Standalone portable header-based implementation of FORTIFY_SOURCE=3 http://git.dustri.org/fortify-headers/atom?h=experimental 2025-10-28T22:18:21Z 2025-10-28T22:18:21Z jvoisin 2025-10-28T22:18:21Z urn:sha1:ede3643ed290bc6b7764d6add93e76899f7629b2 Fixing the following issue: ``` In file included from xstrndup.c:34: /OpenWrt/aarch64/staging_dir/toolchain-aarch64_cortex-a53_gcc-14.3.0_musl/include/fortify/string.h: In function 'mempcpy': /OpenWrt/aarch64/staging_dir/toolchain-aarch64_cortex-a53_gcc-14.3.0_musl/include/fortify/string.h:340:13: error: 'nonnull' argument '__d' compared to NULL [-Werror=nonnull-compare] 340 | if (!__d || !__s) | ^~~~ /OpenWrt/aarch64/staging_dir/toolchain-aarch64_cortex-a53_gcc-14.3.0_musl/include/fortify/string.h:340:21: error: 'nonnull' argument '__s' compared to NULL [-Werror=nonnull-compare] 340 | if (!__d || !__s) | ^~~~ cc1: all warnings being treated as errors make[5]: *** [Makefile:511: xstrndup.o] Error 1 ``` Reported in https://github.com/openwrt/openwrt/pull/20552 2025-10-28T22:13:42Z jvoisin 2025-10-28T22:13:42Z urn:sha1:8a43ce98138d363b6595a16b98b6016c5e306191 2025-10-28T17:12:50Z Hauke Mehrtens 2025-10-26T16:38:41Z urn:sha1:7027b39b4de8ba361efce499472008e21ee29f86 The previews code tried to get the value defined for FORTIFY_USE_NATIVE_CHK and this resulted in some build errors like this: ``` /include/fortify/stdio.h: In function 'vsnprintf': /include/fortify/stdio.h:155:49: error: "FORTIFY_USE_NATIVE_CHK" is not defined, evaluates to 0 [-Werror=undef] 155 | #if __has_builtin(__builtin___vsnprintf_chk) && FORTIFY_USE_NATIVE_CHK | ^~~~~~~~~~~~~~~~~~~~~~ ``` Check if it is defined instead. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> 2025-05-12T16:52:20Z jvoisin 2025-05-12T16:52:20Z urn:sha1:2c17bdbd255e75f48753a1429589b3a17cde872a 2024-10-21T13:04:50Z jvoisin 2024-10-21T13:04:50Z urn:sha1:dcdd2f1fb065b6e98d87ab7b367e8fb483f9b59c `strlen(src)` isn't guaranteed to be valid. 2024-10-10T13:50:40Z jvoisin 2024-10-10T13:50:40Z urn:sha1:e2cfd2879a15db00dfa9a42eeb1baaef6a930aff ``` Core was generated by `scripts/mod/modpost -M -m -o Module.symvers -n -T modules.order vmlinux.o'. Program terminated with signal SIGSEGV, Segmentation fault. warning: 17 src/string/strlen.c: No such file or directory (gdb) bt ``` > I think strncpy logic is broken: `__fh_size_t max_len_s = strlen(__s);` may try read past `size_t __n`. > Create a buf without any trailing `\0`, do `strncpy(dest, buf, sizeof(buf));`, it should work, since `strncpy` will stop at `sizeof buf` > but the current fority-headers implementation will do `strlen(buf)`, which will go boom when it is not terminated with \0 Reported-by: ncopa 2024-10-03T22:16:50Z Quentin Rameau 2024-10-02T19:15:12Z urn:sha1:6573631a5e4339a2fc2f86680e36e35e25bf416c As with previous commit, some strnlen calls where introduced in 22a8094, but not reverted. As strnlen isn't part of C standard, this was breaking C builds. 2024-09-02T14:11:06Z jvoisin 2024-09-02T14:08:38Z urn:sha1:114b563adc2b942bc5abd4c5820507076d453f64 As reported on irc: ``` 17:51 <q> jvoisin, fortify-headers seems to be broken (on Alpine at least) 17:52 <q> Repeating the message from over-there: 17:52 <q> /usr/include/fortify/string.h: In function 'strncat': 17:52 <q> /usr/include/fortify/string.h:297:36: error: implicit declaration of function 'strnlen'; did you mean 'strlen'? [-Wimplicit-function-declaration] 17:52 <q> This is with a simple file that includes string.h and call strncat, built with c99 -O1 f.c ``` 2024-07-10T14:46:15Z jvoisin 2024-07-10T14:46:15Z urn:sha1:c4d9299abf7f6b941493fc487d2ccbb47d756479 The dsize parameter is the length of the dst, not the length of the src. Reported-by: ncopa 2024-07-10T13:20:23Z psykose 2024-07-10T04:49:02Z urn:sha1:459d202b1bbf7abb817a596ce9374edfb7b4da8f just in case, and because 'PEDANTIC_CHECKS' is a really generic name