Patchwork no-alloca.h: Support poisoning alloca

login
register
mail settings
Submitter Florian Weimer
Date June 19, 2017, 4:16 p.m.
Message ID <20170619161655.68389402AEC3C@oldenburg.str.redhat.com>
Download mbox | patch
Permalink /patch/21093/
State New
Headers show

Comments

Florian Weimer - June 19, 2017, 4:16 p.m.
2017-06-19  Florian Weimer  <fweimer@redhat.com>

	Support blocking VLAs and alloca at compile time.
	* Makeconfig (CFLAGS-no-alloca): Define.
	* include/no-alloca.h: New file.

Patch

diff --git a/Makeconfig b/Makeconfig
index 80aed2a..3b7caaf 100644
--- a/Makeconfig
+++ b/Makeconfig
@@ -508,6 +508,9 @@  endif  # +link
 # tell gcc to define IS_IN_build.
 CFLAGS-printers-tests := -O0 -ggdb3 -DIS_IN_build
 
+# CFLAGS setting to block VLAs and alloca for select source files.
+CFLAGS-no-alloca = -Werror=vla -include $(..)include/no-alloca.h
+
 ifeq (yes,$(build-shared))
 # These indicate whether to link using the built ld.so or the installed one.
 installed-rtld-LDFLAGS = -Wl,-dynamic-linker=$(rtlddir)/$(rtld-installed-name)
diff --git a/include/no-alloca.h b/include/no-alloca.h
new file mode 100644
index 0000000..b9d3ae6
--- /dev/null
+++ b/include/no-alloca.h
@@ -0,0 +1,25 @@ 
+/* Prevent the use of alloca.
+   Copyright (C) 2017 Free Software Foundation, Inc.
+   This file is part of the GNU C Library.
+
+   The GNU C Library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Lesser General Public
+   License as published by the Free Software Foundation; either
+   version 2.1 of the License, or (at your option) any later version.
+
+   The GNU C Library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Lesser General Public License for more details.
+
+   You should have received a copy of the GNU Lesser General Public
+   License along with the GNU C Library; if not, see
+   <http://www.gnu.org/licenses/>.  */
+
+#pragma GCC poison alloca
+#pragma GCC poison __alloca
+#pragma GCC poison __builtin_alloca
+#pragma GCC poison __builtin_alloca_with_align
+#pragma GCC poison extend_alloca
+
+#define __GLIBC_NO_ALLOCA 1
diff --git a/include/string.h b/include/string.h
index 2bf2944..ce4845e 100644
--- a/include/string.h
+++ b/include/string.h
@@ -62,7 +62,7 @@  extern __typeof (strcasecmp_l) __strcasecmp_l;
 extern __typeof (strncasecmp_l) __strncasecmp_l;
 
 /* Alternative version which doesn't pollute glibc's namespace.  */
-#if IS_IN (libc)
+#if IS_IN (libc) && !defined (__GLIBC_NO_ALLOCA)
 # undef strndupa
 # define strndupa(s, n)							      \
   (__extension__							      \
diff --git a/stdlib/stdlib.h b/stdlib/stdlib.h
index 6f1e70e..0f6b5e2 100644
--- a/stdlib/stdlib.h
+++ b/stdlib/stdlib.h
@@ -459,7 +459,7 @@  extern void *reallocarray (void *__ptr, size_t __nmemb, size_t __size)
 /* Free a block allocated by `malloc', `realloc' or `calloc'.  */
 extern void free (void *__ptr) __THROW;
 
-#ifdef __USE_MISC
+#if defined (__USE_MISC) && !defined (__GLIBC_NO_ALLOCA)
 # include <alloca.h>
 #endif /* Use misc.  */
 
diff --git a/string/string.h b/string/string.h
index d1a2746..cb28941 100644
--- a/string/string.h
+++ b/string/string.h
@@ -174,7 +174,7 @@  extern char *strndup (const char *__string, size_t __n)
      __THROW __attribute_malloc__ __nonnull ((1));
 #endif
 
-#if defined __USE_GNU && defined __GNUC__
+#if defined __USE_GNU && defined __GNUC__ && !defined (__GLIBC_NO_ALLOCA)
 /* Duplicate S, returning an identical alloca'd string.  */
 # define strdupa(s)							      \
   (__extension__							      \