From bf242b15e1f7873bdb940c2441b5e57747bc2f81 Mon Sep 17 00:00:00 2001
From: jvoisin
Date: Wed, 12 Nov 2025 22:28:13 +0100
Subject: Add `access` annotations

---
 include/fortify-headers.h | 11 +++++++++++
 include/stdio.h           | 10 ++++++++++
 include/string.h          | 23 +++++++++++++++++++++++
 include/strings.h         |  3 +++
 include/sys/socket.h      |  4 ++++
 include/unistd.h          | 10 ++++++++++
 6 files changed, 61 insertions(+)

(limited to 'include')

diff --git a/include/fortify-headers.h b/include/fortify-headers.h
index e406dce..a9b7498 100644
--- a/include/fortify-headers.h
+++ b/include/fortify-headers.h
@@ -59,4 +59,15 @@
 #define __bos(ptr, type) __builtin_object_size (ptr, type)
 #endif
 
+/* This needs to be two different conditions: https://gcc.gnu.org/onlinedocs/cpp/_005f_005fhas_005fattribute.html */
+#if defined __has_attribute
+#if __has_attribute (access)
+#define __access(...) __attribute__ ((access (__VA_ARGS__)))
+#else
+#define __access(...)
+#endif
+#else
+#define __access(...)
+#endif
+
 #endif
diff --git a/include/stdio.h b/include/stdio.h
index a75c9ea..67738ed 100644
--- a/include/stdio.h
+++ b/include/stdio.h
@@ -37,6 +37,8 @@ extern "C" {
 #undef snprintf
 #undef sprintf
 
+__access(read_write, 1, 2)
+__access(read_only, 3)
 _FORTIFY_FN(fgets) char *fgets(char * _FORTIFY_POS0 __s, int __n, FILE *__f)
 {
 	size_t __b = __bos(__s, 0);
@@ -46,6 +48,8 @@ _FORTIFY_FN(fgets) char *fgets(char * _FORTIFY_POS0 __s, int __n, FILE *__f)
 	return __orig_fgets(__s, __n, __f);
 }
 
+__access(write_only, 1)
+__access(read_only, 4)
 _FORTIFY_FN(fread) size_t fread(void * _FORTIFY_POS0 __d, size_t __n,
                                 size_t __m, FILE *__f)
 {
@@ -58,6 +62,8 @@ _FORTIFY_FN(fread) size_t fread(void * _FORTIFY_POS0 __d, size_t __n,
 	return __orig_fread(__d, __n, __m, __f);
 }
 
+__access(read_only, 1)
+__access(write_only, 4)
 _FORTIFY_FN(fwrite) size_t fwrite(const void * _FORTIFY_POS0 __d, size_t __n,
                                   size_t __m, FILE *__f)
 {
@@ -70,6 +76,8 @@ _FORTIFY_FN(fwrite) size_t fwrite(const void * _FORTIFY_POS0 __d, size_t __n,
 	return __orig_fwrite(__d, __n, __m, __f);
 }
 
+__access(write_only, 1, 2)
+__access(read_only, 3)
 _FORTIFY_FN(vsnprintf) int vsnprintf(char * _FORTIFY_POS0 __s, size_t __n,
                                      const char *__f, __builtin_va_list __v)
 {
@@ -80,6 +88,8 @@ _FORTIFY_FN(vsnprintf) int vsnprintf(char * _FORTIFY_POS0 __s, size_t __n,
 	return __orig_vsnprintf(__s, __n, __f, __v);
 }
 
+__access(write_only, 1)
+__access(read_only, 2)
 _FORTIFY_FN(vsprintf) int vsprintf(char * _FORTIFY_POS0 __s, const char *__f,
                                    __builtin_va_list __v)
 {
diff --git a/include/string.h b/include/string.h
index 9fc1cd4..cf0be60 100644
--- a/include/string.h
+++ b/include/string.h
@@ -37,6 +37,8 @@ extern "C" {
 #undef strncat
 #undef strncpy
 
+__access(write_only, 1, 3)
+__access(read_only, 2, 3)
 _FORTIFY_FN(memcpy) void *memcpy(void * _FORTIFY_POS0 __od,
                                  const void * _FORTIFY_POS0 __os, size_t __n)
 {
@@ -55,6 +57,8 @@ _FORTIFY_FN(memcpy) void *memcpy(void * _FORTIFY_POS0 __od,
 	return __builtin_memcpy(__od, __os, __n);
 }
 
+__access(write_only, 1, 3)
+__access(read_only, 2, 3)
 _FORTIFY_FN(memmove) void *memmove(void * _FORTIFY_POS0 __d,
                                    const void * _FORTIFY_POS0 __s, size_t __n)
 {
@@ -66,6 +70,7 @@ _FORTIFY_FN(memmove) void *memmove(void * _FORTIFY_POS0 __d,
 	return __orig_memmove(__d, __s, __n);
 }
 
+__access(write_only, 1, 3)
 _FORTIFY_FN(memset) void *memset(void * _FORTIFY_POS0 __d, int __c, size_t __n)
 {
 	size_t __b = __bos(__d, 0);
@@ -79,6 +84,8 @@ _FORTIFY_FN(memset) void *memset(void * _FORTIFY_POS0 __d, int __c, size_t __n)
  || defined(_XOPEN_SOURCE) || defined(_GNU_SOURCE) \
  || defined(_BSD_SOURCE)
 #undef stpcpy
+__access(write_only, 1)
+__access(read_only, 2)
 _FORTIFY_FN(stpcpy) char *stpcpy(char * _FORTIFY_POS0 __d, const char *__s)
 {
 	size_t __b = __bos(__d, 0);
@@ -89,6 +96,8 @@ _FORTIFY_FN(stpcpy) char *stpcpy(char * _FORTIFY_POS0 __d, const char *__s)
 }
 
 #undef stpncpy
+__access(write_only, 1)
+__access(read_only, 2)
 _FORTIFY_FN(stpncpy) char *stpncpy(char * _FORTIFY_POS0 __d, const char *__s,
                                    size_t __n)
 {
@@ -100,6 +109,8 @@ _FORTIFY_FN(stpncpy) char *stpncpy(char * _FORTIFY_POS0 __d, const char *__s,
 }
 #endif
 
+__access(read_write, 1)
+__access(read_only, 2)
 _FORTIFY_FN(strcat) char *strcat(char * _FORTIFY_POS0 __d, const char *__s)
 {
 	size_t __b = __bos(__d, 0);
@@ -109,6 +120,8 @@ _FORTIFY_FN(strcat) char *strcat(char * _FORTIFY_POS0 __d, const char *__s)
 	return __orig_strcat(__d, __s);
 }
 
+__access(write_only, 1)
+__access(read_only, 2)
 _FORTIFY_FN(strcpy) char *strcpy(char * _FORTIFY_POS0 __d, const char *__s)
 {
 	size_t __b = __bos(__d, 0);
@@ -118,6 +131,8 @@ _FORTIFY_FN(strcpy) char *strcpy(char * _FORTIFY_POS0 __d, const char *__s)
 	return __orig_strcpy(__d, __s);
 }
 
+__access(read_write, 1)
+__access(read_only, 2)
 _FORTIFY_FN(strncat) char *strncat(char * _FORTIFY_POS0 __d, const char *__s,
                                    size_t __n)
 {
@@ -135,6 +150,8 @@ _FORTIFY_FN(strncat) char *strncat(char * _FORTIFY_POS0 __d, const char *__s,
 	return __orig_strncat(__d, __s, __n);
 }
 
+__access(write_only, 1)
+__access(read_only, 2)
 _FORTIFY_FN(strncpy) char *strncpy(char * _FORTIFY_POS0 __d,
                                    const char *__s, size_t __n)
 {
@@ -147,6 +164,8 @@ _FORTIFY_FN(strncpy) char *strncpy(char * _FORTIFY_POS0 __d,
 
 #ifdef _GNU_SOURCE
 #undef mempcpy
+__access(write_only, 1, 3)
+__access(read_only, 2, 3)
 _FORTIFY_FN(mempcpy) void *mempcpy(void * _FORTIFY_POS0 __d,
                                    const void * _FORTIFY_POS0 __s, size_t __n)
 {
@@ -162,6 +181,8 @@ _FORTIFY_FN(mempcpy) void *mempcpy(void * _FORTIFY_POS0 __d,
 #if defined(_GNU_SOURCE) || defined(_BSD_SOURCE)
 #undef strlcat
 #undef strlcpy
+__access(read_write, 1)
+__access(read_only, 2)
 _FORTIFY_FN(strlcat) size_t strlcat(char * _FORTIFY_POS0 __d,
                                     const char *__s, size_t __n)
 {
@@ -172,6 +193,8 @@ _FORTIFY_FN(strlcat) size_t strlcat(char * _FORTIFY_POS0 __d,
 	return __orig_strlcat(__d, __s, __n);
 }
 
+__access(write_only, 1)
+__access(read_only, 2)
 _FORTIFY_FN(strlcpy) size_t strlcpy(char * _FORTIFY_POS0 __d,
                                     const char *__s, size_t __n)
 {
diff --git a/include/strings.h b/include/strings.h
index 862b7be..3b6b765 100644
--- a/include/strings.h
+++ b/include/strings.h
@@ -31,6 +31,8 @@ extern "C" {
  || (defined(_XOPEN_SOURCE) && _XOPEN_SOURCE+0 < 700)
 #undef bcopy
 #undef bzero
+__access(write_only, 2, 3)
+__access(read_only, 1, 3)
 _FORTIFY_FN(bcopy) void bcopy(const void * _FORTIFY_POS0 __s,
                               void * _FORTIFY_POS0 __d, size_t __n)
 {
@@ -42,6 +44,7 @@ _FORTIFY_FN(bcopy) void bcopy(const void * _FORTIFY_POS0 __s,
 	return __orig_bcopy(__s, __d, __n);
 }
 
+__access(write_only, 1, 2)
 _FORTIFY_FN(bzero) void bzero(void * _FORTIFY_POS0 __s, size_t __n)
 {
 	size_t __b = __bos(__s, 0);
diff --git a/include/sys/socket.h b/include/sys/socket.h
index 7dfa71a..94cc0c8 100644
--- a/include/sys/socket.h
+++ b/include/sys/socket.h
@@ -34,6 +34,7 @@ extern "C" {
 #undef send
 #undef sendto
 
+__access(write_only, 2, 3)
 _FORTIFY_FN(recv) ssize_t recv(int __f, void * _FORTIFY_POS0 __s, size_t __n,
                                int __fl)
 {
@@ -44,6 +45,7 @@ _FORTIFY_FN(recv) ssize_t recv(int __f, void * _FORTIFY_POS0 __s, size_t __n,
 	return __orig_recv(__f, __s, __n, __fl);
 }
 
+__access(write_only, 2, 3)
 _FORTIFY_FN(recvfrom) ssize_t recvfrom(int __f, void * _FORTIFY_POS0 __s,
                                        size_t __n, int __fl,
                                        struct sockaddr *__a, socklen_t *__l)
@@ -55,6 +57,7 @@ _FORTIFY_FN(recvfrom) ssize_t recvfrom(int __f, void * _FORTIFY_POS0 __s,
 	return __orig_recvfrom(__f, __s, __n, __fl, __a, __l);
 }
 
+__access(read_only, 2, 3)
 _FORTIFY_FN(send) ssize_t send(int __f, const void * _FORTIFY_POS0 __s,
                                size_t __n, int __fl)
 {
@@ -65,6 +68,7 @@ _FORTIFY_FN(send) ssize_t send(int __f, const void * _FORTIFY_POS0 __s,
 	return __orig_send(__f, __s, __n, __fl);
 }
 
+__access(read_only, 2, 3)
 _FORTIFY_FN(sendto) ssize_t sendto(int __f, const void * _FORTIFY_POS0 __s,
                                    size_t __n, int __fl,
                                    const struct sockaddr *__a, socklen_t __l)
diff --git a/include/unistd.h b/include/unistd.h
index 4c18b73..a6c2ed1 100644
--- a/include/unistd.h
+++ b/include/unistd.h
@@ -41,6 +41,7 @@ extern "C" {
 #undef ttyname_r
 #undef write
 
+__access(write_only, 2, 3)
 _FORTIFY_FN(confstr) size_t confstr(int __n, char * _FORTIFY_POS0 __s, size_t __l)
 {
 	size_t __b = __bos(__s, 0);
@@ -51,6 +52,7 @@ _FORTIFY_FN(confstr) size_t confstr(int __n, char * _FORTIFY_POS0 __s, size_t __
 	return __r;
 }
 
+__access(write_only, 1, 2)
 _FORTIFY_FN(getcwd) char *getcwd(char * _FORTIFY_POS0 __s, size_t __l)
 {
 	size_t __b = __bos(__s, 0);
@@ -62,6 +64,7 @@ _FORTIFY_FN(getcwd) char *getcwd(char * _FORTIFY_POS0 __s, size_t __l)
 
 #if defined(_GNU_SOURCE) || defined(_BSD_SOURCE)
 #undef getdomainname
+__access(write_only, 1, 2)
 _FORTIFY_FN(getdomainname) int getdomainname(char * _FORTIFY_POS0 __s, size_t __l)
 {
 	size_t __b = __bos(__s, 0);
@@ -81,6 +84,7 @@ _FORTIFY_FN(getgroups) int getgroups(int __l, gid_t * _FORTIFY_POS0 __s)
 	return __orig_getgroups(__l, __s);
 }
 
+__access(write_only, 1, 2)
 _FORTIFY_FN(gethostname) int gethostname(char * _FORTIFY_POS0 __s, size_t __l)
 {
 	size_t __b = __bos(__s, 0);
@@ -90,6 +94,7 @@ _FORTIFY_FN(gethostname) int gethostname(char * _FORTIFY_POS0 __s, size_t __l)
 	return __orig_gethostname(__s, __l);
 }
 
+__access(write_only, 1, 2)
 _FORTIFY_FN(getlogin_r) int getlogin_r(char * _FORTIFY_POS0 __s, size_t __l)
 {
 	size_t __b = __bos(__s, 0);
@@ -109,6 +114,7 @@ _FORTIFY_FN(pread) ssize_t pread(int __f, void * _FORTIFY_POS0 __s,
 	return __orig_pread(__f, __s, __n, __o);
 }
 
+__access(write_only, 2, 3)
 _FORTIFY_FN(read) ssize_t read(int __f, void * _FORTIFY_POS0 __s, size_t __n)
 {
 	size_t __b = __bos(__s, 0);
@@ -118,6 +124,7 @@ _FORTIFY_FN(read) ssize_t read(int __f, void * _FORTIFY_POS0 __s, size_t __n)
 	return __orig_read(__f, __s, __n);
 }
 
+__access(write_only, 2, 3)
 _FORTIFY_FN(readlink) ssize_t readlink(const char *__p,
                                        char * _FORTIFY_POS0 __s, size_t __n)
 {
@@ -128,6 +135,7 @@ _FORTIFY_FN(readlink) ssize_t readlink(const char *__p,
 	return __orig_readlink(__p, __s, __n);
 }
 
+__access(write_only, 3, 4)
 _FORTIFY_FN(readlinkat) ssize_t readlinkat(int __f, const char *__p,
                                            char * _FORTIFY_POS0 __s, size_t __n)
 {
@@ -138,6 +146,7 @@ _FORTIFY_FN(readlinkat) ssize_t readlinkat(int __f, const char *__p,
 	return __orig_readlinkat(__f, __p, __s, __n);
 }
 
+__access(write_only, 2, 3)
 _FORTIFY_FN(ttyname_r) int ttyname_r(int __f, char * _FORTIFY_POS0 __s,
                                      size_t __n)
 {
@@ -148,6 +157,7 @@ _FORTIFY_FN(ttyname_r) int ttyname_r(int __f, char * _FORTIFY_POS0 __s,
 	return __orig_ttyname_r(__f, __s, __n);
 }
 
+__access(read_only, 2, 3)
 _FORTIFY_FN(write) ssize_t write(int __f, const void * _FORTIFY_POS0 __s,
                                  size_t __n)
 {
-- 
cgit v1.3