fortify-headers/include, branch 2.3

fortify-headers/include, branch 2.3 Standalone portable header-based implementation of FORTIFY_SOURCE=3 http://git.dustri.org/fortify-headers/atom?h=2.3 2024-05-26T20:19:27Z Add vasprintf/asprintf 2024-05-26T20:19:27Z jvoisin 2024-05-20T12:48:35Z urn:sha1:1becad43298e74ba73bc66f9d44523e5d121c667 The only hardening being done here is to set the char** parameter to thos functions to NULL in case of an error, to prevent it from being used should people forget to check return values. This is already done on some BSD, as well as in Rocky Linux. Fix some overlap mismatch 2024-04-24T15:14:46Z jvoisin 2024-04-24T15:09:08Z urn:sha1:a817e1555a755224cacc1cbdeeaefb6a1de606f0 This was caught by the following test: ``` int main(void) { char c[32]; memcpy(c, c + 16, 16); } ``` Reported-by: q66 Disable pedantic checks by default 2024-04-24T12:51:19Z jvoisin 2024-04-24T12:49:52Z urn:sha1:265fa03fa0c467c9c41d803ebe2a538e758cba20 They can be re-enabled via `PEDANTIC_CHECKS` Relax our checks for memchr on C11 and above 2024-03-19T17:35:13Z jvoisin 2024-03-19T17:35:13Z urn:sha1:8ed72e7c1caa0eb4238e649063c26a11720935de Since C11: > This function behaves as if it reads the bytes sequentially and stops as soon as a matching bytes is found: if the array pointed to by ptr is smaller than count, but the match is found within the array, the behavior is well-defined. Reported-by: q66 Add some NULL-pointers checks 2024-03-08T15:28:52Z jvoisin 2024-03-08T15:07:57Z urn:sha1:140cffbe84a08669d67c3257258d2bb70ff29c3b See: - https://www.imperialviolet.org/2016/06/26/nonnull.html - https://davidben.net/2024/01/15/empty-slices.html Properly check for builtins 2024-01-13T19:34:19Z jvoisin 2024-01-13T19:34:19Z urn:sha1:1a8431430ec4b97f0baaf2bf3b385be5f5da08cf Clang's [documentation](https://clang.llvm.org/docs/LanguageExtensions.html#has-builtin) says: > __has_builtin should not be used to detect support for a builtin macro; use #ifdef instead. So we're now using both, since it's often tedious/non-trivial to find out what is a macro and what is a compiler builtin, across compilers and C versions. Re-enable previously disabled overlap checks 2023-12-28T15:13:37Z jvoisin 2023-12-27T16:07:32Z urn:sha1:22a8094b41b2606084dc0c0c70487e5ed0fcb652 They were previously disabled in 80a83a5 Improve __fh_overlap implementation 2023-12-27T15:17:55Z jvoisin 2023-12-27T15:17:55Z urn:sha1:8513fddefca4c6e3982718732afeec71bad4e688 Don't check for overlapping in strncpy/stpncpy for now 2023-12-27T15:06:59Z jvoisin 2023-12-27T11:36:47Z urn:sha1:80a83a56b52e833e6d3afec4d0723d7625d52cee They check overlap across the whole range of the given length, but the given length is not what will actually be copied, rather it's the maximum length (if src is shorter, only length of src will be copied). This triggers false positives and traps where it shouldn't (e.g. in ICU tests). Reported-by: q66 fix typo for __builtin_memcpy 2023-12-18T11:52:12Z psykose 2023-12-18T11:47:09Z urn:sha1:01dc0e38a8a0be034bf21cc6ae4cc8cebc0e7a79