summaryrefslogtreecommitdiff
path: root/include (follow)
AgeCommit message (Collapse)Author
2023-09-27Add an option to make use of compiler-provided _chk builtinsjvoisin
2023-09-22Add more __diagnose_as_builtin annotationsjvoisin
2023-09-21Properly enable diagnose_as_builtin attributejvoisin
2023-09-20Add tests for compile-time errorsjvoisin
2023-09-20Replace a strlen+condition with strnlenjvoisin
2023-09-11Factorize overlap checks into a macrojvoisin
2023-09-11Add a warning for _FORTIFY_SOURCE>3jvoisin
2023-09-11Add a warning if realpath is called with path set to NULLjvoisin
2023-09-11Add the warn_unused_result attribute to alloc-related functionsjvoisin
2023-08-22Clean up some includesjvoisin
- Remove a superfluous `#if defined(__has_builtin)` since it's already accounted for in include/fortify-headers.h - Replace `_FORTIFY_FD_POS0` with the already existing `_FORTIFY_POS0` - Factorise some duplicate code into a macro
2023-08-22Increase portabilityjvoisin
If the compiler doesn't know about `__builtin_trap`, use `abort` instead.
2023-08-22Add hardening for pwritejvoisin
2023-08-21Harden umaskjvoisin
2023-08-21Make use of __diagnose_ifjvoisin
2023-08-21Remove some todo in __bmo's implementationjvoisin
2023-08-21Add tests for fgetws and mbsrtowcsjvoisin
2023-08-20Add more __access annotations in stdio.hjvoisin
2023-08-20Add two __format annotationsjvoisin
2023-08-20Make use of __diagnose_as_builtinjvoisin
2023-08-20Use pass_dynamic_object_size only for FORTIFY_SOURCE > 2jvoisin
2023-08-20Make use of pass_dynamic_object_size when availablejvoisin
2023-08-20Fix clang buildjvoisin
- s/CLFAGS/CFLAGS/ - provide paths to local includes - sprinkle more __pass_object_size__ - remove a problematic test
2023-08-20Add hardening for strrchrjvoisin
2023-08-20Add hardening for strchrjvoisin
2023-08-20Remove memrchr hardening for nowjvoisin
It doesn't play nice with gcc.
2023-08-03Add hardening for memchr and memrchrjvoisin
2023-07-18Make use of the alloc_size attributejvoisin
2023-07-10Clean up a bit the macro helljvoisin
2023-07-09Add some malloc annotationsjvoisin
2023-07-09Add some `format` annotationsjvoisin
2023-07-09Move a misplaced #endifjvoisin
2023-07-09Add an __access__ annotation to wchar.hjvoisin
2023-07-09Improve a bit `size_t*size_t` overflow checksjvoisin
2023-07-09Add access annotations to unistd.hjvoisin
2023-07-05Add access annotations to sys/socket.hjvoisin
2023-06-27Add more access-annotationsjvoisin
2023-06-25Fix clang supportjvoisin
2023-06-25add initial clang supportDaniel Kolesa
2023-06-25avoid __extension__ with clangDaniel Kolesa
It seems useless and triggers 'error: expected external declaration'
2023-06-22Add an annotation for fgetsjvoisin
2023-06-22Add a test for `poll`jvoisin
2023-06-22Add a test for strncatjvoisin
2023-06-22Add tests for stcncpyjvoisin
2023-06-22Add tests for stpcpyjvoisin
2023-06-14Add tests for strncpy and handle overlapping buffers therejvoisin
2023-05-30Add some __attribute__((access…)) annotationsjvoisin
See https://gcc.gnu.org/onlinedocs/gcc/Common-Function-Attributes.html for details
2023-05-30Add a check for overlapping copies in strcpyjvoisin
2023-05-30Fix inconsistent time_t version of ppolljvoisin
fortify/poll.h includes poll.h, which redirects the ppoll sys call to __ppoll_time64, if the _REDIR_TIME64 macro is 1. Then fortify/poll.h will #undef ppoll and use the 32 bit version, which is inconsistent. Taken from: https://github.com/openwrt/openwrt/pull/12575
2023-04-13Make use of __builtin_dynamic_object_sizejvoisin
GCC and Clang provide __builtin_dynamic_object_size (see documentation: https://gcc.gnu.org/onlinedocs/gcc/Object-Size-Checking.html), so we should make use of it when its available.
2019-03-13getgroups: do not trap on non-positive gidsetsizeinfo@mobile-stream.com
First, we should never check the size of __s if __l == 0 since the array is not going to be modified in that case. Second, negative __l is a well-defined error case (EINVAL) and we should never trap on a conforming code like this: r = getgroups(-1, NULL); if (r == -1) ... An example of non-desired behaviour for negative __l is the gnulib configure script which checks for getgroups(-1, ...) to catch some ancient FreeBSD kernel bug. The conftest binary traps even on good system (e.g. linux/musl) and the unnecessary getgroups wrapper is enforced for any project that uses gnulib. This patch also changes the size_t cast to avoid the explicit zero extension on systems where size_t differs from unsigned int.