, | ||
1829 | - size_t __len)) | ||
1830 | -{ | ||
1831 | - return __builtin___memcpy_chk (__dest, __src, __len, __bos0 (__dest)); | ||
1832 | -} | ||
1833 | - | ||
1834 | -__fortify_function void * | ||
1835 | -__NTH (memmove (void *__dest, const void *__src, size_t __len)) | ||
1836 | -{ | ||
1837 | - return __builtin___memmove_chk (__dest, __src, __len, __bos0 (__dest)); | ||
1838 | +#define __warn_len_too_large \ | ||
1839 | + "function called with bigger length than the destination buffer" | ||
1840 | +/* Repeat bodies here to reduce 'note's if we detect a problem. */ | ||
1841 | +#define __size_too_small(bos, dest, len) \ | ||
1842 | + (bos (dest) != (size_t) -1 && bos (dest) < len) | ||
1843 | +#define __warn_if_dest_too_small(dest, len) \ | ||
1844 | + __clang_warning_if (__size_too_small (__bos, dest, len), \ | ||
1845 | + __warn_len_too_large) | ||
1846 | +#define __warn_if_dest_too_small0(dest, len) \ | ||
1847 | + __clang_warning_if (__size_too_small (__bos0, dest, len), \ | ||
1848 | + __warn_len_too_large) | ||
1849 | + | ||
1850 | +#define __warn_input_str_too_large \ | ||
1851 | + "destination buffer will always be overflown by source" | ||
1852 | +#define __warn_if_src_too_large(dest, src) \ | ||
1853 | + __clang_warning_if (__size_too_small (__bos, dest, __builtin_strlen (src) + 1), \ | ||
1854 | + __warn_input_str_too_large) | ||
1855 | + | ||
1856 | +__fortify_potential_overload void * | ||
1857 | +__NTH (memcpy (void *__restrict const __clang_pass_object_size0 __dest, | ||
1858 | + const void *__restrict __src, size_t __len)) | ||
1859 | + __warn_if_dest_too_small0 (__dest, __len) | ||
1860 | +{ | ||
1861 | + size_t __bos_dst = __bos0 (__dest); | ||
1862 | + if (__bos_dst == (size_t) -1 || (__builtin_constant_p (__len) | ||
1863 | + && __bos_dst >= __len)) | ||
1864 | + return __builtin_memcpy (__dest, __src, __len); | ||
1865 | + return __builtin___memcpy_chk (__dest, __src, __len, __bos_dst); | ||
1866 | +} | ||
1867 | + | ||
1868 | +__fortify_potential_overload void * | ||
1869 | +__NTH (memmove (void *const __clang_pass_object_size0 __dest, | ||
1870 | + const void *__src, size_t __len)) | ||
1871 | + __warn_if_dest_too_small0 (__dest, __len) | ||
1872 | +{ | ||
1873 | + size_t __bos_dst = __bos0 (__dest); | ||
1874 | + if (__bos_dst == (size_t) -1 || (__builtin_constant_p (__len) | ||
1875 | + && __bos_dst >= __len)) | ||
1876 | + return __builtin_memmove (__dest, __src, __len); | ||
1877 | + return __builtin___memmove_chk (__dest, __src, __len, __bos_dst); | ||
1878 | } | ||
1879 | |||
1880 | #ifdef __USE_GNU | ||
1881 | -__fortify_function void * | ||
1882 | -__NTH (mempcpy (void *__restrict __dest, const void *__restrict __src, | ||
1883 | - size_t __len)) | ||
1884 | -{ | ||
1885 | - return __builtin___mempcpy_chk (__dest, __src, __len, __bos0 (__dest)); | ||
1886 | +__fortify_potential_overload void * | ||
1887 | +__NTH (mempcpy (void *__restrict const __clang_pass_object_size0 __dest, | ||
1888 | + const void *__restrict __src, size_t __len)) | ||
1889 | + __warn_if_dest_too_small0 (__dest, __len) | ||
1890 | +{ | ||
1891 | + size_t __bos_dst = __bos0 (__dest); | ||
1892 | + if (__bos_dst == (size_t) -1 || (__builtin_constant_p (__len) | ||
1893 | + && __bos_dst >= __len)) | ||
1894 | + return __builtin_mempcpy (__dest, __src, __len); | ||
1895 | + return __builtin___mempcpy_chk (__dest, __src, __len, __bos_dst); | ||
1896 | } | ||
1897 | #endif | ||
1898 | |||
1899 | - | ||
1900 | /* The first two tests here help to catch a somewhat common problem | ||
1901 | where the second and third parameter are transposed. This is | ||
1902 | especially problematic if the intended fill value is zero. In this | ||
1903 | case no work is done at all. We detect these problems by referring | ||
1904 | non-existing functions. */ | ||
1905 | -__fortify_function void * | ||
1906 | -__NTH (memset (void *__dest, int __ch, size_t __len)) | ||
1907 | +#define __warn_memset_zero_len_msg \ | ||
1908 | + "memset used with constant zero length parameter; this could be due to " \ | ||
1909 | + "transposed parameters" | ||
1910 | +#if !__GNUC_PREREQ (5,0) | ||
1911 | +__warndecl (__warn_memset_zero_len, __warn_memset_zero_len_msg); | ||
1912 | +#endif | ||
1913 | +__fortify_potential_overload void * | ||
1914 | +__NTH (memset (void *const __clang_pass_object_size0 __dest, int __ch, | ||
1915 | + size_t __len)) | ||
1916 | + __warn_if_dest_too_small0 (__dest, __len) | ||
1917 | + __clang_warning_if (__len == 0 && __ch != 0, __warn_memset_zero_len_msg) | ||
1918 | { | ||
1919 | /* GCC-5.0 and newer implements these checks in the compiler, so we don't | ||
1920 | need them here. */ | ||
1921 | -#if !__GNUC_PREREQ (5,0) | ||
1922 | +#if !__GNUC_PREREQ (5,0) && !defined __use_clang_fortify | ||
1923 | if (__builtin_constant_p (__len) && __len == 0 | ||
1924 | && (!__builtin_constant_p (__ch) || __ch != 0)) | ||
1925 | { | ||
1926 | @@ -68,8 +105,13 @@ __NTH (memset (void *__dest, int __ch, s | ||
1927 | return __dest; | ||
1928 | } | ||
1929 | #endif | ||
1930 | - return __builtin___memset_chk (__dest, __ch, __len, __bos0 (__dest)); | ||
1931 | + size_t __bos_dst = __bos0 (__dest); | ||
1932 | + if (__bos_dst == (size_t) -1 || (__builtin_constant_p (__len) | ||
1933 | + && __bos_dst >= __len)) | ||
1934 | + return __builtin_memset (__dest, __ch, __len); | ||
1935 | + return __builtin___memset_chk (__dest, __ch, __len, __bos_dst); | ||
1936 | } | ||
1937 | +#undef __warn_memset_zero_len_msg | ||
1938 | |||
1939 | #ifdef __USE_MISC | ||
1940 | # include <bits/strings_fortified.h> | ||
1941 | @@ -84,24 +126,30 @@ __NTH (explicit_bzero (void *__dest, siz | ||
1942 | } | ||
1943 | #endif | ||
1944 | |||
1945 | -__fortify_function char * | ||
1946 | -__NTH (strcpy (char *__restrict __dest, const char *__restrict __src)) | ||
1947 | +__fortify_potential_overload char * | ||
1948 | +__NTH (strcpy (char *__restrict const __clang_pass_object_size __dest, | ||
1949 | + const char *__restrict __src)) | ||
1950 | + __warn_if_src_too_large (__dest, __src) | ||
1951 | { | ||
1952 | return __builtin___strcpy_chk (__dest, __src, __bos (__dest)); | ||
1953 | } | ||
1954 | |||
1955 | #ifdef __USE_GNU | ||
1956 | -__fortify_function char * | ||
1957 | -__NTH (stpcpy (char *__restrict __dest, const char *__restrict __src)) | ||
1958 | +__fortify_potential_overload char * | ||
1959 | +__NTH (stpcpy (char *__restrict const __clang_pass_object_size __dest, | ||
1960 | + const char *__restrict __src)) | ||
1961 | + __warn_if_src_too_large (__dest, __src) | ||
1962 | { | ||
1963 | return __builtin___stpcpy_chk (__dest, __src, __bos (__dest)); | ||
1964 | } | ||
1965 | #endif | ||
1966 | |||
1967 | - | ||
1968 | -__fortify_function char * | ||
1969 | -__NTH (strncpy (char *__restrict __dest, const char *__restrict __src, | ||
1970 | - size_t __len)) | ||
1971 | +__fortify_potential_overload char * | ||
1972 | +__NTH (strncpy (char *__restrict const __clang_pass_object_size __dest, | ||
1973 | + const char *__restrict __src, size_t __len)) | ||
1974 | +/* clang: Don't warn when __builtin_strlen (__src) < __bos (__dest), | ||
1975 | + but __len > __bos (__dest). The user should fix their code instead. */ | ||
1976 | + __warn_if_dest_too_small (__dest, __len) | ||
1977 | { | ||
1978 | return __builtin___strncpy_chk (__dest, __src, __len, __bos (__dest)); | ||
1979 | } | ||
1980 | @@ -112,28 +160,36 @@ extern char *__stpncpy_chk (char *__dest | ||
1981 | extern char *__REDIRECT_NTH (__stpncpy_alias, (char *__dest, const char *__src, | ||
1982 | size_t __n), stpncpy); | ||
1983 | |||
1984 | -__fortify_function char * | ||
1985 | -__NTH (stpncpy (char *__dest, const char *__src, size_t __n)) | ||
1986 | +__fortify_potential_overload char * | ||
1987 | +__NTH (stpncpy (char *const __clang_pass_object_size __dest, const char *__src, | ||
1988 | + size_t __n)) | ||
1989 | + __warn_if_dest_too_small (__dest, __n) | ||
1990 | { | ||
1991 | - if (__bos (__dest) != (size_t) -1 | ||
1992 | - && (!__builtin_constant_p (__n) || __n > __bos (__dest))) | ||
1993 | + if (__bos (__dest) != (size_t) -1) | ||
1994 | return __stpncpy_chk (__dest, __src, __n, __bos (__dest)); | ||
1995 | return __stpncpy_alias (__dest, __src, __n); | ||
1996 | } | ||
1997 | |||
1998 | - | ||
1999 | -__fortify_function char * | ||
2000 | -__NTH (strcat (char *__restrict __dest, const char *__restrict __src)) | ||
2001 | +__fortify_potential_overload char * | ||
2002 | +__NTH (strcat (char *__restrict const __clang_pass_object_size __dest, | ||
2003 | + const char *__restrict __src)) | ||
2004 | + __warn_if_src_too_large (__dest, __src) | ||
2005 | { | ||
2006 | return __builtin___strcat_chk (__dest, __src, __bos (__dest)); | ||
2007 | } | ||
2008 | |||
2009 | - | ||
2010 | -__fortify_function char * | ||
2011 | -__NTH (strncat (char *__restrict __dest, const char *__restrict __src, | ||
2012 | - size_t __len)) | ||
2013 | +__fortify_potential_overload char * | ||
2014 | +__NTH (strncat (char *__restrict const __clang_pass_object_size __dest, | ||
2015 | + const char *__restrict __src, size_t __len)) | ||
2016 | + __warn_if_src_too_large (__dest, __src) | ||
2017 | { | ||
2018 | return __builtin___strncat_chk (__dest, __src, __len, __bos (__dest)); | ||
2019 | } | ||
2020 | |||
2021 | +#undef __warn_len_too_large | ||
2022 | +#undef __size_too_small | ||
2023 | +#undef __warn_if_dest_too_small | ||
2024 | +#undef __warn_if_dest_too_small0 | ||
2025 | +#undef __warn_input_str_too_large | ||
2026 | +#undef __warn_if_src_too_large | ||
2027 | #endif /* bits/string_fortified.h */ | ||
2028 | --- a/string/bits/strings_fortified.h | ||
2029 | +++ b/string/bits/strings_fortified.h | ||
2030 | @@ -19,16 +19,40 @@ | ||
2031 | #ifndef __STRINGS_FORTIFIED | ||
2032 | # define __STRINGS_FORTIFIED 1 | ||
2033 | |||
2034 | -__fortify_function void | ||
2035 | -__NTH (bcopy (const void *__src, void *__dest, size_t __len)) | ||
2036 | +#define __strings_warn_len_too_large \ | ||
2037 | + "function called with bigger length than the destination buffer" | ||
2038 | + | ||
2039 | +#define __strings_size_too_small(dest, len) \ | ||
2040 | + (__bos0 (dest) != (size_t) -1 && __bos0 (dest) < len) | ||
2041 | + | ||
2042 | +__fortify_potential_overload void | ||
2043 | +__NTH (bcopy (const void *__src, void *const __clang_pass_object_size0 __dest, | ||
2044 | + size_t __len)) | ||
2045 | + __clang_warning_if (__strings_size_too_small (__dest, __len), | ||
2046 | + __strings_warn_len_too_large) | ||
2047 | { | ||
2048 | - (void) __builtin___memmove_chk (__dest, __src, __len, __bos0 (__dest)); | ||
2049 | + size_t __bos_dst = __bos0 (__dest); | ||
2050 | + if (__bos_dst == (size_t) -1 || (__builtin_constant_p (__len) | ||
2051 | + && __bos_dst >= __len)) | ||
2052 | + (void) __builtin_memmove (__dest, __src, __len); | ||
2053 | + else | ||
2054 | + (void) __builtin___memmove_chk (__dest, __src, __len, __bos_dst); | ||
2055 | } | ||
2056 | |||
2057 | -__fortify_function void | ||
2058 | -__NTH (bzero (void *__dest, size_t __len)) | ||
2059 | +__fortify_potential_overload void | ||
2060 | +__NTH (bzero (void *const __clang_pass_object_size0 __dest, size_t __len)) | ||
2061 | + __clang_warning_if (__strings_size_too_small (__dest, __len), | ||
2062 | + __strings_warn_len_too_large) | ||
2063 | { | ||
2064 | - (void) __builtin___memset_chk (__dest, '\0', __len, __bos0 (__dest)); | ||
2065 | + size_t __bos_dst = __bos0 (__dest); | ||
2066 | + if (__bos_dst == (size_t) -1 || (__builtin_constant_p (__len) | ||
2067 | + && __bos_dst >= __len)) | ||
2068 | + (void) __builtin_memset (__dest, '\0', __len); | ||
2069 | + else | ||
2070 | + (void) __builtin___memset_chk (__dest, '\0', __len, __bos_dst); | ||
2071 | } | ||
2072 | |||
2073 | + | ||
2074 | +#undef __strings_size_too_small | ||
2075 | +#undef __strings_warn_len_too_large | ||
2076 | #endif | ||
2077 | --- a/wcsmbs/bits/wchar2.h | ||
2078 | +++ b/wcsmbs/bits/wchar2.h | ||
2079 | @@ -20,7 +20,6 @@ | ||
2080 | # error "Never include <bits/wchar2.h> directly; use <wchar.h> instead." | ||
2081 | #endif | ||
2082 | |||
2083 | - | ||
2084 | extern wchar_t *__wmemcpy_chk (wchar_t *__restrict __s1, | ||
2085 | const wchar_t *__restrict __s2, size_t __n, | ||
2086 | size_t __ns1) __THROW; | ||
2087 | @@ -28,57 +27,42 @@ extern wchar_t *__REDIRECT_NTH (__wmemcp | ||
2088 | (wchar_t *__restrict __s1, | ||
2089 | const wchar_t *__restrict __s2, size_t __n), | ||
2090 | wmemcpy); | ||
2091 | -extern wchar_t *__REDIRECT_NTH (__wmemcpy_chk_warn, | ||
2092 | - (wchar_t *__restrict __s1, | ||
2093 | - const wchar_t *__restrict __s2, size_t __n, | ||
2094 | - size_t __ns1), __wmemcpy_chk) | ||
2095 | - __warnattr ("wmemcpy called with length bigger than size of destination " | ||
2096 | - "buffer"); | ||
2097 | |||
2098 | -__fortify_function wchar_t * | ||
2099 | -__NTH (wmemcpy (wchar_t *__restrict __s1, const wchar_t *__restrict __s2, | ||
2100 | - size_t __n)) | ||
2101 | -{ | ||
2102 | - if (__bos0 (__s1) != (size_t) -1) | ||
2103 | - { | ||
2104 | - if (!__builtin_constant_p (__n)) | ||
2105 | - return __wmemcpy_chk (__s1, __s2, __n, | ||
2106 | - __bos0 (__s1) / sizeof (wchar_t)); | ||
2107 | - | ||
2108 | - if (__n > __bos0 (__s1) / sizeof (wchar_t)) | ||
2109 | - return __wmemcpy_chk_warn (__s1, __s2, __n, | ||
2110 | - __bos0 (__s1) / sizeof (wchar_t)); | ||
2111 | - } | ||
2112 | - return __wmemcpy_alias (__s1, __s2, __n); | ||
2113 | +__fortify_potential_overload wchar_t * | ||
2114 | +__NTH (wmemcpy (wchar_t *__restrict const __clang_pass_object_size0 __s1, | ||
2115 | + const wchar_t *__restrict __s2, size_t __n)) | ||
2116 | +__FORTIFY_PRECONDITIONS | ||
2117 | + __FORTIFY_WARNING_ONLY_IF_BOS0_LT2 (__wmemcpy_warn, __n, __s1, | ||
2118 | + sizeof (wchar_t), | ||
2119 | + "wmemcpy called with length bigger " | ||
2120 | + "than size of destination buffer") | ||
2121 | +{ | ||
2122 | + if (__FORTIFY_CALL_CHK && __bos0 (__s1) != (size_t)-1) | ||
2123 | + return __wmemcpy_chk(__s1, __s2, __n, __bos0(__s1) / sizeof (wchar_t)); | ||
2124 | + return __wmemcpy_alias(__s1, __s2, __n); | ||
2125 | } | ||
2126 | - | ||
2127 | +__FORTIFY_FUNCTION_END | ||
2128 | |||
2129 | extern wchar_t *__wmemmove_chk (wchar_t *__s1, const wchar_t *__s2, | ||
2130 | size_t __n, size_t __ns1) __THROW; | ||
2131 | extern wchar_t *__REDIRECT_NTH (__wmemmove_alias, (wchar_t *__s1, | ||
2132 | const wchar_t *__s2, | ||
2133 | size_t __n), wmemmove); | ||
2134 | -extern wchar_t *__REDIRECT_NTH (__wmemmove_chk_warn, | ||
2135 | - (wchar_t *__s1, const wchar_t *__s2, | ||
2136 | - size_t __n, size_t __ns1), __wmemmove_chk) | ||
2137 | - __warnattr ("wmemmove called with length bigger than size of destination " | ||
2138 | - "buffer"); | ||
2139 | - | ||
2140 | -__fortify_function wchar_t * | ||
2141 | -__NTH (wmemmove (wchar_t *__s1, const wchar_t *__s2, size_t __n)) | ||
2142 | -{ | ||
2143 | - if (__bos0 (__s1) != (size_t) -1) | ||
2144 | - { | ||
2145 | - if (!__builtin_constant_p (__n)) | ||
2146 | - return __wmemmove_chk (__s1, __s2, __n, | ||
2147 | - __bos0 (__s1) / sizeof (wchar_t)); | ||
2148 | - | ||
2149 | - if (__n > __bos0 (__s1) / sizeof (wchar_t)) | ||
2150 | - return __wmemmove_chk_warn (__s1, __s2, __n, | ||
2151 | - __bos0 (__s1) / sizeof (wchar_t)); | ||
2152 | - } | ||
2153 | + | ||
2154 | +__fortify_potential_overload wchar_t * | ||
2155 | +__NTH (wmemmove (wchar_t *const __clang_pass_object_size0 __s1, | ||
2156 | + const wchar_t *__s2, size_t __n)) | ||
2157 | +__FORTIFY_PRECONDITIONS | ||
2158 | + __FORTIFY_WARNING_ONLY_IF_BOS0_LT2 (__wmemmove_warn, __n, __s1, | ||
2159 | + sizeof (wchar_t), | ||
2160 | + "wmemmove called with length bigger " | ||
2161 | + "than size of destination buffer") | ||
2162 | +{ | ||
2163 | + if (__FORTIFY_CALL_CHK && __bos0 (__s1) != (size_t) -1) | ||
2164 | + return __wmemmove_chk (__s1, __s2, __n, __bos0 (__s1) / sizeof (wchar_t)); | ||
2165 | return __wmemmove_alias (__s1, __s2, __n); | ||
2166 | } | ||
2167 | +__FORTIFY_FUNCTION_END | ||
2168 | |||
2169 | |||
2170 | #ifdef __USE_GNU | ||
2171 | @@ -89,29 +73,21 @@ extern wchar_t *__REDIRECT_NTH (__wmempc | ||
2172 | (wchar_t *__restrict __s1, | ||
2173 | const wchar_t *__restrict __s2, | ||
2174 | size_t __n), wmempcpy); | ||
2175 | -extern wchar_t *__REDIRECT_NTH (__wmempcpy_chk_warn, | ||
2176 | - (wchar_t *__restrict __s1, | ||
2177 | - const wchar_t *__restrict __s2, size_t __n, | ||
2178 | - size_t __ns1), __wmempcpy_chk) | ||
2179 | - __warnattr ("wmempcpy called with length bigger than size of destination " | ||
2180 | - "buffer"); | ||
2181 | - | ||
2182 | -__fortify_function wchar_t * | ||
2183 | -__NTH (wmempcpy (wchar_t *__restrict __s1, const wchar_t *__restrict __s2, | ||
2184 | - size_t __n)) | ||
2185 | -{ | ||
2186 | - if (__bos0 (__s1) != (size_t) -1) | ||
2187 | - { | ||
2188 | - if (!__builtin_constant_p (__n)) | ||
2189 | - return __wmempcpy_chk (__s1, __s2, __n, | ||
2190 | - __bos0 (__s1) / sizeof (wchar_t)); | ||
2191 | - | ||
2192 | - if (__n > __bos0 (__s1) / sizeof (wchar_t)) | ||
2193 | - return __wmempcpy_chk_warn (__s1, __s2, __n, | ||
2194 | - __bos0 (__s1) / sizeof (wchar_t)); | ||
2195 | - } | ||
2196 | - return __wmempcpy_alias (__s1, __s2, __n); | ||
2197 | + | ||
2198 | +__fortify_potential_overload wchar_t * | ||
2199 | +__NTH(wmempcpy(wchar_t *__restrict const __clang_pass_object_size0 __s1, | ||
2200 | + const wchar_t *__restrict __s2, size_t __n)) | ||
2201 | +__FORTIFY_PRECONDITIONS | ||
2202 | + __FORTIFY_WARNING_ONLY_IF_BOS0_LT2 (__wmempcpy_warn, __n, __s1, | ||
2203 | + sizeof (wchar_t), | ||
2204 | + "wmempcpy called with length bigger " | ||
2205 | + "than size of destination buffer") | ||
2206 | +{ | ||
2207 | + if (__FORTIFY_CALL_CHK && __bos0 (__s1) != (size_t)-1) | ||
2208 | + return __wmempcpy_chk(__s1, __s2, __n, __bos0(__s1) / sizeof (wchar_t)); | ||
2209 | + return __wmempcpy_alias(__s1, __s2, __n); | ||
2210 | } | ||
2211 | +__FORTIFY_FUNCTION_END | ||
2212 | #endif | ||
2213 | |||
2214 | |||
2215 | @@ -119,26 +95,21 @@ extern wchar_t *__wmemset_chk (wchar_t * | ||
2216 | size_t __ns) __THROW; | ||
2217 | extern wchar_t *__REDIRECT_NTH (__wmemset_alias, (wchar_t *__s, wchar_t __c, | ||
2218 | size_t __n), wmemset); | ||
2219 | -extern wchar_t *__REDIRECT_NTH (__wmemset_chk_warn, | ||
2220 | - (wchar_t *__s, wchar_t __c, size_t __n, | ||
2221 | - size_t __ns), __wmemset_chk) | ||
2222 | - __warnattr ("wmemset called with length bigger than size of destination " | ||
2223 | - "buffer"); | ||
2224 | - | ||
2225 | -__fortify_function wchar_t * | ||
2226 | -__NTH (wmemset (wchar_t *__s, wchar_t __c, size_t __n)) | ||
2227 | -{ | ||
2228 | - if (__bos0 (__s) != (size_t) -1) | ||
2229 | - { | ||
2230 | - if (!__builtin_constant_p (__n)) | ||
2231 | - return __wmemset_chk (__s, __c, __n, __bos0 (__s) / sizeof (wchar_t)); | ||
2232 | - | ||
2233 | - if (__n > __bos0 (__s) / sizeof (wchar_t)) | ||
2234 | - return __wmemset_chk_warn (__s, __c, __n, | ||
2235 | - __bos0 (__s) / sizeof (wchar_t)); | ||
2236 | - } | ||
2237 | + | ||
2238 | +__fortify_potential_overload wchar_t * | ||
2239 | +__NTH (wmemset (wchar_t *const __clang_pass_object_size0 __s, wchar_t __c, | ||
2240 | + size_t __n)) | ||
2241 | +__FORTIFY_PRECONDITIONS | ||
2242 | + __FORTIFY_WARNING_ONLY_IF_BOS0_LT2 (__wmemset_warn, __n, __s, | ||
2243 | + sizeof (wchar_t), | ||
2244 | + "wmemset called with length bigger " | ||
2245 | + "than size of destination buffer") | ||
2246 | +{ | ||
2247 | + if (__FORTIFY_CALL_CHK && __bos0 (__s) != (size_t) -1) | ||
2248 | + return __wmemset_chk (__s, __c, __n, __bos0 (__s) / sizeof (wchar_t)); | ||
2249 | return __wmemset_alias (__s, __c, __n); | ||
2250 | } | ||
2251 | +__FORTIFY_FUNCTION_END | ||
2252 | |||
2253 | |||
2254 | extern wchar_t *__wcscpy_chk (wchar_t *__restrict __dest, | ||
2255 | @@ -148,8 +119,9 @@ extern wchar_t *__REDIRECT_NTH (__wcscpy | ||
2256 | (wchar_t *__restrict __dest, | ||
2257 | const wchar_t *__restrict __src), wcscpy); | ||
2258 | |||
2259 | -__fortify_function wchar_t * | ||
2260 | -__NTH (wcscpy (wchar_t *__restrict __dest, const wchar_t *__restrict __src)) | ||
2261 | +__fortify_potential_overload wchar_t * | ||
2262 | +__NTH (wcscpy (wchar_t *__restrict const __clang_pass_object_size __dest, | ||
2263 | + const wchar_t *__restrict __src)) | ||
2264 | { | ||
2265 | if (__bos (__dest) != (size_t) -1) | ||
2266 | return __wcscpy_chk (__dest, __src, __bos (__dest) / sizeof (wchar_t)); | ||
2267 | @@ -164,8 +136,9 @@ extern wchar_t *__REDIRECT_NTH (__wcpcpy | ||
2268 | (wchar_t *__restrict __dest, | ||
2269 | const wchar_t *__restrict __src), wcpcpy); | ||
2270 | |||
2271 | -__fortify_function wchar_t * | ||
2272 | -__NTH (wcpcpy (wchar_t *__restrict __dest, const wchar_t *__restrict __src)) | ||
2273 | +__fortify_potential_overload wchar_t * | ||
2274 | +__NTH (wcpcpy (wchar_t *__restrict const __clang_pass_object_size __dest, | ||
2275 | + const wchar_t *__restrict __src)) | ||
2276 | { | ||
2277 | if (__bos (__dest) != (size_t) -1) | ||
2278 | return __wcpcpy_chk (__dest, __src, __bos (__dest) / sizeof (wchar_t)); | ||
2279 | @@ -180,28 +153,22 @@ extern wchar_t *__REDIRECT_NTH (__wcsncp | ||
2280 | (wchar_t *__restrict __dest, | ||
2281 | const wchar_t *__restrict __src, | ||
2282 | size_t __n), wcsncpy); | ||
2283 | -extern wchar_t *__REDIRECT_NTH (__wcsncpy_chk_warn, | ||
2284 | - (wchar_t *__restrict __dest, | ||
2285 | - const wchar_t *__restrict __src, | ||
2286 | - size_t __n, size_t __destlen), __wcsncpy_chk) | ||
2287 | - __warnattr ("wcsncpy called with length bigger than size of destination " | ||
2288 | - "buffer"); | ||
2289 | |||
2290 | -__fortify_function wchar_t * | ||
2291 | -__NTH (wcsncpy (wchar_t *__restrict __dest, const wchar_t *__restrict __src, | ||
2292 | - size_t __n)) | ||
2293 | +__fortify_potential_overload wchar_t * | ||
2294 | +__NTH (wcsncpy (wchar_t *__restrict const __clang_pass_object_size __dest, | ||
2295 | + const wchar_t *__restrict __src, size_t __n)) | ||
2296 | +__FORTIFY_PRECONDITIONS | ||
2297 | + __FORTIFY_WARNING_ONLY_IF_BOS_LT2 (__wcsncpy_warn, __n, __dest, | ||
2298 | + sizeof (wchar_t), | ||
2299 | + "wcsncpy called with length bigger " | ||
2300 | + "than size of destination buffer") | ||
2301 | { | ||
2302 | - if (__bos (__dest) != (size_t) -1) | ||
2303 | - { | ||
2304 | - if (!__builtin_constant_p (__n)) | ||
2305 | - return __wcsncpy_chk (__dest, __src, __n, | ||
2306 | - __bos (__dest) / sizeof (wchar_t)); | ||
2307 | - if (__n > __bos (__dest) / sizeof (wchar_t)) | ||
2308 | - return __wcsncpy_chk_warn (__dest, __src, __n, | ||
2309 | - __bos (__dest) / sizeof (wchar_t)); | ||
2310 | - } | ||
2311 | + if (__FORTIFY_CALL_CHK && __bos (__dest) != (size_t) -1) | ||
2312 | + return __wcsncpy_chk (__dest, __src, __n, | ||
2313 | + __bos (__dest) / sizeof (wchar_t)); | ||
2314 | return __wcsncpy_alias (__dest, __src, __n); | ||
2315 | } | ||
2316 | +__FORTIFY_FUNCTION_END | ||
2317 | |||
2318 | |||
2319 | extern wchar_t *__wcpncpy_chk (wchar_t *__restrict __dest, | ||
2320 | @@ -211,29 +178,22 @@ extern wchar_t *__REDIRECT_NTH (__wcpncp | ||
2321 | (wchar_t *__restrict __dest, | ||
2322 | const wchar_t *__restrict __src, | ||
2323 | size_t __n), wcpncpy); | ||
2324 | -extern wchar_t *__REDIRECT_NTH (__wcpncpy_chk_warn, | ||
2325 | - (wchar_t *__restrict __dest, | ||
2326 | - const wchar_t *__restrict __src, | ||
2327 | - size_t __n, size_t __destlen), __wcpncpy_chk) | ||
2328 | - __warnattr ("wcpncpy called with length bigger than size of destination " | ||
2329 | - "buffer"); | ||
2330 | |||
2331 | -__fortify_function wchar_t * | ||
2332 | -__NTH (wcpncpy (wchar_t *__restrict __dest, const wchar_t *__restrict __src, | ||
2333 | - size_t __n)) | ||
2334 | +__fortify_potential_overload wchar_t * | ||
2335 | +__NTH (wcpncpy (wchar_t *__restrict const __clang_pass_object_size __dest, | ||
2336 | + const wchar_t *__restrict __src, size_t __n)) | ||
2337 | +__FORTIFY_PRECONDITIONS | ||
2338 | + __FORTIFY_WARNING_ONLY_IF_BOS_LT2 (__wcpncpy_warn, __n, __dest, | ||
2339 | + sizeof (wchar_t), | ||
2340 | + "wcpncpy called with length bigger " | ||
2341 | + "than size of destination buffer") | ||
2342 | { | ||
2343 | - if (__bos (__dest) != (size_t) -1) | ||
2344 | - { | ||
2345 | - if (!__builtin_constant_p (__n)) | ||
2346 | - return __wcpncpy_chk (__dest, __src, __n, | ||
2347 | - __bos (__dest) / sizeof (wchar_t)); | ||
2348 | - if (__n > __bos (__dest) / sizeof (wchar_t)) | ||
2349 | - return __wcpncpy_chk_warn (__dest, __src, __n, | ||
2350 | - __bos (__dest) / sizeof (wchar_t)); | ||
2351 | - } | ||
2352 | + if (__FORTIFY_CALL_CHK && __bos (__dest) != (size_t) -1) | ||
2353 | + return __wcpncpy_chk (__dest, __src, __n, | ||
2354 | + __bos (__dest) / sizeof (wchar_t)); | ||
2355 | return __wcpncpy_alias (__dest, __src, __n); | ||
2356 | } | ||
2357 | - | ||
2358 | +__FORTIFY_FUNCTION_END | ||
2359 | |||
2360 | extern wchar_t *__wcscat_chk (wchar_t *__restrict __dest, | ||
2361 | const wchar_t *__restrict __src, | ||
2362 | @@ -242,8 +202,9 @@ extern wchar_t *__REDIRECT_NTH (__wcscat | ||
2363 | (wchar_t *__restrict __dest, | ||
2364 | const wchar_t *__restrict __src), wcscat); | ||
2365 | |||
2366 | -__fortify_function wchar_t * | ||
2367 | -__NTH (wcscat (wchar_t *__restrict __dest, const wchar_t *__restrict __src)) | ||
2368 | +__fortify_potential_overload wchar_t * | ||
2369 | +__NTH (wcscat (wchar_t *__restrict const __clang_pass_object_size __dest, | ||
2370 | + const wchar_t *__restrict __src)) | ||
2371 | { | ||
2372 | if (__bos (__dest) != (size_t) -1) | ||
2373 | return __wcscat_chk (__dest, __src, __bos (__dest) / sizeof (wchar_t)); | ||
2374 | @@ -259,9 +220,9 @@ extern wchar_t *__REDIRECT_NTH (__wcsnca | ||
2375 | const wchar_t *__restrict __src, | ||
2376 | size_t __n), wcsncat); | ||
2377 | |||
2378 | -__fortify_function wchar_t * | ||
2379 | -__NTH (wcsncat (wchar_t *__restrict __dest, const wchar_t *__restrict __src, | ||
2380 | - size_t __n)) | ||
2381 | +__fortify_potential_overload wchar_t * | ||
2382 | +__NTH (wcsncat (wchar_t *__restrict const __clang_pass_object_size __dest, | ||
2383 | + const wchar_t *__restrict __src, size_t __n)) | ||
2384 | { | ||
2385 | if (__bos (__dest) != (size_t) -1) | ||
2386 | return __wcsncat_chk (__dest, __src, __n, | ||
2387 | @@ -280,16 +241,34 @@ extern int __REDIRECT_NTH_LDBL (__swprin | ||
2388 | const wchar_t *__restrict __fmt, ...), | ||
2389 | swprintf); | ||
2390 | |||
2391 | -#ifdef __va_arg_pack | ||
2392 | -__fortify_function int | ||
2393 | -__NTH (swprintf (wchar_t *__restrict __s, size_t __n, | ||
2394 | - const wchar_t *__restrict __fmt, ...)) | ||
2395 | +extern int __vswprintf_chk (wchar_t *__restrict __s, size_t __n, | ||
2396 | + int __flag, size_t __s_len, | ||
2397 | + const wchar_t *__restrict __format, | ||
2398 | + __gnuc_va_list __arg) | ||
2399 | + __THROW /* __attribute__ ((__format__ (__wprintf__, 5, 0))) */; | ||
2400 | + | ||
2401 | +extern int __REDIRECT_NTH_LDBL (__vswprintf_alias, | ||
2402 | + (wchar_t *__restrict __s, size_t __n, | ||
2403 | + const wchar_t *__restrict __fmt, | ||
2404 | + __gnuc_va_list __ap), vswprintf); | ||
2405 | + | ||
2406 | +#ifdef __FORTIFY_ARG_PACK_OK | ||
2407 | +__fortify_potential_overload int | ||
2408 | +__NTH (swprintf (wchar_t *__restrict const __clang_pass_object_size __s, | ||
2409 | + size_t __n, const wchar_t *__restrict __fmt, ...)) | ||
2410 | { | ||
2411 | + __FORTIFY_INIT_ARG_PACK(__fmt); | ||
2412 | + int __result; | ||
2413 | if (__bos (__s) != (size_t) -1 || __USE_FORTIFY_LEVEL > 1) | ||
2414 | - return __swprintf_chk (__s, __n, __USE_FORTIFY_LEVEL - 1, | ||
2415 | - __bos (__s) / sizeof (wchar_t), | ||
2416 | - __fmt, __va_arg_pack ()); | ||
2417 | - return __swprintf_alias (__s, __n, __fmt, __va_arg_pack ()); | ||
2418 | + __result = __FORTIFY_CALL_VA_CHK(swprintf, __s, __n, | ||
2419 | + __USE_FORTIFY_LEVEL - 1, | ||
2420 | + __bos (__s) / sizeof (wchar_t), __fmt, | ||
2421 | + __FORTIFY_ARG_PACK); | ||
2422 | + else | ||
2423 | + __result = __FORTIFY_CALL_VA_ALIAS(swprintf, __s, __n, __fmt, | ||
2424 | + __FORTIFY_ARG_PACK); | ||
2425 | + __FORTIFY_FREE_ARG_PACK(); | ||
2426 | + return __result; | ||
2427 | } | ||
2428 | #elif !defined __cplusplus | ||
2429 | /* XXX We might want to have support in gcc for swprintf. */ | ||
2430 | @@ -300,20 +279,10 @@ __NTH (swprintf (wchar_t *__restrict __s | ||
2431 | : swprintf (s, n, __VA_ARGS__)) | ||
2432 | #endif | ||
2433 | |||
2434 | -extern int __vswprintf_chk (wchar_t *__restrict __s, size_t __n, | ||
2435 | - int __flag, size_t __s_len, | ||
2436 | - const wchar_t *__restrict __format, | ||
2437 | - __gnuc_va_list __arg) | ||
2438 | - __THROW /* __attribute__ ((__format__ (__wprintf__, 5, 0))) */; | ||
2439 | - | ||
2440 | -extern int __REDIRECT_NTH_LDBL (__vswprintf_alias, | ||
2441 | - (wchar_t *__restrict __s, size_t __n, | ||
2442 | - const wchar_t *__restrict __fmt, | ||
2443 | - __gnuc_va_list __ap), vswprintf); | ||
2444 | - | ||
2445 | -__fortify_function int | ||
2446 | -__NTH (vswprintf (wchar_t *__restrict __s, size_t __n, | ||
2447 | - const wchar_t *__restrict __fmt, __gnuc_va_list __ap)) | ||
2448 | +__fortify_potential_overload int | ||
2449 | +__NTH (vswprintf (wchar_t *__restrict const __clang_pass_object_size __s, | ||
2450 | + size_t __n, const wchar_t *__restrict __fmt, | ||
2451 | + __gnuc_va_list __ap)) | ||
2452 | { | ||
2453 | if (__bos (__s) != (size_t) -1 || __USE_FORTIFY_LEVEL > 1) | ||
2454 | return __vswprintf_chk (__s, __n, __USE_FORTIFY_LEVEL - 1, | ||
2455 | @@ -334,18 +303,27 @@ extern int __vfwprintf_chk (__FILE *__re | ||
2456 | extern int __vwprintf_chk (int __flag, const wchar_t *__restrict __format, | ||
2457 | __gnuc_va_list __ap); | ||
2458 | |||
2459 | -# ifdef __va_arg_pack | ||
2460 | -__fortify_function int | ||
2461 | -wprintf (const wchar_t *__restrict __fmt, ...) | ||
2462 | -{ | ||
2463 | - return __wprintf_chk (__USE_FORTIFY_LEVEL - 1, __fmt, __va_arg_pack ()); | ||
2464 | -} | ||
2465 | |||
2466 | -__fortify_function int | ||
2467 | -fwprintf (__FILE *__restrict __stream, const wchar_t *__restrict __fmt, ...) | ||
2468 | -{ | ||
2469 | - return __fwprintf_chk (__stream, __USE_FORTIFY_LEVEL - 1, __fmt, | ||
2470 | - __va_arg_pack ()); | ||
2471 | +#ifdef __FORTIFY_ARG_PACK_OK | ||
2472 | +__fortify_potential_overload int | ||
2473 | +wprintf (const wchar_t *__restrict const __clang_pass_object_size __fmt, ...) | ||
2474 | +{ | ||
2475 | + __FORTIFY_INIT_ARG_PACK(__fmt); | ||
2476 | + int __r = __FORTIFY_CALL_VA_CHK (wprintf, __USE_FORTIFY_LEVEL - 1, __fmt, | ||
2477 | + __FORTIFY_ARG_PACK); | ||
2478 | + __FORTIFY_FREE_ARG_PACK(); | ||
2479 | + return __r; | ||
2480 | +} | ||
2481 | + | ||
2482 | +__fortify_potential_overload int | ||
2483 | +fwprintf (__FILE *__restrict const __clang_pass_object_size __stream, | ||
2484 | + const wchar_t *__restrict __fmt, ...) | ||
2485 | +{ | ||
2486 | + __FORTIFY_INIT_ARG_PACK(__fmt); | ||
2487 | + int __r = __FORTIFY_CALL_VA_CHK (fwprintf, __stream, __USE_FORTIFY_LEVEL - 1, | ||
2488 | + __fmt, __FORTIFY_ARG_PACK); | ||
2489 | + __FORTIFY_FREE_ARG_PACK(); | ||
2490 | + return __r; | ||
2491 | } | ||
2492 | # elif !defined __cplusplus | ||
2493 | # define wprintf(...) \ | ||
2494 | @@ -354,14 +332,15 @@ fwprintf (__FILE *__restrict __stream, c | ||
2495 | __fwprintf_chk (stream, __USE_FORTIFY_LEVEL - 1, __VA_ARGS__) | ||
2496 | # endif | ||
2497 | |||
2498 | -__fortify_function int | ||
2499 | -vwprintf (const wchar_t *__restrict __fmt, __gnuc_va_list __ap) | ||
2500 | +__fortify_potential_overload int | ||
2501 | +vwprintf (const wchar_t *__restrict const __clang_pass_object_size __fmt, | ||
2502 | + __gnuc_va_list __ap) | ||
2503 | { | ||
2504 | return __vwprintf_chk (__USE_FORTIFY_LEVEL - 1, __fmt, __ap); | ||
2505 | } | ||
2506 | |||
2507 | -__fortify_function int | ||
2508 | -vfwprintf (__FILE *__restrict __stream, | ||
2509 | +__fortify_potential_overload int | ||
2510 | +vfwprintf (__FILE *__restrict const __clang_pass_object_size __stream, | ||
2511 | const wchar_t *__restrict __fmt, __gnuc_va_list __ap) | ||
2512 | { | ||
2513 | return __vfwprintf_chk (__stream, __USE_FORTIFY_LEVEL - 1, __fmt, __ap); | ||
2514 | @@ -374,27 +353,21 @@ extern wchar_t *__fgetws_chk (wchar_t *_ | ||
2515 | extern wchar_t *__REDIRECT (__fgetws_alias, | ||
2516 | (wchar_t *__restrict __s, int __n, | ||
2517 | __FILE *__restrict __stream), fgetws) __wur; | ||
2518 | -extern wchar_t *__REDIRECT (__fgetws_chk_warn, | ||
2519 | - (wchar_t *__restrict __s, size_t __size, int __n, | ||
2520 | - __FILE *__restrict __stream), __fgetws_chk) | ||
2521 | - __wur __warnattr ("fgetws called with bigger size than length " | ||
2522 | - "of destination buffer"); | ||
2523 | |||
2524 | -__fortify_function __wur wchar_t * | ||
2525 | -fgetws (wchar_t *__restrict __s, int __n, __FILE *__restrict __stream) | ||
2526 | +__fortify_potential_overload __wur wchar_t * | ||
2527 | +fgetws (wchar_t *__restrict const __clang_pass_object_size __s, int __n, | ||
2528 | + __FILE *__restrict __stream) | ||
2529 | +__FORTIFY_PRECONDITIONS | ||
2530 | + __FORTIFY_WARNING_ONLY_IF_BOS_LT2 (__fgetws_warn, __n, __s, | ||
2531 | + sizeof (wchar_t), | ||
2532 | + "fgetws called with length bigger " | ||
2533 | + "than size of destination buffer") | ||
2534 | { | ||
2535 | - if (__bos (__s) != (size_t) -1) | ||
2536 | - { | ||
2537 | - if (!__builtin_constant_p (__n) || __n <= 0) | ||
2538 | - return __fgetws_chk (__s, __bos (__s) / sizeof (wchar_t), | ||
2539 | - __n, __stream); | ||
2540 | - | ||
2541 | - if ((size_t) __n > __bos (__s) / sizeof (wchar_t)) | ||
2542 | - return __fgetws_chk_warn (__s, __bos (__s) / sizeof (wchar_t), | ||
2543 | - __n, __stream); | ||
2544 | - } | ||
2545 | + if (__FORTIFY_CALL_CHK && __bos (__s) != (size_t) -1) | ||
2546 | + return __fgetws_chk (__s, __bos (__s) / sizeof (wchar_t), __n, __stream); | ||
2547 | return __fgetws_alias (__s, __n, __stream); | ||
2548 | } | ||
2549 | +__FORTIFY_FUNCTION_END | ||
2550 | |||
2551 | #ifdef __USE_GNU | ||
2552 | extern wchar_t *__fgetws_unlocked_chk (wchar_t *__restrict __s, size_t __size, | ||
2553 | @@ -404,28 +377,23 @@ extern wchar_t *__REDIRECT (__fgetws_unl | ||
2554 | (wchar_t *__restrict __s, int __n, | ||
2555 | __FILE *__restrict __stream), fgetws_unlocked) | ||
2556 | __wur; | ||
2557 | -extern wchar_t *__REDIRECT (__fgetws_unlocked_chk_warn, | ||
2558 | - (wchar_t *__restrict __s, size_t __size, int __n, | ||
2559 | - __FILE *__restrict __stream), | ||
2560 | - __fgetws_unlocked_chk) | ||
2561 | - __wur __warnattr ("fgetws_unlocked called with bigger size than length " | ||
2562 | - "of destination buffer"); | ||
2563 | |||
2564 | -__fortify_function __wur wchar_t * | ||
2565 | -fgetws_unlocked (wchar_t *__restrict __s, int __n, __FILE *__restrict __stream) | ||
2566 | +__fortify_potential_overload __wur wchar_t * | ||
2567 | +fgetws_unlocked (wchar_t *__restrict const __clang_pass_object_size __s, | ||
2568 | + int __n, __FILE *__restrict __stream) | ||
2569 | +__FORTIFY_PRECONDITIONS | ||
2570 | + __FORTIFY_WARNING_IF (__fgetws_unlocked_warn, | ||
2571 | + __n > 0 | ||
2572 | + && __bos_static_lt2 (__n, __s, sizeof (wchar_t)), | ||
2573 | + "fgetws_unlocked called with bigger size than " | ||
2574 | + "length of destination buffer") | ||
2575 | { | ||
2576 | if (__bos (__s) != (size_t) -1) | ||
2577 | - { | ||
2578 | - if (!__builtin_constant_p (__n) || __n <= 0) | ||
2579 | - return __fgetws_unlocked_chk (__s, __bos (__s) / sizeof (wchar_t), | ||
2580 | - __n, __stream); | ||
2581 | - | ||
2582 | - if ((size_t) __n > __bos (__s) / sizeof (wchar_t)) | ||
2583 | - return __fgetws_unlocked_chk_warn (__s, __bos (__s) / sizeof (wchar_t), | ||
2584 | - __n, __stream); | ||
2585 | - } | ||
2586 | + return __fgetws_unlocked_chk (__s, __bos (__s) / sizeof (wchar_t), | ||
2587 | + __n, __stream); | ||
2588 | return __fgetws_unlocked_alias (__s, __n, __stream); | ||
2589 | } | ||
2590 | +__FORTIFY_FUNCTION_END | ||
2591 | #endif | ||
2592 | |||
2593 | |||
2594 | @@ -436,9 +404,9 @@ extern size_t __REDIRECT_NTH (__wcrtomb_ | ||
2595 | (char *__restrict __s, wchar_t __wchar, | ||
2596 | mbstate_t *__restrict __ps), wcrtomb) __wur; | ||
2597 | |||
2598 | -__fortify_function __wur size_t | ||
2599 | -__NTH (wcrtomb (char *__restrict __s, wchar_t __wchar, | ||
2600 | - mbstate_t *__restrict __ps)) | ||
2601 | +__fortify_potential_overload __wur size_t | ||
2602 | +__NTH (wcrtomb (char *__restrict const __clang_pass_object_size __s, | ||
2603 | + wchar_t __wchar, mbstate_t *__restrict __ps)) | ||
2604 | { | ||
2605 | /* We would have to include <limits.h> to get a definition of MB_LEN_MAX. | ||
2606 | But this would only disturb the namespace. So we define our own | ||
2607 | @@ -462,30 +430,23 @@ extern size_t __REDIRECT_NTH (__mbsrtowc | ||
2608 | const char **__restrict __src, | ||
2609 | size_t __len, mbstate_t *__restrict __ps), | ||
2610 | mbsrtowcs); | ||
2611 | -extern size_t __REDIRECT_NTH (__mbsrtowcs_chk_warn, | ||
2612 | - (wchar_t *__restrict __dst, | ||
2613 | - const char **__restrict __src, | ||
2614 | - size_t __len, mbstate_t *__restrict __ps, | ||
2615 | - size_t __dstlen), __mbsrtowcs_chk) | ||
2616 | - __warnattr ("mbsrtowcs called with dst buffer smaller than len " | ||
2617 | - "* sizeof (wchar_t)"); | ||
2618 | - | ||
2619 | -__fortify_function size_t | ||
2620 | -__NTH (mbsrtowcs (wchar_t *__restrict __dst, const char **__restrict __src, | ||
2621 | - size_t __len, mbstate_t *__restrict __ps)) | ||
2622 | -{ | ||
2623 | - if (__bos (__dst) != (size_t) -1) | ||
2624 | - { | ||
2625 | - if (!__builtin_constant_p (__len)) | ||
2626 | - return __mbsrtowcs_chk (__dst, __src, __len, __ps, | ||
2627 | - __bos (__dst) / sizeof (wchar_t)); | ||
2628 | - | ||
2629 | - if (__len > __bos (__dst) / sizeof (wchar_t)) | ||
2630 | - return __mbsrtowcs_chk_warn (__dst, __src, __len, __ps, | ||
2631 | - __bos (__dst) / sizeof (wchar_t)); | ||
2632 | - } | ||
2633 | + | ||
2634 | +__fortify_potential_overload size_t | ||
2635 | +__NTH (mbsrtowcs (wchar_t *__restrict const __clang_pass_object_size __dst, | ||
2636 | + const char **__restrict __src, size_t __len, | ||
2637 | + mbstate_t *__restrict __ps)) | ||
2638 | +__FORTIFY_PRECONDITIONS | ||
2639 | + __FORTIFY_WARNING_ONLY_IF_BOS_LT2 (__mbsrtowcs_warn, __len, __dst, | ||
2640 | + sizeof (wchar_t), | ||
2641 | + "mbsrtowcs called with dst buffer " | ||
2642 | + "smaller than len * sizeof (wchar_t)") | ||
2643 | +{ | ||
2644 | + if (__FORTIFY_CALL_CHK && __bos (__dst) != (size_t) -1) | ||
2645 | + return __mbsrtowcs_chk (__dst, __src, __len, __ps, | ||
2646 | + __bos (__dst) / sizeof (wchar_t)); | ||
2647 | return __mbsrtowcs_alias (__dst, __src, __len, __ps); | ||
2648 | } | ||
2649 | +__FORTIFY_FUNCTION_END | ||
2650 | |||
2651 | |||
2652 | extern size_t __wcsrtombs_chk (char *__restrict __dst, | ||
2653 | @@ -497,27 +458,21 @@ extern size_t __REDIRECT_NTH (__wcsrtomb | ||
2654 | const wchar_t **__restrict __src, | ||
2655 | size_t __len, mbstate_t *__restrict __ps), | ||
2656 | wcsrtombs); | ||
2657 | -extern size_t __REDIRECT_NTH (__wcsrtombs_chk_warn, | ||
2658 | - (char *__restrict __dst, | ||
2659 | - const wchar_t **__restrict __src, | ||
2660 | - size_t __len, mbstate_t *__restrict __ps, | ||
2661 | - size_t __dstlen), __wcsrtombs_chk) | ||
2662 | - __warnattr ("wcsrtombs called with dst buffer smaller than len"); | ||
2663 | |||
2664 | -__fortify_function size_t | ||
2665 | -__NTH (wcsrtombs (char *__restrict __dst, const wchar_t **__restrict __src, | ||
2666 | - size_t __len, mbstate_t *__restrict __ps)) | ||
2667 | -{ | ||
2668 | - if (__bos (__dst) != (size_t) -1) | ||
2669 | - { | ||
2670 | - if (!__builtin_constant_p (__len)) | ||
2671 | - return __wcsrtombs_chk (__dst, __src, __len, __ps, __bos (__dst)); | ||
2672 | - | ||
2673 | - if (__len > __bos (__dst)) | ||
2674 | - return __wcsrtombs_chk_warn (__dst, __src, __len, __ps, __bos (__dst)); | ||
2675 | - } | ||
2676 | +__fortify_potential_overload size_t | ||
2677 | +__NTH (wcsrtombs (char *__restrict const __clang_pass_object_size __dst, | ||
2678 | + const wchar_t **__restrict __src, size_t __len, | ||
2679 | + mbstate_t *__restrict __ps)) | ||
2680 | +__FORTIFY_PRECONDITIONS | ||
2681 | + __FORTIFY_WARNING_ONLY_IF_BOS_LT (__wcsrtombs_warn, __len, __dst, | ||
2682 | + "wcsrtombs called with dst buffer " | ||
2683 | + "smaller than len") | ||
2684 | +{ | ||
2685 | + if (__FORTIFY_CALL_CHK && __bos (__dst) != (size_t) -1) | ||
2686 | + return __wcsrtombs_chk (__dst, __src, __len, __ps, __bos (__dst)); | ||
2687 | return __wcsrtombs_alias (__dst, __src, __len, __ps); | ||
2688 | } | ||
2689 | +__FORTIFY_FUNCTION_END | ||
2690 | |||
2691 | |||
2692 | #ifdef __USE_GNU | ||
2693 | @@ -530,30 +485,23 @@ extern size_t __REDIRECT_NTH (__mbsnrtow | ||
2694 | const char **__restrict __src, size_t __nmc, | ||
2695 | size_t __len, mbstate_t *__restrict __ps), | ||
2696 | mbsnrtowcs); | ||
2697 | -extern size_t __REDIRECT_NTH (__mbsnrtowcs_chk_warn, | ||
2698 | - (wchar_t *__restrict __dst, | ||
2699 | - const char **__restrict __src, size_t __nmc, | ||
2700 | - size_t __len, mbstate_t *__restrict __ps, | ||
2701 | - size_t __dstlen), __mbsnrtowcs_chk) | ||
2702 | - __warnattr ("mbsnrtowcs called with dst buffer smaller than len " | ||
2703 | - "* sizeof (wchar_t)"); | ||
2704 | - | ||
2705 | -__fortify_function size_t | ||
2706 | -__NTH (mbsnrtowcs (wchar_t *__restrict __dst, const char **__restrict __src, | ||
2707 | - size_t __nmc, size_t __len, mbstate_t *__restrict __ps)) | ||
2708 | -{ | ||
2709 | - if (__bos (__dst) != (size_t) -1) | ||
2710 | - { | ||
2711 | - if (!__builtin_constant_p (__len)) | ||
2712 | - return __mbsnrtowcs_chk (__dst, __src, __nmc, __len, __ps, | ||
2713 | - __bos (__dst) / sizeof (wchar_t)); | ||
2714 | - | ||
2715 | - if (__len > __bos (__dst) / sizeof (wchar_t)) | ||
2716 | - return __mbsnrtowcs_chk_warn (__dst, __src, __nmc, __len, __ps, | ||
2717 | - __bos (__dst) / sizeof (wchar_t)); | ||
2718 | - } | ||
2719 | + | ||
2720 | +__fortify_potential_overload size_t | ||
2721 | +__NTH (mbsnrtowcs (wchar_t *__restrict const __clang_pass_object_size __dst, | ||
2722 | + const char **__restrict __src, size_t __nmc, size_t __len, | ||
2723 | + mbstate_t *__restrict __ps)) | ||
2724 | +__FORTIFY_PRECONDITIONS | ||
2725 | + __FORTIFY_WARNING_ONLY_IF_BOS_LT (__mbsnrtowcs_warn, | ||
2726 | + sizeof (wchar_t) * __len, __dst, | ||
2727 | + "mbsnrtowcs called with dst buffer " | ||
2728 | + "smaller than len * sizeof (wchar_t)") | ||
2729 | +{ | ||
2730 | + if (__FORTIFY_CALL_CHK && __bos (__dst) != (size_t) -1) | ||
2731 | + return __mbsnrtowcs_chk (__dst, __src, __nmc, __len, __ps, | ||
2732 | + __bos (__dst) / sizeof (wchar_t)); | ||
2733 | return __mbsnrtowcs_alias (__dst, __src, __nmc, __len, __ps); | ||
2734 | } | ||
2735 | +__FORTIFY_FUNCTION_END | ||
2736 | |||
2737 | |||
2738 | extern size_t __wcsnrtombs_chk (char *__restrict __dst, | ||
2739 | @@ -566,28 +514,19 @@ extern size_t __REDIRECT_NTH (__wcsnrtom | ||
2740 | const wchar_t **__restrict __src, | ||
2741 | size_t __nwc, size_t __len, | ||
2742 | mbstate_t *__restrict __ps), wcsnrtombs); | ||
2743 | -extern size_t __REDIRECT_NTH (__wcsnrtombs_chk_warn, | ||
2744 | - (char *__restrict __dst, | ||
2745 | - const wchar_t **__restrict __src, | ||
2746 | - size_t __nwc, size_t __len, | ||
2747 | - mbstate_t *__restrict __ps, | ||
2748 | - size_t __dstlen), __wcsnrtombs_chk) | ||
2749 | - __warnattr ("wcsnrtombs called with dst buffer smaller than len"); | ||
2750 | - | ||
2751 | -__fortify_function size_t | ||
2752 | -__NTH (wcsnrtombs (char *__restrict __dst, const wchar_t **__restrict __src, | ||
2753 | - size_t __nwc, size_t __len, mbstate_t *__restrict __ps)) | ||
2754 | -{ | ||
2755 | - if (__bos (__dst) != (size_t) -1) | ||
2756 | - { | ||
2757 | - if (!__builtin_constant_p (__len)) | ||
2758 | - return __wcsnrtombs_chk (__dst, __src, __nwc, __len, __ps, | ||
2759 | - __bos (__dst)); | ||
2760 | - | ||
2761 | - if (__len > __bos (__dst)) | ||
2762 | - return __wcsnrtombs_chk_warn (__dst, __src, __nwc, __len, __ps, | ||
2763 | - __bos (__dst)); | ||
2764 | - } | ||
2765 | + | ||
2766 | +__fortify_potential_overload size_t | ||
2767 | +__NTH (wcsnrtombs (char *__restrict const __clang_pass_object_size __dst, | ||
2768 | + const wchar_t **__restrict __src, size_t __nwc, size_t __len, | ||
2769 | + mbstate_t *__restrict __ps)) | ||
2770 | +__FORTIFY_PRECONDITIONS | ||
2771 | + __FORTIFY_WARNING_ONLY_IF_BOS_LT (__wcsnrtombs_warn, __len, __dst, | ||
2772 | + "wcsnrtombs called with dst buffer " | ||
2773 | + "smaller than len") | ||
2774 | +{ | ||
2775 | + if (__FORTIFY_CALL_CHK && __bos (__dst) != (size_t) -1) | ||
2776 | + return __wcsnrtombs_chk (__dst, __src, __nwc, __len, __ps, __bos (__dst)); | ||
2777 | return __wcsnrtombs_alias (__dst, __src, __nwc, __len, __ps); | ||
2778 | } | ||
2779 | +__FORTIFY_FUNCTION_END | ||
2780 | #endif | ||