[v3] cdefs: Drop access attribute for _FORTIFY_SOURCE=3 (BZ #31383)
Checks
Context |
Check |
Description |
redhat-pt-bot/TryBot-apply_patch |
success
|
Patch applied to master at the time it was sent
|
redhat-pt-bot/TryBot-32bit |
success
|
Build for i686
|
linaro-tcwg-bot/tcwg_glibc_build--master-aarch64 |
success
|
Testing passed
|
linaro-tcwg-bot/tcwg_glibc_check--master-aarch64 |
success
|
Testing passed
|
linaro-tcwg-bot/tcwg_glibc_build--master-arm |
success
|
Testing passed
|
linaro-tcwg-bot/tcwg_glibc_check--master-arm |
success
|
Testing passed
|
Commit Message
When passed a pointer to a zero-sized struct, the access attribute
without the third argument misleads -Wstringop-overflow diagnostics to
think that a function is writing 1 byte into the zero-sized structs.
The attribute doesn't add that much value in this context, so drop it
completely for _FORTIFY_SOURCE=3.
Resolves: BZ #31383
Signed-off-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
---
Changes from v2:
- Use supported-fortify to set the right fortification level for the
compiler.
Changes from v1:
- Adjust test to read from /dev/zero
io/Makefile | 2 ++
io/tst-read-zero.c | 39 +++++++++++++++++++++++++++++++++++++++
misc/sys/cdefs.h | 6 +++---
3 files changed, 44 insertions(+), 3 deletions(-)
create mode 100644 io/tst-read-zero.c
Comments
On 26/02/24 13:03, Siddhesh Poyarekar wrote:
> When passed a pointer to a zero-sized struct, the access attribute
> without the third argument misleads -Wstringop-overflow diagnostics to
> think that a function is writing 1 byte into the zero-sized structs.
> The attribute doesn't add that much value in this context, so drop it
> completely for _FORTIFY_SOURCE=3.
>
> Resolves: BZ #31383
> Signed-off-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
LGTM, thanks.
Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
> ---
> Changes from v2:
> - Use supported-fortify to set the right fortification level for the
> compiler.
>
> Changes from v1:
> - Adjust test to read from /dev/zero
>
> io/Makefile | 2 ++
> io/tst-read-zero.c | 39 +++++++++++++++++++++++++++++++++++++++
> misc/sys/cdefs.h | 6 +++---
> 3 files changed, 44 insertions(+), 3 deletions(-)
> create mode 100644 io/tst-read-zero.c
>
> diff --git a/io/Makefile b/io/Makefile
> index 54d950d51f..19932d50f7 100644
> --- a/io/Makefile
> +++ b/io/Makefile
> @@ -215,6 +215,7 @@ tests := \
> tst-openat \
> tst-posix_fallocate \
> tst-posix_fallocate64 \
> + tst-read-zero \
> tst-readlinkat \
> tst-renameat \
> tst-stat \
Maybe it makes more sense to add this test on debug subfolder, but I don't
have a strong preference.
> @@ -290,6 +291,7 @@ CFLAGS-read.c += -fexceptions -fasynchronous-unwind-tables $(config-cflags-wno-i
> CFLAGS-write.c += -fexceptions -fasynchronous-unwind-tables $(config-cflags-wno-ignored-attributes)
> CFLAGS-close.c += -fexceptions -fasynchronous-unwind-tables
> CFLAGS-lseek64.c += $(config-cflags-wno-ignored-attributes)
> +CFLAGS-tst-read-zero.c += $(no-fortify-source),-D_FORTIFY_SOURCE=$(supported-fortify)
>
> CFLAGS-test-stat.c += -D_FILE_OFFSET_BITS=64 -D_LARGEFILE64_SOURCE
> CFLAGS-test-lfs.c += -D_LARGEFILE64_SOURCE
> diff --git a/io/tst-read-zero.c b/io/tst-read-zero.c
> new file mode 100644
> index 0000000000..8d1d30a543
> --- /dev/null
> +++ b/io/tst-read-zero.c
> @@ -0,0 +1,39 @@
> +/* read smoke test for 0-sized structures.
> + Copyright The GNU Toolchain Authors.
> + This file is part of the GNU C Library.
> +
> + The GNU C Library is free software; you can redistribute it and/or
> + modify it under the terms of the GNU Lesser General Public
> + License as published by the Free Software Foundation; either
> + version 2.1 of the License, or (at your option) any later version.
> +
> + The GNU C Library is distributed in the hope that it will be useful,
> + but WITHOUT ANY WARRANTY; without even the implied warranty of
> + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> + Lesser General Public License for more details.
> +
> + You should have received a copy of the GNU Lesser General Public
> + License along with the GNU C Library; if not, see
> + <https://www.gnu.org/licenses/>. */
> +
> +/* Zero-sized structures should not result in any overflow warnings or
> + errors when fortification is enabled. */
> +#include <fcntl.h>
> +#include <stdio.h>
> +#include <unistd.h>
> +#include <support/check.h>
> +
> +int
> +do_test (void)
> +{
> + struct test_st {} test_info[16];
> + int fd = open ("/dev/zero", O_RDONLY, 0);
> +
> + if (fd == -1)
> + FAIL_UNSUPPORTED ("Unable to open /dev/zero: %m");
> +
> + TEST_VERIFY_EXIT (read (fd, test_info, sizeof(test_info)) == 0);
> + return 0;
> +}
> +
> +#include <support/test-driver.c>
> diff --git a/misc/sys/cdefs.h b/misc/sys/cdefs.h
> index 520231dbea..800c44640f 100644
> --- a/misc/sys/cdefs.h
> +++ b/misc/sys/cdefs.h
> @@ -683,10 +683,10 @@ _Static_assert (0, "IEEE 128-bits long double requires redirection on this platf
> # define __attr_access(x) __attribute__ ((__access__ x))
> /* For _FORTIFY_SOURCE == 3 we use __builtin_dynamic_object_size, which may
> use the access attribute to get object sizes from function definition
> - arguments, so we can't use them on functions we fortify. Drop the object
> - size hints for such functions. */
> + arguments, so we can't use them on functions we fortify. Drop the access
> + attribute for such functions. */
> # if __USE_FORTIFY_LEVEL == 3
> -# define __fortified_attr_access(a, o, s) __attribute__ ((__access__ (a, o)))
> +# define __fortified_attr_access(a, o, s)
> # else
> # define __fortified_attr_access(a, o, s) __attr_access ((a, o, s))
> # endif
@@ -215,6 +215,7 @@ tests := \
tst-openat \
tst-posix_fallocate \
tst-posix_fallocate64 \
+ tst-read-zero \
tst-readlinkat \
tst-renameat \
tst-stat \
@@ -290,6 +291,7 @@ CFLAGS-read.c += -fexceptions -fasynchronous-unwind-tables $(config-cflags-wno-i
CFLAGS-write.c += -fexceptions -fasynchronous-unwind-tables $(config-cflags-wno-ignored-attributes)
CFLAGS-close.c += -fexceptions -fasynchronous-unwind-tables
CFLAGS-lseek64.c += $(config-cflags-wno-ignored-attributes)
+CFLAGS-tst-read-zero.c += $(no-fortify-source),-D_FORTIFY_SOURCE=$(supported-fortify)
CFLAGS-test-stat.c += -D_FILE_OFFSET_BITS=64 -D_LARGEFILE64_SOURCE
CFLAGS-test-lfs.c += -D_LARGEFILE64_SOURCE
new file mode 100644
@@ -0,0 +1,39 @@
+/* read smoke test for 0-sized structures.
+ Copyright The GNU Toolchain Authors.
+ This file is part of the GNU C Library.
+
+ The GNU C Library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+
+ The GNU C Library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with the GNU C Library; if not, see
+ <https://www.gnu.org/licenses/>. */
+
+/* Zero-sized structures should not result in any overflow warnings or
+ errors when fortification is enabled. */
+#include <fcntl.h>
+#include <stdio.h>
+#include <unistd.h>
+#include <support/check.h>
+
+int
+do_test (void)
+{
+ struct test_st {} test_info[16];
+ int fd = open ("/dev/zero", O_RDONLY, 0);
+
+ if (fd == -1)
+ FAIL_UNSUPPORTED ("Unable to open /dev/zero: %m");
+
+ TEST_VERIFY_EXIT (read (fd, test_info, sizeof(test_info)) == 0);
+ return 0;
+}
+
+#include <support/test-driver.c>
@@ -683,10 +683,10 @@ _Static_assert (0, "IEEE 128-bits long double requires redirection on this platf
# define __attr_access(x) __attribute__ ((__access__ x))
/* For _FORTIFY_SOURCE == 3 we use __builtin_dynamic_object_size, which may
use the access attribute to get object sizes from function definition
- arguments, so we can't use them on functions we fortify. Drop the object
- size hints for such functions. */
+ arguments, so we can't use them on functions we fortify. Drop the access
+ attribute for such functions. */
# if __USE_FORTIFY_LEVEL == 3
-# define __fortified_attr_access(a, o, s) __attribute__ ((__access__ (a, o)))
+# define __fortified_attr_access(a, o, s)
# else
# define __fortified_attr_access(a, o, s) __attr_access ((a, o, s))
# endif