1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
|
/*
* Copyright (C) 2015-2016 Dimitris Papastamos <sin@2f30.org>
* Copyright (C) 2022 q66 <q66@chimera-linux.org>
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
#ifndef _FORTIFY_HEADERS_H
#define _FORTIFY_HEADERS_H
#if !defined __has_builtin
#error a compiler with __has_builtin support is required
#endif
// https://clang.llvm.org/docs/LanguageExtensions.html#has-builtin
// > __has_builtin should not be used to detect support for a builtin macro; use #ifdef instead.
#define __fh_has_builtin(x) (__has_builtin(x) || defined(x))
#if ! __fh_has_builtin(__builtin_trap)
#define __builtin_trap abort
#endif
#if _FORTIFY_SOURCE > 3
#warning _FORTIFY_SOURCE > 3 is treated as 3
#endif
#ifdef __clang__
#if _FORTIFY_SOURCE > 2 && __fh_has_builtin (__builtin_dynamic_object_size) && __has_attribute(pass_dynamic_object_size)
#define _FORTIFY_POSN(n) const __attribute__((pass_dynamic_object_size(n)))
#else
#define _FORTIFY_POSN(n) const __attribute__((pass_object_size(n)))
#endif /* __builtin_dynamic_object_size && pass_dynamic_object_size */
/* clang uses overloads; see https://github.com/llvm/llvm-project/issues/53516 */
/* we can't use extern inline with overloads without making them external */
#ifdef __cplusplus
#define _FORTIFY_INLINE __inline__ \
__attribute__((__always_inline__,__artificial__,__overloadable__))
#else
#define _FORTIFY_INLINE static __inline__ \
__attribute__((__always_inline__,__artificial__,__overloadable__))
#endif
#else /* !__clang__ */
#define _FORTIFY_POSN(n)
#define _FORTIFY_INLINE extern __inline__ \
__attribute__((__always_inline__,__gnu_inline__,__artificial__))
#endif /* __clang__ */
/* https://gcc.gnu.org/onlinedocs/gcc/Object-Size-Checking.html */
#define _FORTIFY_POS0 _FORTIFY_POSN(0)
#define _FORTIFY_POS1 _FORTIFY_POSN(1)
#define _FORTIFY_POS2 _FORTIFY_POSN(2)
#define _FORTIFY_STR(s) #s
#define _FORTIFY_ORIG(p,fn) __typeof__(fn) __orig_##fn __asm__(_FORTIFY_STR(p) #fn)
#define _FORTIFY_FNB(fn) _FORTIFY_ORIG(__USER_LABEL_PREFIX__,fn)
#define _FORTIFY_FN(fn) _FORTIFY_FNB(fn); _FORTIFY_INLINE
/* Use __builtin_dynamic_object_size with _FORTIFY_SOURCE>2, if available. */
#if _FORTIFY_SOURCE > 2 && __fh_has_builtin (__builtin_dynamic_object_size)
/*
* See:
* - https://gcc.gnu.org/onlinedocs/gcc/Object-Size-Checking.html
*/
#define __fh_bos(ptr, type) __builtin_dynamic_object_size (ptr, type)
#else
#define __fh_bos(ptr, type) __builtin_object_size (ptr, type)
#endif
#if defined __has_attribute
#if __has_attribute (access)
#define __fh_access(...) __attribute__ ((access (__VA_ARGS__)))
#else
#define __fh_access(...)
#endif
#if __has_attribute (format)
#define __fh_format(...) __attribute__ ((format (__VA_ARGS__)))
#else
#define __fh_format(...)
#endif
#if __has_attribute (malloc)
#ifdef __clang__
#define __fh_malloc(...) __attribute__ ((malloc))
#else
#define __fh_malloc(...) __attribute__ ((malloc, __VA_ARGS__))
#endif /* __clang__ */
#else
#define __fh_malloc(...)
#endif
#if __has_attribute (alloc_size) && !defined(__fh_alloc_size)
#define __fh_alloc_size(...) __attribute__ ((alloc_size (__VA_ARGS__)))
#else
#define __fh_alloc_size(...)
#endif
#if __has_attribute (diagnose_as_builtin)
#define __diagnose_as_builtin(...) __attribute__ ((diagnose_as_builtin (__VA_ARGS__)))
#else
#define __diagnose_as_builtin(...)
#endif
#if __has_attribute (diagnose_if)
#define __warning_if(cond, msg) __attribute__ ((diagnose_if (cond, msg, "warning")))
#define __error_if(cond, msg) __attribute__ ((diagnose_if (cond, msg, "error")))
#else
#define __warning_if(cond, msg)
#define __error_if(cond, msg)
#endif
#if __has_attribute (warn_unused_result)
#define __warn_unused_result __attribute__ ((warn_unused_result))
#else
#define __warn_unused_result
#endif
#endif /* __has_attribute */
// Since we're not allow to include anything.
// https://awesomekling.github.io/How-SerenityOS-declares-ssize_t/
#define __fh_size_t __typeof__(sizeof(char))
//TODO(jvoisin) Add a check for overflows
/* check if pointers are overlapping but not if dst == src,
* since gcc seems to like to generate code that relies on dst == src */
#define __fh_overlap(a, len_a, b, len_b) \
( \
((a) < (b) && (b) < (a) + (__fh_size_t)(len_a)) \
|| ((b) < (a) && (a) < (b) + (__fh_size_t)(len_b)) \
)
/*
* We're not making use of C23's <stdckdint.h> since:
* - there is no elegant way to make it ignore the results.
* - it's tricky to make it type-agnostic when we don't care about the result.
* We're not making use of __builtin_mul_overflow for the same reasons.
*
* See:
* - https://gcc.gnu.org/onlinedocs/gcc/Integer-Overflow-Builtins.html
* - https://clang.llvm.org/docs/LanguageExtensions.html#checked-arithmetic-builtins
*/
#if __fh_has_builtin (__builtin_mul_overflow_p)
#define __bmo(x, y) (x != 0 && __builtin_mul_overflow_p(x, y, (__typeof__ ((x) + (y))) 0))
#else /* !__builtin_mul_overflow_p */
#define __bmo(x, y) (x != 0 && (x * y) / x != y)
#endif /* __builtin_mul_overflow_p */
#endif /* _FORTIFY_HEADERS_H */
|
