Standalone portable header-based implementation of FORTIFY_SOURCE=3 http://git.dustri.org/fortify-headers/atom?h=2.2 2024-03-19T17:35:13Z 2024-03-19T17:35:13Z jvoisin 2024-03-19T17:35:13Z urn:sha1:8ed72e7c1caa0eb4238e649063c26a11720935de Since C11: > This function behaves as if it reads the bytes sequentially and stops as soon as a matching bytes is found: if the array pointed to by ptr is smaller than count, but the match is found within the array, the behavior is well-defined. Reported-by: q66 2024-03-08T15:28:52Z jvoisin 2024-03-08T15:07:57Z urn:sha1:140cffbe84a08669d67c3257258d2bb70ff29c3b See: - https://www.imperialviolet.org/2016/06/26/nonnull.html - https://davidben.net/2024/01/15/empty-slices.html 2023-12-28T15:13:37Z jvoisin 2023-12-27T16:07:32Z urn:sha1:22a8094b41b2606084dc0c0c70487e5ed0fcb652 They were previously disabled in 80a83a5 2023-12-27T15:06:59Z jvoisin 2023-12-27T11:36:47Z urn:sha1:80a83a56b52e833e6d3afec4d0723d7625d52cee They check overlap across the whole range of the given length, but the given length is not what will actually be copied, rather it's the maximum length (if src is shorter, only length of src will be copied). This triggers false positives and traps where it shouldn't (e.g. in ICU tests). Reported-by: q66 2023-12-16T01:07:23Z q66 2023-12-16T01:07:23Z urn:sha1:c59aa9ac0efa20e7194f6bb93635d0482f5c60f4 2023-12-16T01:03:16Z q66 2023-12-16T01:03:16Z urn:sha1:9d7f00791381217ccaa4d2da58a5c135ef4773b9 2023-12-16T01:00:43Z q66 2023-12-16T01:00:10Z urn:sha1:ca2ede3b63b0b3c12a4059f282c86fd66024dbb7 SIGILL is not the only possible trap handler. On non-x86 archs this is not the case for instance. 2023-12-15T20:41:08Z jvoisin 2023-12-15T15:08:12Z urn:sha1:57a3e9c1c7507b5ce56122429cc3649009a4ecc7 This should fix #32 2023-12-07T16:29:06Z jvoisin 2023-12-06T20:45:57Z urn:sha1:b5d5cebc2b4218ca2c04c52546849df7625a53a0 2023-12-07T11:07:29Z jvoisin 2023-12-07T10:58:47Z urn:sha1:9064a508d5f1ed3514d3e5b4734576e80f7048ae