fix realpath when stdlib.h is included before limits.h

If program includes stdlib.h before limits.h without _XOPEN_SOURCE,
_GNU_SOURCE or _BSD_SOURCE explicitly set, then will it always trigger
the trap with musl libc.

This is becase stdlib.h will pull in features.h which will set
_GNU_SOURCE. This means that the fortify stdlib.h will not include
limits.h but it will still trigger the fortified realpath(), but without
PATH_MAX set.

We fix this by including system stdlib.h before testing if limits.h
should be included.

Since PATH_MAX is known at compile time we can also error at compile
time, instead of compiling a broken realpath().

1 files changed, 3 insertions, 3 deletions

diff --git a/include/stdlib.h b/include/stdlib.h
index 22f1f2b..6629652 100644
--- a/include/stdlib.h
+++ b/include/stdlib.h
@@ -1,12 +1,12 @@
 #ifndef _FORTIFY_STDLIB_H
 #define _FORTIFY_STDLIB_H
 
+#include_next <stdlib.h>
+
 #if defined(_XOPEN_SOURCE) || defined(_GNU_SOURCE) || defined(_BSD_SOURCE)
 #include_next <limits.h>
 #endif
 
-#include_next <stdlib.h>
-
 #if defined(_FORTIFY_SOURCE) && _FORTIFY_SOURCE > 0 && defined(__OPTIMIZE__) && __OPTIMIZE__ > 0
 
 #ifdef __cplusplus
@@ -23,7 +23,7 @@ char *realpath(const char *path, char *resolved)
 
         if (resolved) {
 #ifndef PATH_MAX
-                __builtin_trap();
+# error PATH_MAX unset. A fortified realpath will not work.
 #else
                 bos = __builtin_object_size(resolved, 0);
                 if (PATH_MAX > bos)