fortify-headers/include/string.h, branch strn Standalone portable header-based implementation of FORTIFY_SOURCE=3 http://git.dustri.org/fortify-headers/atom?h=strn 2024-10-10T13:50:40Z Fix a crash in strncpy/stpncpy 2024-10-10T13:50:40Z jvoisin 2024-10-10T13:50:40Z urn:sha1:e2cfd2879a15db00dfa9a42eeb1baaef6a930aff ``` Core was generated by `scripts/mod/modpost -M -m -o Module.symvers -n -T modules.order vmlinux.o'. Program terminated with signal SIGSEGV, Segmentation fault. warning: 17 src/string/strlen.c: No such file or directory (gdb) bt ``` > I think strncpy logic is broken: `__fh_size_t max_len_s = strlen(__s);` may try read past `size_t __n`. > Create a buf without any trailing `\0`, do `strncpy(dest, buf, sizeof(buf));`, it should work, since `strncpy` will stop at `sizeof buf` > but the current fority-headers implementation will do `strlen(buf)`, which will go boom when it is not terminated with \0 Reported-by: ncopa Fix usage of strnlen 2024-10-03T22:16:50Z Quentin Rameau 2024-10-02T19:15:12Z urn:sha1:6573631a5e4339a2fc2f86680e36e35e25bf416c As with previous commit, some strnlen calls where introduced in 22a8094, but not reverted. As strnlen isn't part of C standard, this was breaking C builds. Revert d2594298b89d0fb8989cae3ebc8900e77b6aa478 2024-09-02T14:11:06Z jvoisin 2024-09-02T14:08:38Z urn:sha1:114b563adc2b942bc5abd4c5820507076d453f64 As reported on irc: ``` 17:51 <q> jvoisin, fortify-headers seems to be broken (on Alpine at least) 17:52 <q> Repeating the message from over-there: 17:52 <q> /usr/include/fortify/string.h: In function 'strncat': 17:52 <q> /usr/include/fortify/string.h:297:36: error: implicit declaration of function 'strnlen'; did you mean 'strlen'? [-Wimplicit-function-declaration] 17:52 <q> This is with a simple file that includes string.h and call strncat, built with c99 -O1 f.c ``` Fix access annotation for stpncpy/strncpy 2024-07-10T14:46:15Z jvoisin 2024-07-10T14:46:15Z urn:sha1:c4d9299abf7f6b941493fc487d2ccbb47d756479 The dsize parameter is the length of the dst, not the length of the src. Reported-by: ncopa prefix special defines with FORTIFY_ 2024-07-10T13:20:23Z psykose 2024-07-10T04:49:02Z urn:sha1:459d202b1bbf7abb817a596ce9374edfb7b4da8f just in case, and because 'PEDANTIC_CHECKS' is a really generic name Fix some overlap mismatch 2024-04-24T15:14:46Z jvoisin 2024-04-24T15:09:08Z urn:sha1:a817e1555a755224cacc1cbdeeaefb6a1de606f0 This was caught by the following test: ``` int main(void) { char c[32]; memcpy(c, c + 16, 16); } ``` Reported-by: q66 Disable pedantic checks by default 2024-04-24T12:51:19Z jvoisin 2024-04-24T12:49:52Z urn:sha1:265fa03fa0c467c9c41d803ebe2a538e758cba20 They can be re-enabled via `PEDANTIC_CHECKS` Relax our checks for memchr on C11 and above 2024-03-19T17:35:13Z jvoisin 2024-03-19T17:35:13Z urn:sha1:8ed72e7c1caa0eb4238e649063c26a11720935de Since C11: > This function behaves as if it reads the bytes sequentially and stops as soon as a matching bytes is found: if the array pointed to by ptr is smaller than count, but the match is found within the array, the behavior is well-defined. Reported-by: q66 Add some NULL-pointers checks 2024-03-08T15:28:52Z jvoisin 2024-03-08T15:07:57Z urn:sha1:140cffbe84a08669d67c3257258d2bb70ff29c3b See: - https://www.imperialviolet.org/2016/06/26/nonnull.html - https://davidben.net/2024/01/15/empty-slices.html Re-enable previously disabled overlap checks 2023-12-28T15:13:37Z jvoisin 2023-12-27T16:07:32Z urn:sha1:22a8094b41b2606084dc0c0c70487e5ed0fcb652 They were previously disabled in 80a83a5