Message ID | 20240226160344.3519392-1-siddhesh@sourceware.org |
---|---|
State | New |
Headers | show |
Series | [v3] cdefs: Drop access attribute for _FORTIFY_SOURCE=3 (BZ #31383) | expand |
On 26/02/24 13:03, Siddhesh Poyarekar wrote: > When passed a pointer to a zero-sized struct, the access attribute > without the third argument misleads -Wstringop-overflow diagnostics to > think that a function is writing 1 byte into the zero-sized structs. > The attribute doesn't add that much value in this context, so drop it > completely for _FORTIFY_SOURCE=3. > > Resolves: BZ #31383 > Signed-off-by: Siddhesh Poyarekar <siddhesh@sourceware.org> LGTM, thanks. Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org> > --- > Changes from v2: > - Use supported-fortify to set the right fortification level for the > compiler. > > Changes from v1: > - Adjust test to read from /dev/zero > > io/Makefile | 2 ++ > io/tst-read-zero.c | 39 +++++++++++++++++++++++++++++++++++++++ > misc/sys/cdefs.h | 6 +++--- > 3 files changed, 44 insertions(+), 3 deletions(-) > create mode 100644 io/tst-read-zero.c > > diff --git a/io/Makefile b/io/Makefile > index 54d950d51f..19932d50f7 100644 > --- a/io/Makefile > +++ b/io/Makefile > @@ -215,6 +215,7 @@ tests := \ > tst-openat \ > tst-posix_fallocate \ > tst-posix_fallocate64 \ > + tst-read-zero \ > tst-readlinkat \ > tst-renameat \ > tst-stat \ Maybe it makes more sense to add this test on debug subfolder, but I don't have a strong preference. > @@ -290,6 +291,7 @@ CFLAGS-read.c += -fexceptions -fasynchronous-unwind-tables $(config-cflags-wno-i > CFLAGS-write.c += -fexceptions -fasynchronous-unwind-tables $(config-cflags-wno-ignored-attributes) > CFLAGS-close.c += -fexceptions -fasynchronous-unwind-tables > CFLAGS-lseek64.c += $(config-cflags-wno-ignored-attributes) > +CFLAGS-tst-read-zero.c += $(no-fortify-source),-D_FORTIFY_SOURCE=$(supported-fortify) > > CFLAGS-test-stat.c += -D_FILE_OFFSET_BITS=64 -D_LARGEFILE64_SOURCE > CFLAGS-test-lfs.c += -D_LARGEFILE64_SOURCE > diff --git a/io/tst-read-zero.c b/io/tst-read-zero.c > new file mode 100644 > index 0000000000..8d1d30a543 > --- /dev/null > +++ b/io/tst-read-zero.c > @@ -0,0 +1,39 @@ > +/* read smoke test for 0-sized structures. > + Copyright The GNU Toolchain Authors. > + This file is part of the GNU C Library. > + > + The GNU C Library is free software; you can redistribute it and/or > + modify it under the terms of the GNU Lesser General Public > + License as published by the Free Software Foundation; either > + version 2.1 of the License, or (at your option) any later version. > + > + The GNU C Library is distributed in the hope that it will be useful, > + but WITHOUT ANY WARRANTY; without even the implied warranty of > + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU > + Lesser General Public License for more details. > + > + You should have received a copy of the GNU Lesser General Public > + License along with the GNU C Library; if not, see > + <https://www.gnu.org/licenses/>. */ > + > +/* Zero-sized structures should not result in any overflow warnings or > + errors when fortification is enabled. */ > +#include <fcntl.h> > +#include <stdio.h> > +#include <unistd.h> > +#include <support/check.h> > + > +int > +do_test (void) > +{ > + struct test_st {} test_info[16]; > + int fd = open ("/dev/zero", O_RDONLY, 0); > + > + if (fd == -1) > + FAIL_UNSUPPORTED ("Unable to open /dev/zero: %m"); > + > + TEST_VERIFY_EXIT (read (fd, test_info, sizeof(test_info)) == 0); > + return 0; > +} > + > +#include <support/test-driver.c> > diff --git a/misc/sys/cdefs.h b/misc/sys/cdefs.h > index 520231dbea..800c44640f 100644 > --- a/misc/sys/cdefs.h > +++ b/misc/sys/cdefs.h > @@ -683,10 +683,10 @@ _Static_assert (0, "IEEE 128-bits long double requires redirection on this platf > # define __attr_access(x) __attribute__ ((__access__ x)) > /* For _FORTIFY_SOURCE == 3 we use __builtin_dynamic_object_size, which may > use the access attribute to get object sizes from function definition > - arguments, so we can't use them on functions we fortify. Drop the object > - size hints for such functions. */ > + arguments, so we can't use them on functions we fortify. Drop the access > + attribute for such functions. */ > # if __USE_FORTIFY_LEVEL == 3 > -# define __fortified_attr_access(a, o, s) __attribute__ ((__access__ (a, o))) > +# define __fortified_attr_access(a, o, s) > # else > # define __fortified_attr_access(a, o, s) __attr_access ((a, o, s)) > # endif
diff --git a/io/Makefile b/io/Makefile index 54d950d51f..19932d50f7 100644 --- a/io/Makefile +++ b/io/Makefile @@ -215,6 +215,7 @@ tests := \ tst-openat \ tst-posix_fallocate \ tst-posix_fallocate64 \ + tst-read-zero \ tst-readlinkat \ tst-renameat \ tst-stat \ @@ -290,6 +291,7 @@ CFLAGS-read.c += -fexceptions -fasynchronous-unwind-tables $(config-cflags-wno-i CFLAGS-write.c += -fexceptions -fasynchronous-unwind-tables $(config-cflags-wno-ignored-attributes) CFLAGS-close.c += -fexceptions -fasynchronous-unwind-tables CFLAGS-lseek64.c += $(config-cflags-wno-ignored-attributes) +CFLAGS-tst-read-zero.c += $(no-fortify-source),-D_FORTIFY_SOURCE=$(supported-fortify) CFLAGS-test-stat.c += -D_FILE_OFFSET_BITS=64 -D_LARGEFILE64_SOURCE CFLAGS-test-lfs.c += -D_LARGEFILE64_SOURCE diff --git a/io/tst-read-zero.c b/io/tst-read-zero.c new file mode 100644 index 0000000000..8d1d30a543 --- /dev/null +++ b/io/tst-read-zero.c @@ -0,0 +1,39 @@ +/* read smoke test for 0-sized structures. + Copyright The GNU Toolchain Authors. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + <https://www.gnu.org/licenses/>. */ + +/* Zero-sized structures should not result in any overflow warnings or + errors when fortification is enabled. */ +#include <fcntl.h> +#include <stdio.h> +#include <unistd.h> +#include <support/check.h> + +int +do_test (void) +{ + struct test_st {} test_info[16]; + int fd = open ("/dev/zero", O_RDONLY, 0); + + if (fd == -1) + FAIL_UNSUPPORTED ("Unable to open /dev/zero: %m"); + + TEST_VERIFY_EXIT (read (fd, test_info, sizeof(test_info)) == 0); + return 0; +} + +#include <support/test-driver.c> diff --git a/misc/sys/cdefs.h b/misc/sys/cdefs.h index 520231dbea..800c44640f 100644 --- a/misc/sys/cdefs.h +++ b/misc/sys/cdefs.h @@ -683,10 +683,10 @@ _Static_assert (0, "IEEE 128-bits long double requires redirection on this platf # define __attr_access(x) __attribute__ ((__access__ x)) /* For _FORTIFY_SOURCE == 3 we use __builtin_dynamic_object_size, which may use the access attribute to get object sizes from function definition - arguments, so we can't use them on functions we fortify. Drop the object - size hints for such functions. */ + arguments, so we can't use them on functions we fortify. Drop the access + attribute for such functions. */ # if __USE_FORTIFY_LEVEL == 3 -# define __fortified_attr_access(a, o, s) __attribute__ ((__access__ (a, o))) +# define __fortified_attr_access(a, o, s) # else # define __fortified_attr_access(a, o, s) __attr_access ((a, o, s)) # endif
When passed a pointer to a zero-sized struct, the access attribute without the third argument misleads -Wstringop-overflow diagnostics to think that a function is writing 1 byte into the zero-sized structs. The attribute doesn't add that much value in this context, so drop it completely for _FORTIFY_SOURCE=3. Resolves: BZ #31383 Signed-off-by: Siddhesh Poyarekar <siddhesh@sourceware.org> --- Changes from v2: - Use supported-fortify to set the right fortification level for the compiler. Changes from v1: - Adjust test to read from /dev/zero io/Makefile | 2 ++ io/tst-read-zero.c | 39 +++++++++++++++++++++++++++++++++++++++ misc/sys/cdefs.h | 6 +++--- 3 files changed, 44 insertions(+), 3 deletions(-) create mode 100644 io/tst-read-zero.c