From patchwork Mon Jun 19 16:16:55 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Florian Weimer <fweimer@redhat.com>
X-Patchwork-Id: 21093
Received: (qmail 56098 invoked by alias); 19 Jun 2017 16:16:54 -0000
Mailing-List: contact libc-alpha-help@sourceware.org; run by ezmlm
Precedence: bulk
List-Id: <libc-alpha.sourceware.org>
List-Unsubscribe: <mailto:libc-alpha-unsubscribe-##L=##H@sourceware.org>
List-Subscribe: <mailto:libc-alpha-subscribe@sourceware.org>
List-Archive: <http://sourceware.org/ml/libc-alpha/>
List-Post: <mailto:libc-alpha@sourceware.org>
List-Help: <mailto:libc-alpha-help@sourceware.org>,
	<http://sourceware.org/ml/#faqs>
Sender: libc-alpha-owner@sourceware.org
Delivered-To: mailing list libc-alpha@sourceware.org
Received: (qmail 56083 invoked by uid 89); 19 Jun 2017 16:16:54 -0000
Authentication-Results: sourceware.org; auth=none
X-Virus-Found: No
X-Spam-SWARE-Status: No, score=-25.9 required=5.0 tests=BAYES_00, GIT_PATCH_0,
	GIT_PATCH_1, GIT_PATCH_2, GIT_PATCH_3,
	KAM_LAZY_DOMAIN_SECURITY, SPF_HELO_PASS,
	T_RP_MATCHES_RCVD autolearn=ham version=3.3.2 spammy=
X-HELO: mx1.redhat.com
DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com 4C10343A47
Authentication-Results: ext-mx06.extmail.prod.ext.phx2.redhat.com;
	dmarc=none (p=none dis=none) header.from=redhat.com
Authentication-Results: ext-mx06.extmail.prod.ext.phx2.redhat.com;
	spf=pass smtp.mailfrom=fweimer@redhat.com
DKIM-Filter: OpenDKIM Filter v2.11.0 mx1.redhat.com 4C10343A47
Date: Mon, 19 Jun 2017 18:16:55 +0200
To: libc-alpha@sourceware.org
Subject: [PATCH] no-alloca.h: Support poisoning alloca
User-Agent: Heirloom mailx 12.5 7/5/10
MIME-Version: 1.0
Message-Id: <20170619161655.68389402AEC3C@oldenburg.str.redhat.com>
From: fweimer@redhat.com (Florian Weimer)

2017-06-19  Florian Weimer  <fweimer@redhat.com>

	Support blocking VLAs and alloca at compile time.
	* Makeconfig (CFLAGS-no-alloca): Define.
	* include/no-alloca.h: New file.

diff --git a/Makeconfig b/Makeconfig
index 80aed2a..3b7caaf 100644
--- a/Makeconfig
+++ b/Makeconfig
@@ -508,6 +508,9 @@ endif  # +link
 # tell gcc to define IS_IN_build.
 CFLAGS-printers-tests := -O0 -ggdb3 -DIS_IN_build
 
+# CFLAGS setting to block VLAs and alloca for select source files.
+CFLAGS-no-alloca = -Werror=vla -include $(..)include/no-alloca.h
+
 ifeq (yes,$(build-shared))
 # These indicate whether to link using the built ld.so or the installed one.
 installed-rtld-LDFLAGS = -Wl,-dynamic-linker=$(rtlddir)/$(rtld-installed-name)
diff --git a/include/no-alloca.h b/include/no-alloca.h
new file mode 100644
index 0000000..b9d3ae6
--- /dev/null
+++ b/include/no-alloca.h
@@ -0,0 +1,25 @@
+/* Prevent the use of alloca.
+   Copyright (C) 2017 Free Software Foundation, Inc.
+   This file is part of the GNU C Library.
+
+   The GNU C Library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Lesser General Public
+   License as published by the Free Software Foundation; either
+   version 2.1 of the License, or (at your option) any later version.
+
+   The GNU C Library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Lesser General Public License for more details.
+
+   You should have received a copy of the GNU Lesser General Public
+   License along with the GNU C Library; if not, see
+   <http://www.gnu.org/licenses/>.  */
+
+#pragma GCC poison alloca
+#pragma GCC poison __alloca
+#pragma GCC poison __builtin_alloca
+#pragma GCC poison __builtin_alloca_with_align
+#pragma GCC poison extend_alloca
+
+#define __GLIBC_NO_ALLOCA 1
diff --git a/include/string.h b/include/string.h
index 2bf2944..ce4845e 100644
--- a/include/string.h
+++ b/include/string.h
@@ -62,7 +62,7 @@ extern __typeof (strcasecmp_l) __strcasecmp_l;
 extern __typeof (strncasecmp_l) __strncasecmp_l;
 
 /* Alternative version which doesn't pollute glibc's namespace.  */
-#if IS_IN (libc)
+#if IS_IN (libc) && !defined (__GLIBC_NO_ALLOCA)
 # undef strndupa
 # define strndupa(s, n)							      \
   (__extension__							      \
diff --git a/stdlib/stdlib.h b/stdlib/stdlib.h
index 6f1e70e..0f6b5e2 100644
--- a/stdlib/stdlib.h
+++ b/stdlib/stdlib.h
@@ -459,7 +459,7 @@ extern void *reallocarray (void *__ptr, size_t __nmemb, size_t __size)
 /* Free a block allocated by `malloc', `realloc' or `calloc'.  */
 extern void free (void *__ptr) __THROW;
 
-#ifdef __USE_MISC
+#if defined (__USE_MISC) && !defined (__GLIBC_NO_ALLOCA)
 # include <alloca.h>
 #endif /* Use misc.  */
 
diff --git a/string/string.h b/string/string.h
index d1a2746..cb28941 100644
--- a/string/string.h
+++ b/string/string.h
@@ -174,7 +174,7 @@ extern char *strndup (const char *__string, size_t __n)
      __THROW __attribute_malloc__ __nonnull ((1));
 #endif
 
-#if defined __USE_GNU && defined __GNUC__
+#if defined __USE_GNU && defined __GNUC__ && !defined (__GLIBC_NO_ALLOCA)
 /* Duplicate S, returning an identical alloca'd string.  */
 # define strdupa(s)							      \
   (__extension__							      \