Standalone portable header-based implementation of FORTIFY_SOURCE=3 http://git.dustri.org/fortify-headers/atom?h=master 2026-04-01T18:37:02Z 2026-04-01T18:37:02Z jvoisin 2026-04-01T18:37:02Z urn:sha1:60c096eb0433f7573c768a2c8523abd3c11e0720 As explained in `man realpath(3)`: > The POSIX.1-2001 standard version of this function is broken by design, > since it is impossible to determine a suitable size for the output > buffer, resolved_path. According to POSIX.1-2001 a buffer of size PATH_MAX > suffices, but PATH_MAX need not be a defined constant, and may have to be > obtained using pathconf(3). And asking pathconf(3) does not really help, > since, on the one hand POSIX warns that the result of pathconf(3) may be huge > and unsuitable for mallocing memory, and on the other hand pathconf(3) may > return -1 to signify that PATH_MAX is not bounded. The re‐ solved_path > == NULL feature, not standardized in POSIX.1-2001, but standardized in > POSIX.1-2008, allows this design problem to be avoided. So we can either not compile, or be pragmatic, and define PATH_MAX to a sane value, like 4096, which is the one used on Linux and some/most BSD. This commit also adds two tests to ensure that things aren't catastrophically broken by this change. 2025-12-30T10:34:48Z jvoisin 2025-12-30T10:33:08Z urn:sha1:eec2b5e06bdb01d20f1a1125074a379e0b154d80 2025-11-14T15:56:09Z jvoisin 2025-11-14T15:25:52Z urn:sha1:611069d07c14bf7ace7a75fa2bc9147db8ac097d 2025-10-31T21:16:21Z Daniel Kolesa 2022-10-25T22:30:00Z urn:sha1:f46714c2f9eb13c12c8218f1b7c045182041fdc9 Co-Authored-By: jvoisin <julien.voisin@dustri.org> 2025-10-31T21:16:21Z Daniel Kolesa 2022-11-01T19:14:54Z urn:sha1:8915dc13de44fed3a076a9fd51eb1ab2b5502d7b It seems useless and triggers 'error: expected external declaration' 2025-10-31T21:16:21Z jvoisin 2023-03-18T13:01:02Z urn:sha1:249492e08adbf034976770ab3b021ba093a2ab18 GCC and Clang provide __builtin_dynamic_object_size (see documentation: https://gcc.gnu.org/onlinedocs/gcc/Object-Size-Checking.html), so we should make use of it when its available. 2019-03-07T00:05:30Z info@mobile-stream.com 2019-03-06T13:28:48Z urn:sha1:ff82ffbc74d82091527449e31fe351d15830f716 This allows the compiler to optimize out the slow/trap path at all for the typical correct code: char buf[PATH_MAX]; r = realpath(path, buf); The change keeps the "unknown object size" case handling intact. 2018-07-24T10:00:30Z A. Wilcox 2018-06-23T22:57:48Z urn:sha1:a9ffac8596b094da8563aa5dd5d81c946670afe5 A few important notes: * __extension__ is a GNU C "alternate" keyword, not a C++ keyword.[1] * __extension__ is designed to work on "expressions"; it does work on #include_next in C mode, but it has no effect in C++ mode; the warning will still appear, if enabled, even with __extension__ preceding #include_next. This is because #include_next is not considered an expression in C++, so the compiler attaches __extension__ to the first expression of the header. All of this leads us to a build failure while building at least all Mozilla software. Moz has an alternate -isystem dir searched before /usr/include that overrides some headers, including <features.h>. The first statement in each of these headers is a #pragma, and since __extension__ is looking for an expression, and #pragma is a "null" expression, we end up with the following error: dist/system_wrappers/features.h:1:9: error: '#pragma' is not allowed here Since __extension__ has no effect on #include_next in C++ mode anyway, and since it can cause breakage, this commit omits __extension__ in C++ mode. [1]: https://gcc.gnu.org/onlinedocs/gcc-6.4.0/gcc/Alternate-Keywords.html 2016-09-10T11:54:17Z sin 2016-09-10T11:54:06Z urn:sha1:2bc423c355a992fea2f95724235898218575c95e 2016-07-14T15:09:13Z Natanael Copa 2016-07-14T14:45:11Z urn:sha1:9880d5864bfa5ae3fa6ca7b739953ac5f74524be The __extension__ seems to trigger a bug in gcc when there are no identifier specified afterwards. Testcase: echo "#include <stdlib.h>" > try.c && cc -O0 -c try.c try.c:2:0: error: expected identifier or '(' at end of input With -O2 it does not happen. We work around this by only pulling in limits.h when we actually need the PATH_MAX. Signed-off-by: Natanael Copa <ncopa@alpinelinux.org>