Add `access` annotations

author: jvoisin 2025-11-12 22:28:13 +0100
committer: jvoisin 2025-11-14 13:55:31 +0100
commit: bf242b15e1f7873bdb940c2441b5e57747bc2f81 (patch)
tree: dd80ee51edf4542b65a9e49db369dc44d089c359
parent: c93890993aded39be2f8f820fb19d8efe2cd9184 (diff)
6 files changed, 61 insertions, 0 deletions
diff --git a/include/fortify-headers.h b/include/fortify-headers.h
index e406dce..a9b7498 100644
--- a/include/fortify-headers.h
+++ b/include/fortify-headers.h
@@ -59,4 +59,15 @@
 #define __bos(ptr, type) __builtin_object_size (ptr, type)
 #endif
+/* This needs to be two different conditions: https://gcc.gnu.org/onlinedocs/cpp/_005f_005fhas_005fattribute.html */
+#if defined __has_attribute
+#if __has_attribute (access)
+#define __access(...) __attribute__ ((access (__VA_ARGS__)))
+#else
+#define __access(...)
+#endif
+#else
+#define __access(...)
+#endif
 #endif
diff --git a/include/stdio.h b/include/stdio.h
index a75c9ea..67738ed 100644
--- a/include/stdio.h
+++ b/include/stdio.h
@@ -37,6 +37,8 @@ extern "C" {
 #undef snprintf
 #undef sprintf
+__access(read_write, 1, 2)
+__access(read_only, 3)
 _FORTIFY_FN(fgets) char *fgets(char * _FORTIFY_POS0 __s, int __n, FILE *__f)
 {
        size_t __b = __bos(__s, 0);
@@ -46,6 +48,8 @@ _FORTIFY_FN(fgets) char *fgets(char * _FORTIFY_POS0 __s, int __n, FILE *__f)
        return __orig_fgets(__s, __n, __f);
 }
+__access(write_only, 1)
+__access(read_only, 4)
 _FORTIFY_FN(fread) size_t fread(void * _FORTIFY_POS0 __d, size_t __n,
                                size_t __m, FILE *__f)
 {
@@ -58,6 +62,8 @@ _FORTIFY_FN(fread) size_t fread(void * _FORTIFY_POS0 __d, size_t __n,
        return __orig_fread(__d, __n, __m, __f);
 }
+__access(read_only, 1)
+__access(write_only, 4)
 _FORTIFY_FN(fwrite) size_t fwrite(const void * _FORTIFY_POS0 __d, size_t __n,
                                  size_t __m, FILE *__f)
 {
@@ -70,6 +76,8 @@ _FORTIFY_FN(fwrite) size_t fwrite(const void * _FORTIFY_POS0 __d, size_t __n,
        return __orig_fwrite(__d, __n, __m, __f);
 }
+__access(write_only, 1, 2)
+__access(read_only, 3)
 _FORTIFY_FN(vsnprintf) int vsnprintf(char * _FORTIFY_POS0 __s, size_t __n,
                                     const char *__f, __builtin_va_list __v)
 {
@@ -80,6 +88,8 @@ _FORTIFY_FN(vsnprintf) int vsnprintf(char * _FORTIFY_POS0 __s, size_t __n,
        return __orig_vsnprintf(__s, __n, __f, __v);
 }
+__access(write_only, 1)
+__access(read_only, 2)
 _FORTIFY_FN(vsprintf) int vsprintf(char * _FORTIFY_POS0 __s, const char *__f,
                                   __builtin_va_list __v)
 {
diff --git a/include/string.h b/include/string.h
index 9fc1cd4..cf0be60 100644
--- a/include/string.h
+++ b/include/string.h
@@ -37,6 +37,8 @@ extern "C" {
 #undef strncat
 #undef strncpy
+__access(write_only, 1, 3)
+__access(read_only, 2, 3)
 _FORTIFY_FN(memcpy) void *memcpy(void * _FORTIFY_POS0 __od,
                                 const void * _FORTIFY_POS0 __os, size_t __n)
 {
@@ -55,6 +57,8 @@ _FORTIFY_FN(memcpy) void *memcpy(void * _FORTIFY_POS0 __od,
        return __builtin_memcpy(__od, __os, __n);
 }
+__access(write_only, 1, 3)
+__access(read_only, 2, 3)
 _FORTIFY_FN(memmove) void *memmove(void * _FORTIFY_POS0 __d,
                                   const void * _FORTIFY_POS0 __s, size_t __n)
 {
@@ -66,6 +70,7 @@ _FORTIFY_FN(memmove) void *memmove(void * _FORTIFY_POS0 __d,
        return __orig_memmove(__d, __s, __n);
 }
+__access(write_only, 1, 3)
 _FORTIFY_FN(memset) void *memset(void * _FORTIFY_POS0 __d, int __c, size_t __n)
 {
        size_t __b = __bos(__d, 0);
@@ -79,6 +84,8 @@ _FORTIFY_FN(memset) void *memset(void * _FORTIFY_POS0 __d, int __c, size_t __n)
 || defined(_XOPEN_SOURCE) || defined(_GNU_SOURCE) \
 || defined(_BSD_SOURCE)
 #undef stpcpy
+__access(write_only, 1)
+__access(read_only, 2)
 _FORTIFY_FN(stpcpy) char *stpcpy(char * _FORTIFY_POS0 __d, const char *__s)
 {
        size_t __b = __bos(__d, 0);
@@ -89,6 +96,8 @@ _FORTIFY_FN(stpcpy) char *stpcpy(char * _FORTIFY_POS0 __d, const char *__s)
 }
 #undef stpncpy
+__access(write_only, 1)
+__access(read_only, 2)
 _FORTIFY_FN(stpncpy) char *stpncpy(char * _FORTIFY_POS0 __d, const char *__s,
                                   size_t __n)
 {
@@ -100,6 +109,8 @@ _FORTIFY_FN(stpncpy) char *stpncpy(char * _FORTIFY_POS0 __d, const char *__s,
 }
 #endif
+__access(read_write, 1)
+__access(read_only, 2)
 _FORTIFY_FN(strcat) char *strcat(char * _FORTIFY_POS0 __d, const char *__s)
 {
        size_t __b = __bos(__d, 0);
@@ -109,6 +120,8 @@ _FORTIFY_FN(strcat) char *strcat(char * _FORTIFY_POS0 __d, const char *__s)
        return __orig_strcat(__d, __s);
 }
+__access(write_only, 1)
+__access(read_only, 2)
 _FORTIFY_FN(strcpy) char *strcpy(char * _FORTIFY_POS0 __d, const char *__s)
 {
        size_t __b = __bos(__d, 0);
@@ -118,6 +131,8 @@ _FORTIFY_FN(strcpy) char *strcpy(char * _FORTIFY_POS0 __d, const char *__s)
        return __orig_strcpy(__d, __s);
 }
+__access(read_write, 1)
+__access(read_only, 2)
 _FORTIFY_FN(strncat) char *strncat(char * _FORTIFY_POS0 __d, const char *__s,
                                   size_t __n)
 {
@@ -135,6 +150,8 @@ _FORTIFY_FN(strncat) char *strncat(char * _FORTIFY_POS0 __d, const char *__s,
        return __orig_strncat(__d, __s, __n);
 }
+__access(write_only, 1)
+__access(read_only, 2)
 _FORTIFY_FN(strncpy) char *strncpy(char * _FORTIFY_POS0 __d,
                                   const char *__s, size_t __n)
 {
@@ -147,6 +164,8 @@ _FORTIFY_FN(strncpy) char *strncpy(char * _FORTIFY_POS0 __d,
 #ifdef _GNU_SOURCE
 #undef mempcpy
+__access(write_only, 1, 3)
+__access(read_only, 2, 3)
 _FORTIFY_FN(mempcpy) void *mempcpy(void * _FORTIFY_POS0 __d,
                                   const void * _FORTIFY_POS0 __s, size_t __n)
 {
@@ -162,6 +181,8 @@ _FORTIFY_FN(mempcpy) void *mempcpy(void * _FORTIFY_POS0 __d,
 #if defined(_GNU_SOURCE) || defined(_BSD_SOURCE)
 #undef strlcat
 #undef strlcpy
+__access(read_write, 1)
+__access(read_only, 2)
 _FORTIFY_FN(strlcat) size_t strlcat(char * _FORTIFY_POS0 __d,
                                    const char *__s, size_t __n)
 {
@@ -172,6 +193,8 @@ _FORTIFY_FN(strlcat) size_t strlcat(char * _FORTIFY_POS0 __d,
        return __orig_strlcat(__d, __s, __n);
 }
+__access(write_only, 1)
+__access(read_only, 2)
 _FORTIFY_FN(strlcpy) size_t strlcpy(char * _FORTIFY_POS0 __d,
                                    const char *__s, size_t __n)
 {
diff --git a/include/strings.h b/include/strings.h
index 862b7be..3b6b765 100644
--- a/include/strings.h
+++ b/include/strings.h
@@ -31,6 +31,8 @@ extern "C" {
 || (defined(_XOPEN_SOURCE) && _XOPEN_SOURCE+0 < 700)
 #undef bcopy
 #undef bzero
+__access(write_only, 2, 3)
+__access(read_only, 1, 3)
 _FORTIFY_FN(bcopy) void bcopy(const void * _FORTIFY_POS0 __s,
                              void * _FORTIFY_POS0 __d, size_t __n)
 {
@@ -42,6 +44,7 @@ _FORTIFY_FN(bcopy) void bcopy(const void * _FORTIFY_POS0 __s,
        return __orig_bcopy(__s, __d, __n);
 }
+__access(write_only, 1, 2)
 _FORTIFY_FN(bzero) void bzero(void * _FORTIFY_POS0 __s, size_t __n)
 {
        size_t __b = __bos(__s, 0);
diff --git a/include/sys/socket.h b/include/sys/socket.h
index 7dfa71a..94cc0c8 100644
--- a/include/sys/socket.h
+++ b/include/sys/socket.h
@@ -34,6 +34,7 @@ extern "C" {
 #undef send
 #undef sendto
+__access(write_only, 2, 3)
 _FORTIFY_FN(recv) ssize_t recv(int __f, void * _FORTIFY_POS0 __s, size_t __n,
                               int __fl)
 {
@@ -44,6 +45,7 @@ _FORTIFY_FN(recv) ssize_t recv(int __f, void * _FORTIFY_POS0 __s, size_t __n,
        return __orig_recv(__f, __s, __n, __fl);
 }
+__access(write_only, 2, 3)
 _FORTIFY_FN(recvfrom) ssize_t recvfrom(int __f, void * _FORTIFY_POS0 __s,
                                       size_t __n, int __fl,
                                       struct sockaddr *__a, socklen_t *__l)
@@ -55,6 +57,7 @@ _FORTIFY_FN(recvfrom) ssize_t recvfrom(int __f, void * _FORTIFY_POS0 __s,
        return __orig_recvfrom(__f, __s, __n, __fl, __a, __l);
 }
+__access(read_only, 2, 3)
 _FORTIFY_FN(send) ssize_t send(int __f, const void * _FORTIFY_POS0 __s,
                               size_t __n, int __fl)
 {
@@ -65,6 +68,7 @@ _FORTIFY_FN(send) ssize_t send(int __f, const void * _FORTIFY_POS0 __s,
        return __orig_send(__f, __s, __n, __fl);
 }
+__access(read_only, 2, 3)
 _FORTIFY_FN(sendto) ssize_t sendto(int __f, const void * _FORTIFY_POS0 __s,
                                   size_t __n, int __fl,
                                   const struct sockaddr *__a, socklen_t __l)
diff --git a/include/unistd.h b/include/unistd.h
index 4c18b73..a6c2ed1 100644
--- a/include/unistd.h
+++ b/include/unistd.h
@@ -41,6 +41,7 @@ extern "C" {
 #undef ttyname_r
 #undef write
+__access(write_only, 2, 3)
 _FORTIFY_FN(confstr) size_t confstr(int __n, char * _FORTIFY_POS0 __s, size_t __l)
 {
        size_t __b = __bos(__s, 0);
@@ -51,6 +52,7 @@ _FORTIFY_FN(confstr) size_t confstr(int __n, char * _FORTIFY_POS0 __s, size_t __
        return __r;
 }
+__access(write_only, 1, 2)
 _FORTIFY_FN(getcwd) char *getcwd(char * _FORTIFY_POS0 __s, size_t __l)
 {
        size_t __b = __bos(__s, 0);
@@ -62,6 +64,7 @@ _FORTIFY_FN(getcwd) char *getcwd(char * _FORTIFY_POS0 __s, size_t __l)
 #if defined(_GNU_SOURCE) || defined(_BSD_SOURCE)
 #undef getdomainname
+__access(write_only, 1, 2)
 _FORTIFY_FN(getdomainname) int getdomainname(char * _FORTIFY_POS0 __s, size_t __l)
 {
        size_t __b = __bos(__s, 0);
@@ -81,6 +84,7 @@ _FORTIFY_FN(getgroups) int getgroups(int __l, gid_t * _FORTIFY_POS0 __s)
        return __orig_getgroups(__l, __s);
 }
+__access(write_only, 1, 2)
 _FORTIFY_FN(gethostname) int gethostname(char * _FORTIFY_POS0 __s, size_t __l)
 {
        size_t __b = __bos(__s, 0);
@@ -90,6 +94,7 @@ _FORTIFY_FN(gethostname) int gethostname(char * _FORTIFY_POS0 __s, size_t __l)
        return __orig_gethostname(__s, __l);
 }
+__access(write_only, 1, 2)
 _FORTIFY_FN(getlogin_r) int getlogin_r(char * _FORTIFY_POS0 __s, size_t __l)
 {
        size_t __b = __bos(__s, 0);
@@ -109,6 +114,7 @@ _FORTIFY_FN(pread) ssize_t pread(int __f, void * _FORTIFY_POS0 __s,
        return __orig_pread(__f, __s, __n, __o);
 }
+__access(write_only, 2, 3)
 _FORTIFY_FN(read) ssize_t read(int __f, void * _FORTIFY_POS0 __s, size_t __n)
 {
        size_t __b = __bos(__s, 0);
@@ -118,6 +124,7 @@ _FORTIFY_FN(read) ssize_t read(int __f, void * _FORTIFY_POS0 __s, size_t __n)
        return __orig_read(__f, __s, __n);
 }
+__access(write_only, 2, 3)
 _FORTIFY_FN(readlink) ssize_t readlink(const char *__p,
                                       char * _FORTIFY_POS0 __s, size_t __n)
 {
@@ -128,6 +135,7 @@ _FORTIFY_FN(readlink) ssize_t readlink(const char *__p,
        return __orig_readlink(__p, __s, __n);
 }
+__access(write_only, 3, 4)
 _FORTIFY_FN(readlinkat) ssize_t readlinkat(int __f, const char *__p,
                                           char * _FORTIFY_POS0 __s, size_t __n)
 {
@@ -138,6 +146,7 @@ _FORTIFY_FN(readlinkat) ssize_t readlinkat(int __f, const char *__p,
        return __orig_readlinkat(__f, __p, __s, __n);
 }
+__access(write_only, 2, 3)
 _FORTIFY_FN(ttyname_r) int ttyname_r(int __f, char * _FORTIFY_POS0 __s,
                                     size_t __n)
 {
@@ -148,6 +157,7 @@ _FORTIFY_FN(ttyname_r) int ttyname_r(int __f, char * _FORTIFY_POS0 __s,
        return __orig_ttyname_r(__f, __s, __n);
 }
+__access(read_only, 2, 3)
 _FORTIFY_FN(write) ssize_t write(int __f, const void * _FORTIFY_POS0 __s,
                                 size_t __n)
 {
author	jvoisin	2025-11-12 22:28:13 +0100
committer	jvoisin	2025-11-14 13:55:31 +0100
commit	bf242b15e1f7873bdb940c2441b5e57747bc2f81 (patch)
tree	dd80ee51edf4542b65a9e49db369dc44d089c359
parent	c93890993aded39be2f8f820fb19d8efe2cd9184 (diff)