Standalone portable header-based implementation of FORTIFY_SOURCE=3 http://git.dustri.org/fortify-headers/atom?h=annotations 2025-11-10T22:55:25Z 2025-11-10T22:55:25Z jvoisin 2025-10-31T20:08:47Z urn:sha1:bc2641769ec3019ab7d794b032a6e36030581c76 It's unfortunately valid to pass a buffer smaller than MB_CUR_MAX to wctomb, so let's not trap on this. Moreover, it's supposed to be implemented in stdlib.h and not wchar.h anyway. 2025-10-31T21:16:21Z Daniel Kolesa 2022-10-25T22:30:00Z urn:sha1:f46714c2f9eb13c12c8218f1b7c045182041fdc9 Co-Authored-By: jvoisin <julien.voisin@dustri.org> 2025-10-31T21:16:21Z Daniel Kolesa 2022-11-01T19:14:54Z urn:sha1:8915dc13de44fed3a076a9fd51eb1ab2b5502d7b It seems useless and triggers 'error: expected external declaration' 2025-10-31T21:16:21Z jvoisin 2023-03-18T13:01:02Z urn:sha1:249492e08adbf034976770ab3b021ba093a2ab18 GCC and Clang provide __builtin_dynamic_object_size (see documentation: https://gcc.gnu.org/onlinedocs/gcc/Object-Size-Checking.html), so we should make use of it when its available. 2019-03-07T00:05:34Z info@mobile-stream.com 2019-03-06T13:28:48Z urn:sha1:9b796691eb794e9f5279886e917c028a09f8a728 This allows the compiler to optimize out the slow/trap path at all for the typical correct code: char buf[MB_LEN_MAX]; r = wctomb(buf, c); The change tries to keep the "unknown object size" case handling in wcrtomb() as is even if it seems redundant and not helping (we copy __buf to possibly undersized __s in any case) and inconsistent with wctomb() (where we let the original library method itself overwrite the possibly undersized __s). 2019-02-25T13:17:08Z sin 2019-02-25T13:01:12Z urn:sha1:5aabc7e6aad28327d75671e52c50060e4543112c 2018-07-24T10:00:30Z A. Wilcox 2018-06-23T22:57:48Z urn:sha1:a9ffac8596b094da8563aa5dd5d81c946670afe5 A few important notes: * __extension__ is a GNU C "alternate" keyword, not a C++ keyword.[1] * __extension__ is designed to work on "expressions"; it does work on #include_next in C mode, but it has no effect in C++ mode; the warning will still appear, if enabled, even with __extension__ preceding #include_next. This is because #include_next is not considered an expression in C++, so the compiler attaches __extension__ to the first expression of the header. All of this leads us to a build failure while building at least all Mozilla software. Moz has an alternate -isystem dir searched before /usr/include that overrides some headers, including <features.h>. The first statement in each of these headers is a #pragma, and since __extension__ is looking for an expression, and #pragma is a "null" expression, we end up with the following error: dist/system_wrappers/features.h:1:9: error: '#pragma' is not allowed here Since __extension__ has no effect on #include_next in C++ mode anyway, and since it can cause breakage, this commit omits __extension__ in C++ mode. [1]: https://gcc.gnu.org/onlinedocs/gcc-6.4.0/gcc/Alternate-Keywords.html 2017-08-22T10:38:36Z sin 2017-08-22T10:31:49Z urn:sha1:9730e9d297068f7555621891072360c58095efc8 The POSIX definition of wcrtomb (http://pubs.opengroup.org/onlinepubs/9699919799/functions/wcrtomb.html) states: "When wc is not a valid wide character, an encoding error shall occur. In this case, the function shall store the value of the macro [EILSEQ] in errno and shall return (size_t)-1; the conversion state shall be undefined." The fortify-headers implementation of wcrtomb interprets the result -1 as 18446744073709551615 bytes. Since this is the highest 64-bit number possible, it is pretty safe to say this will always be larger than any buffer provided to wcrtomb. Therefore, it traps. Fixes bug https://bugs.alpinelinux.org/issues/7681. Patch by A. Wilcox <AWilcox@Wilcox-Tech.com> 2016-09-10T11:54:17Z sin 2016-09-10T11:54:06Z urn:sha1:2bc423c355a992fea2f95724235898218575c95e 2015-07-15T14:55:56Z sin 2015-07-15T14:53:41Z urn:sha1:a255506ca487250255f9f048e61cf90166ceab77 This was breaking valid code, example: char c; wcrtomb(&c, L'0', st);