| Age | Commit message (Collapse) | Author |
|---|
|
`strlen(src)` isn't guaranteed to be valid.
|
|
```
Core was generated by `scripts/mod/modpost -M -m -o Module.symvers -n -T modules.order vmlinux.o'.
Program terminated with signal SIGSEGV, Segmentation fault.
warning: 17 src/string/strlen.c: No such file or directory
(gdb) bt
```
> I think strncpy logic is broken: `__fh_size_t max_len_s = strlen(__s);` may try read past `size_t __n`.
> Create a buf without any trailing `\0`, do `strncpy(dest, buf, sizeof(buf));`, it should work, since `strncpy` will stop at `sizeof buf`
> but the current fority-headers implementation will do `strlen(buf)`, which will go boom when it is not terminated with \0
Reported-by: ncopa
|
|
|
|
|
|
It seems that annotating sprintf with `write` makes gcc unhappy, as its
analyser is unable to understand that we're checking if `__b != -1` before
calling `__orig_snprintf`, so let's comment this annotation for now.
|
|
just in case, and because 'PEDANTIC_CHECKS' is a really generic name
|
|
|
|
This should fix the second part of #59
|
|
The only hardening being done here is to set the char** parameter to thos
functions to NULL in case of an error, to prevent it from being used should
people forget to check return values. This is already done on some BSD, as well
as in Rocky Linux.
|
|
|
|
This was caught by the following test:
```
int main(void) {
char c[32];
memcpy(c, c + 16, 16);
}
```
Reported-by: q66
|
|
They can be re-enabled via `PEDANTIC_CHECKS`
|
|
Since C11:
> This function behaves as if it reads the bytes sequentially and stops as soon
as a matching bytes is found: if the array pointed to by ptr is smaller than
count, but the match is found within the array, the behavior is well-defined.
Reported-by: q66
|
|
See:
- https://www.imperialviolet.org/2016/06/26/nonnull.html
- https://davidben.net/2024/01/15/empty-slices.html
|
|
They were previously disabled in 80a83a5
|
|
They check overlap across the whole range of the given length, but
the given length is not what will actually be copied, rather it's
the maximum length (if src is shorter, only length of src will be
copied). This triggers false positives and traps where it shouldn't
(e.g. in ICU tests).
Reported-by: q66
|
|
|
|
|
|
SIGILL is not the only possible trap handler. On non-x86 archs
this is not the case for instance.
|
|
This should fix #32
|
|
|
|
|
|
This is unlikely to be used, since fd_set is
usually manipulated by macros, but it doesn't hurt
to add a simple comparison.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Just in case the compiler tries to optimize some things away.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Both in the CI, and in the Makefile
|
|
- s/CLFAGS/CFLAGS/
- provide paths to local includes
- sprinkle more __pass_object_size__
- remove a problematic test
|
|
|
