[v2] cdefs: Drop access attribute for _FORTIFY_SOURCE=3 (BZ #31383)
Checks
Context |
Check |
Description |
redhat-pt-bot/TryBot-apply_patch |
success
|
Patch applied to master at the time it was sent
|
linaro-tcwg-bot/tcwg_glibc_build--master-aarch64 |
success
|
Testing passed
|
redhat-pt-bot/TryBot-32bit |
success
|
Build for i686
|
linaro-tcwg-bot/tcwg_glibc_check--master-aarch64 |
fail
|
Testing failed
|
linaro-tcwg-bot/tcwg_glibc_build--master-arm |
success
|
Testing passed
|
linaro-tcwg-bot/tcwg_glibc_check--master-arm |
fail
|
Testing failed
|
Commit Message
When passed a pointer to a zero-sized struct, the access attribute
without the third argument misleads -Wstringop-overflow diagnostics to
think that a function is writing 1 byte into the zero-sized structs.
The attribute doesn't add that much value in this context, so drop it
completely for _FORTIFY_SOURCE=3.
Resolves: BZ #31383
Signed-off-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
---
Changes from v1:
- Adjust test to read from /dev/zero
io/Makefile | 1 +
io/tst-read-zero.c | 40 ++++++++++++++++++++++++++++++++++++++++
misc/sys/cdefs.h | 6 +++---
3 files changed, 44 insertions(+), 3 deletions(-)
create mode 100644 io/tst-read-zero.c
Comments
On 16/02/24 13:44, Siddhesh Poyarekar wrote:
> When passed a pointer to a zero-sized struct, the access attribute
> without the third argument misleads -Wstringop-overflow diagnostics to
> think that a function is writing 1 byte into the zero-sized structs.
> The attribute doesn't add that much value in this context, so drop it
> completely for _FORTIFY_SOURCE=3.
>
> Resolves: BZ #31383
> Signed-off-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
It fails to build with aarch64/armhf buildbot [1]. The bots uses the
ubuntu 22 system compiler (gcc 11.4), and the tests fails:
* with --enable-fortify-source=2
$ make test t=io/tst-read-zero
[...]
tst-read-zero.c:21: error: "_FORTIFY_SOURCE" redefined [-Werror]
21 | #define _FORTIFY_SOURCE 3
|
<command-line>: note: this is the location of the previous definition
In file included from ../io/fcntl.h:25,
from ../include/fcntl.h:2,
from tst-read-zero.c:22:
../include/features.h:434:5: error: #warning _FORTIFY_SOURCE > 2 is treated like 2 on this platform [-Werror=cpp]
434 | # warning _FORTIFY_SOURCE > 2 is treated like 2 on this platform
| ^~~~~~~
cc1: all warnings being treated as errors
* with --enable-fortify-source=no
In file included from ../io/fcntl.h:25,
from ../include/fcntl.h:2,
from tst-read-zero.c:22:
../include/features.h:434:5: error: #warning _FORTIFY_SOURCE > 2 is treated like 2 on this platform [-Werror=cpp]
434 | # warning _FORTIFY_SOURCE > 2 is treated like 2 on this platform
| ^~~~~~~
cc1: all warnings being treated as errors
https://patchwork.sourceware.org/project/glibc/patch/20240216164401.3184063-1-siddhesh@sourceware.org/
> ---
> Changes from v1:
> - Adjust test to read from /dev/zero
>
> io/Makefile | 1 +
> io/tst-read-zero.c | 40 ++++++++++++++++++++++++++++++++++++++++
> misc/sys/cdefs.h | 6 +++---
> 3 files changed, 44 insertions(+), 3 deletions(-)
> create mode 100644 io/tst-read-zero.c
>
> diff --git a/io/Makefile b/io/Makefile
> index 54d950d51f..2a52b66255 100644
> --- a/io/Makefile
> +++ b/io/Makefile
> @@ -215,6 +215,7 @@ tests := \
> tst-openat \
> tst-posix_fallocate \
> tst-posix_fallocate64 \
> + tst-read-zero \
> tst-readlinkat \
> tst-renameat \
> tst-stat \
> diff --git a/io/tst-read-zero.c b/io/tst-read-zero.c
> new file mode 100644
> index 0000000000..9442f94e5d
> --- /dev/null
> +++ b/io/tst-read-zero.c
> @@ -0,0 +1,40 @@
> +/* read smoke test for 0-sized structures.
> + Copyright The GNU Toolchain Authors.
> + This file is part of the GNU C Library.
> +
> + The GNU C Library is free software; you can redistribute it and/or
> + modify it under the terms of the GNU Lesser General Public
> + License as published by the Free Software Foundation; either
> + version 2.1 of the License, or (at your option) any later version.
> +
> + The GNU C Library is distributed in the hope that it will be useful,
> + but WITHOUT ANY WARRANTY; without even the implied warranty of
> + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> + Lesser General Public License for more details.
> +
> + You should have received a copy of the GNU Lesser General Public
> + License along with the GNU C Library; if not, see
> + <https://www.gnu.org/licenses/>. */
> +
> +/* Zero-sized structures should not result in any overflow warnings or
> + errors when fortification is enabled. */
> +#define _FORTIFY_SOURCE 3
> +#include <fcntl.h>
> +#include <stdio.h>
> +#include <unistd.h>
> +#include <support/check.h>
> +
> +int
> +do_test (void)
> +{
> + struct test_st {} test_info[16];
> + int fd = open ("/dev/zero", O_RDONLY, 0);
> +
> + if (fd == -1)
> + FAIL_UNSUPPORTED ("Unable to open /dev/zero: %m");
> +
> + TEST_VERIFY_EXIT (read (fd, test_info, sizeof(test_info)) == 0);
> + return 0;
> +}
> +
> +#include <support/test-driver.c>
> diff --git a/misc/sys/cdefs.h b/misc/sys/cdefs.h
> index 520231dbea..800c44640f 100644
> --- a/misc/sys/cdefs.h
> +++ b/misc/sys/cdefs.h
> @@ -683,10 +683,10 @@ _Static_assert (0, "IEEE 128-bits long double requires redirection on this platf
> # define __attr_access(x) __attribute__ ((__access__ x))
> /* For _FORTIFY_SOURCE == 3 we use __builtin_dynamic_object_size, which may
> use the access attribute to get object sizes from function definition
> - arguments, so we can't use them on functions we fortify. Drop the object
> - size hints for such functions. */
> + arguments, so we can't use them on functions we fortify. Drop the access
> + attribute for such functions. */
> # if __USE_FORTIFY_LEVEL == 3
> -# define __fortified_attr_access(a, o, s) __attribute__ ((__access__ (a, o)))
> +# define __fortified_attr_access(a, o, s)
> # else
> # define __fortified_attr_access(a, o, s) __attr_access ((a, o, s))
> # endif
On 2024-02-20 09:44, Adhemerval Zanella Netto wrote:
>
>
> On 16/02/24 13:44, Siddhesh Poyarekar wrote:
>> When passed a pointer to a zero-sized struct, the access attribute
>> without the third argument misleads -Wstringop-overflow diagnostics to
>> think that a function is writing 1 byte into the zero-sized structs.
>> The attribute doesn't add that much value in this context, so drop it
>> completely for _FORTIFY_SOURCE=3.
>>
>> Resolves: BZ #31383
>> Signed-off-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
>
> It fails to build with aarch64/armhf buildbot [1]. The bots uses the
> ubuntu 22 system compiler (gcc 11.4), and the tests fails:
>
> * with --enable-fortify-source=2
Ah, I see. I'll fix this; I've hard-coded _FORTIFY_SOURCE=3 in there
and maybe I should set it only to the maximum supported fortification
level. I'll send an updated patch.
Thanks,
Sid
>
> $ make test t=io/tst-read-zero
> [...]
> tst-read-zero.c:21: error: "_FORTIFY_SOURCE" redefined [-Werror]
> 21 | #define _FORTIFY_SOURCE 3
> |
> <command-line>: note: this is the location of the previous definition
> In file included from ../io/fcntl.h:25,
> from ../include/fcntl.h:2,
> from tst-read-zero.c:22:
> ../include/features.h:434:5: error: #warning _FORTIFY_SOURCE > 2 is treated like 2 on this platform [-Werror=cpp]
> 434 | # warning _FORTIFY_SOURCE > 2 is treated like 2 on this platform
> | ^~~~~~~
> cc1: all warnings being treated as errors
>
> * with --enable-fortify-source=no
>
> In file included from ../io/fcntl.h:25,
> from ../include/fcntl.h:2,
> from tst-read-zero.c:22:
> ../include/features.h:434:5: error: #warning _FORTIFY_SOURCE > 2 is treated like 2 on this platform [-Werror=cpp]
> 434 | # warning _FORTIFY_SOURCE > 2 is treated like 2 on this platform
> | ^~~~~~~
> cc1: all warnings being treated as errors
>
> https://patchwork.sourceware.org/project/glibc/patch/20240216164401.3184063-1-siddhesh@sourceware.org/
>
>> ---
>> Changes from v1:
>> - Adjust test to read from /dev/zero
>>
>> io/Makefile | 1 +
>> io/tst-read-zero.c | 40 ++++++++++++++++++++++++++++++++++++++++
>> misc/sys/cdefs.h | 6 +++---
>> 3 files changed, 44 insertions(+), 3 deletions(-)
>> create mode 100644 io/tst-read-zero.c
>>
>> diff --git a/io/Makefile b/io/Makefile
>> index 54d950d51f..2a52b66255 100644
>> --- a/io/Makefile
>> +++ b/io/Makefile
>> @@ -215,6 +215,7 @@ tests := \
>> tst-openat \
>> tst-posix_fallocate \
>> tst-posix_fallocate64 \
>> + tst-read-zero \
>> tst-readlinkat \
>> tst-renameat \
>> tst-stat \
>> diff --git a/io/tst-read-zero.c b/io/tst-read-zero.c
>> new file mode 100644
>> index 0000000000..9442f94e5d
>> --- /dev/null
>> +++ b/io/tst-read-zero.c
>> @@ -0,0 +1,40 @@
>> +/* read smoke test for 0-sized structures.
>> + Copyright The GNU Toolchain Authors.
>> + This file is part of the GNU C Library.
>> +
>> + The GNU C Library is free software; you can redistribute it and/or
>> + modify it under the terms of the GNU Lesser General Public
>> + License as published by the Free Software Foundation; either
>> + version 2.1 of the License, or (at your option) any later version.
>> +
>> + The GNU C Library is distributed in the hope that it will be useful,
>> + but WITHOUT ANY WARRANTY; without even the implied warranty of
>> + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
>> + Lesser General Public License for more details.
>> +
>> + You should have received a copy of the GNU Lesser General Public
>> + License along with the GNU C Library; if not, see
>> + <https://www.gnu.org/licenses/>. */
>> +
>> +/* Zero-sized structures should not result in any overflow warnings or
>> + errors when fortification is enabled. */
>> +#define _FORTIFY_SOURCE 3
>> +#include <fcntl.h>
>> +#include <stdio.h>
>> +#include <unistd.h>
>> +#include <support/check.h>
>> +
>> +int
>> +do_test (void)
>> +{
>> + struct test_st {} test_info[16];
>> + int fd = open ("/dev/zero", O_RDONLY, 0);
>> +
>> + if (fd == -1)
>> + FAIL_UNSUPPORTED ("Unable to open /dev/zero: %m");
>> +
>> + TEST_VERIFY_EXIT (read (fd, test_info, sizeof(test_info)) == 0);
>> + return 0;
>> +}
>> +
>> +#include <support/test-driver.c>
>> diff --git a/misc/sys/cdefs.h b/misc/sys/cdefs.h
>> index 520231dbea..800c44640f 100644
>> --- a/misc/sys/cdefs.h
>> +++ b/misc/sys/cdefs.h
>> @@ -683,10 +683,10 @@ _Static_assert (0, "IEEE 128-bits long double requires redirection on this platf
>> # define __attr_access(x) __attribute__ ((__access__ x))
>> /* For _FORTIFY_SOURCE == 3 we use __builtin_dynamic_object_size, which may
>> use the access attribute to get object sizes from function definition
>> - arguments, so we can't use them on functions we fortify. Drop the object
>> - size hints for such functions. */
>> + arguments, so we can't use them on functions we fortify. Drop the access
>> + attribute for such functions. */
>> # if __USE_FORTIFY_LEVEL == 3
>> -# define __fortified_attr_access(a, o, s) __attribute__ ((__access__ (a, o)))
>> +# define __fortified_attr_access(a, o, s)
>> # else
>> # define __fortified_attr_access(a, o, s) __attr_access ((a, o, s))
>> # endif
>
@@ -215,6 +215,7 @@ tests := \
tst-openat \
tst-posix_fallocate \
tst-posix_fallocate64 \
+ tst-read-zero \
tst-readlinkat \
tst-renameat \
tst-stat \
new file mode 100644
@@ -0,0 +1,40 @@
+/* read smoke test for 0-sized structures.
+ Copyright The GNU Toolchain Authors.
+ This file is part of the GNU C Library.
+
+ The GNU C Library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+
+ The GNU C Library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with the GNU C Library; if not, see
+ <https://www.gnu.org/licenses/>. */
+
+/* Zero-sized structures should not result in any overflow warnings or
+ errors when fortification is enabled. */
+#define _FORTIFY_SOURCE 3
+#include <fcntl.h>
+#include <stdio.h>
+#include <unistd.h>
+#include <support/check.h>
+
+int
+do_test (void)
+{
+ struct test_st {} test_info[16];
+ int fd = open ("/dev/zero", O_RDONLY, 0);
+
+ if (fd == -1)
+ FAIL_UNSUPPORTED ("Unable to open /dev/zero: %m");
+
+ TEST_VERIFY_EXIT (read (fd, test_info, sizeof(test_info)) == 0);
+ return 0;
+}
+
+#include <support/test-driver.c>
@@ -683,10 +683,10 @@ _Static_assert (0, "IEEE 128-bits long double requires redirection on this platf
# define __attr_access(x) __attribute__ ((__access__ x))
/* For _FORTIFY_SOURCE == 3 we use __builtin_dynamic_object_size, which may
use the access attribute to get object sizes from function definition
- arguments, so we can't use them on functions we fortify. Drop the object
- size hints for such functions. */
+ arguments, so we can't use them on functions we fortify. Drop the access
+ attribute for such functions. */
# if __USE_FORTIFY_LEVEL == 3
-# define __fortified_attr_access(a, o, s) __attribute__ ((__access__ (a, o)))
+# define __fortified_attr_access(a, o, s)
# else
# define __fortified_attr_access(a, o, s) __attr_access ((a, o, s))
# endif