Standalone portable header-based implementation of FORTIFY_SOURCE=3 http://git.dustri.org/fortify-headers/atom?h=strn 2024-10-09T23:51:34Z 2024-10-09T23:51:34Z jvoisin 2024-10-09T23:20:07Z urn:sha1:c3b48c6b0bf501802295c85b1cf54275d6b74883 2024-09-06T11:38:22Z jvoisin 2024-09-06T11:36:15Z urn:sha1:f2e7f24daaa43c0927130b6ed02c3ed17689b3ca It seems that annotating sprintf with `write` makes gcc unhappy, as its analyser is unable to understand that we're checking if `__b != -1` before calling `__orig_snprintf`, so let's comment this annotation for now. 2024-07-10T14:03:42Z jvoisin 2024-07-10T14:03:42Z urn:sha1:9014b0266147dbb74d5d9e6e2c24ae9d21ad7e07 In the same spirit as the previous commit. Reported-by: ncopa 2024-07-10T13:49:00Z jvoisin 2024-07-10T13:49:00Z urn:sha1:6f5423255b6d78b0d6979e6319642ae530f3e2b7 This fix the following issue: ``` In file included from exec-cmd.c:9: In function 'vsnprintf', inlined from 'report.constprop' at subcmd-util.h:13:2: /usr/include/fortify/stdio.h:162:16: error: 'msg' may be used uninitialized [-Werror=maybe-uninitialized] 162 | return __orig_vsnprintf(__s, __n, __f, __v); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ In file included from /usr/include/fortify/strings.h:23, from /usr/include/string.h:59, from /usr/include/fortify/string.h:23, from /home/ncopa/aports/main/linux-lts/src/linux-6.6/tools/include/linux/string.h:6, from exec-cmd.c:3: /usr/include/fortify/stdio.h: In function 'report.constprop': /usr/include/fortify/stdio.h:152:1: note: in a call to '__orig_vsnprintf' declared with attribute 'access (read_write, 1, 2)' here 152 | _FORTIFY_FN(vsnprintf) int vsnprintf(char * _FORTIFY_POS0 __s, size_t __n, | ^~~~~~~~~~~ In file included from exec-cmd.c:10: subcmd-util.h:12:14: note: 'msg' declared here 12 | char msg[1024]; | ^~~ cc1: all warnings being treated as errors make[5]: *** [/home/ncopa/aports/main/linux-lts/src/linux-6.6/tools/build/Makefile.build:98: /home/ncopa/aports/main/linux-lts/src/build-virt.x86_64/tools/objtool/libsubcmd/exec-cmd.o] Error 1 make[4]: *** [Makefile:80: /home/ncopa/aports/main/linux-lts/src/build-virt.x86_64/tools/objtool/libsubcmd/libsubcmd-in.o] Error 2 make[3]: *** [Makefile:78: /home/ncopa/aports/main/linux-lts/src/build-virt.x86_64/tools/objtool/libsubcmd/libsubcmd.a] Error 2 make[2]: *** [Makefile:73: objtool] Error 2 make[1]: *** [/home/ncopa/aports/main/linux-lts/src/linux-6.6/Makefile:1362: tools/objtool] Error 2 make: *** [/home/ncopa/aports/main/linux-lts/src/linux-6.6/Makefile:234: __sub-make] Error 2 ``` Reported-by: ncopa 2024-07-10T13:20:23Z psykose 2024-07-10T04:49:02Z urn:sha1:459d202b1bbf7abb817a596ce9374edfb7b4da8f just in case, and because 'PEDANTIC_CHECKS' is a really generic name 2024-06-14T17:37:48Z jvoisin 2024-06-14T17:37:48Z urn:sha1:6939e3382a232d20882c1c7e74274132de154bb6 - They're not used anywhere else in fortify-headers - It's breaking compilation on C++, because compatibility is hard It was initially reported on https://gitlab.alpinelinux.org/alpine/aports/-/issues/16200 2024-05-26T20:19:27Z jvoisin 2024-05-20T12:48:35Z urn:sha1:1becad43298e74ba73bc66f9d44523e5d121c667 The only hardening being done here is to set the char** parameter to thos functions to NULL in case of an error, to prevent it from being used should people forget to check return values. This is already done on some BSD, as well as in Rocky Linux. 2023-12-15T22:50:43Z q66 2023-12-15T22:48:58Z urn:sha1:a018052d410126f94c2602b208b099839d333b05 2023-12-15T22:32:23Z q66 2023-12-15T22:05:29Z urn:sha1:8d090c8a1a86408fa8b54029b97fccd17f9d35d5 Fixes https://github.com/jvoisin/fortify-headers/issues/34 2023-12-15T20:41:08Z jvoisin 2023-12-15T15:08:12Z urn:sha1:57a3e9c1c7507b5ce56122429cc3649009a4ecc7 This should fix #32