|
 |
076f82 |
commit c82bdf033f93a710044e25f721340c26e89a3769
|
|
|
076f82 |
Author: Siddhesh Poyarekar <siddhesh@sourceware.org>
|
|
|
076f82 |
Date: Tue Oct 12 12:29:13 2021 +0530
|
|
|
076f82 |
|
|
|
076f82 |
Don't add access size hints to fortifiable functions
|
|
|
076f82 |
|
|
|
076f82 |
In the context of a function definition, the size hints imply that the
|
|
|
076f82 |
size of an object pointed to by one parameter is another parameter.
|
|
|
076f82 |
This doesn't make sense for the fortified versions of the functions
|
|
|
076f82 |
since that's the bit it's trying to validate.
|
|
|
076f82 |
|
|
|
076f82 |
This is harmless with __builtin_object_size since it has fairly simple
|
|
|
076f82 |
semantics when it comes to objects passed as function parameters.
|
|
|
076f82 |
With __builtin_dynamic_object_size we could (as my patchset for gcc[1]
|
|
|
076f82 |
already does) use the access attribute to determine the object size in
|
|
|
076f82 |
the general case but it misleads the fortified functions.
|
|
|
076f82 |
|
|
|
076f82 |
Basically the problem occurs when access attributes are present on
|
|
|
076f82 |
regular functions that have inline fortified definitions to generate
|
|
|
076f82 |
_chk variants; the attributes get inherited by these definitions,
|
|
|
076f82 |
causing problems when analyzing them. For example with poll(fds, nfds,
|
|
|
076f82 |
timeout), nfds is hinted using the __attr_access as being the size of
|
|
|
076f82 |
fds.
|
|
|
076f82 |
|
|
|
076f82 |
Now, when analyzing the inline function definition in bits/poll2.h, the
|
|
|
076f82 |
compiler sees that nfds is the size of fds and tries to use that
|
|
|
076f82 |
information in the function body. In _FORTIFY_SOURCE=3 case, where the
|
|
|
076f82 |
object size could be a non-constant expression, this information results
|
|
|
076f82 |
in the conclusion that nfds is the size of fds, which defeats the
|
|
|
076f82 |
purpose of the implementation because we're trying to check here if nfds
|
|
|
076f82 |
does indeed represent the size of fds. Hence for this case, it is best
|
|
|
076f82 |
to not have the access attribute.
|
|
|
076f82 |
|
|
|
076f82 |
With the attributes gone, the expression evaluation should get delayed
|
|
|
076f82 |
until the function is actually inlined into its destinations.
|
|
|
076f82 |
|
|
|
076f82 |
Disable the access attribute for fortified function inline functions
|
|
|
076f82 |
when building at _FORTIFY_SOURCE=3 to make this work better. The
|
|
|
076f82 |
access attributes remain for the _chk variants since they can be used
|
|
|
076f82 |
by the compiler to warn when the caller is passing invalid arguments.
|
|
|
076f82 |
|
|
|
076f82 |
[1] https://gcc.gnu.org/pipermail/gcc-patches/2021-October/581125.html
|
|
|
076f82 |
|
|
|
076f82 |
Signed-off-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
|
|
|
076f82 |
(cherry picked from commit e938c02748402c50f60ba0eb983273e7b52937d1)
|
|
|
076f82 |
|
|
|
076f82 |
diff --git a/io/bits/poll2.h b/io/bits/poll2.h
|
|
|
076f82 |
index a623678c09f9f04f..be74d020f2e0e434 100644
|
|
|
076f82 |
--- a/io/bits/poll2.h
|
|
|
076f82 |
+++ b/io/bits/poll2.h
|
|
|
076f82 |
@@ -33,7 +33,7 @@ extern int __REDIRECT (__poll_chk_warn, (struct pollfd *__fds, nfds_t __nfds,
|
|
|
076f82 |
__poll_chk)
|
|
|
076f82 |
__warnattr ("poll called with fds buffer too small file nfds entries");
|
|
|
076f82 |
|
|
|
076f82 |
-__fortify_function __attr_access ((__write_only__, 1, 2)) int
|
|
|
076f82 |
+__fortify_function __fortified_attr_access (__write_only__, 1, 2) int
|
|
|
076f82 |
poll (struct pollfd *__fds, nfds_t __nfds, int __timeout)
|
|
|
076f82 |
{
|
|
|
076f82 |
if (__glibc_objsize (__fds) != (__SIZE_TYPE__) -1)
|
|
|
076f82 |
@@ -64,7 +64,7 @@ extern int __REDIRECT (__ppoll_chk_warn, (struct pollfd *__fds, nfds_t __nfds,
|
|
|
076f82 |
__ppoll_chk)
|
|
|
076f82 |
__warnattr ("ppoll called with fds buffer too small file nfds entries");
|
|
|
076f82 |
|
|
|
076f82 |
-__fortify_function __attr_access ((__write_only__, 1, 2)) int
|
|
|
076f82 |
+__fortify_function __fortified_attr_access (__write_only__, 1, 2) int
|
|
|
076f82 |
ppoll (struct pollfd *__fds, nfds_t __nfds, const struct timespec *__timeout,
|
|
|
076f82 |
const __sigset_t *__ss)
|
|
|
076f82 |
{
|
|
|
076f82 |
diff --git a/io/sys/poll.h b/io/sys/poll.h
|
|
|
076f82 |
index e640efb2bce7ea67..751c7f5f72db8be2 100644
|
|
|
076f82 |
--- a/io/sys/poll.h
|
|
|
076f82 |
+++ b/io/sys/poll.h
|
|
|
076f82 |
@@ -52,7 +52,7 @@ __BEGIN_DECLS
|
|
|
076f82 |
This function is a cancellation point and therefore not marked with
|
|
|
076f82 |
__THROW. */
|
|
|
076f82 |
extern int poll (struct pollfd *__fds, nfds_t __nfds, int __timeout)
|
|
|
076f82 |
- __attr_access ((__write_only__, 1, 2));
|
|
|
076f82 |
+ __fortified_attr_access (__write_only__, 1, 2);
|
|
|
076f82 |
|
|
|
076f82 |
#ifdef __USE_GNU
|
|
|
076f82 |
/* Like poll, but before waiting the threads signal mask is replaced
|
|
|
076f82 |
@@ -64,7 +64,7 @@ extern int poll (struct pollfd *__fds, nfds_t __nfds, int __timeout)
|
|
|
076f82 |
extern int ppoll (struct pollfd *__fds, nfds_t __nfds,
|
|
|
076f82 |
const struct timespec *__timeout,
|
|
|
076f82 |
const __sigset_t *__ss)
|
|
|
076f82 |
- __attr_access ((__write_only__, 1, 2));
|
|
|
076f82 |
+ __fortified_attr_access (__write_only__, 1, 2);
|
|
|
076f82 |
|
|
|
076f82 |
# ifdef __USE_TIME_BITS64
|
|
|
076f82 |
# ifdef __REDIRECT
|
|
|
076f82 |
@@ -72,7 +72,7 @@ extern int __REDIRECT (ppoll, (struct pollfd *__fds, nfds_t __nfds,
|
|
|
076f82 |
const struct timespec *__timeout,
|
|
|
076f82 |
const __sigset_t *__ss),
|
|
|
076f82 |
__ppoll64)
|
|
|
076f82 |
- __attr_access ((__write_only__, 1, 2));
|
|
|
076f82 |
+ __fortified_attr_access (__write_only__, 1, 2);
|
|
|
076f82 |
# else
|
|
|
076f82 |
# define ppoll __ppoll64
|
|
|
076f82 |
# endif
|
|
|
076f82 |
diff --git a/libio/bits/stdio2.h b/libio/bits/stdio2.h
|
|
|
076f82 |
index 3f0cab1254b02c43..4f016a563857a137 100644
|
|
|
076f82 |
--- a/libio/bits/stdio2.h
|
|
|
076f82 |
+++ b/libio/bits/stdio2.h
|
|
|
076f82 |
@@ -258,7 +258,7 @@ extern char *__REDIRECT (__fgets_chk_warn,
|
|
|
076f82 |
__wur __warnattr ("fgets called with bigger size than length "
|
|
|
076f82 |
"of destination buffer");
|
|
|
076f82 |
|
|
|
076f82 |
-__fortify_function __wur __attr_access ((__write_only__, 1, 2)) char *
|
|
|
076f82 |
+__fortify_function __wur __fortified_attr_access (__write_only__, 1, 2) char *
|
|
|
076f82 |
fgets (char *__restrict __s, int __n, FILE *__restrict __stream)
|
|
|
076f82 |
{
|
|
|
076f82 |
if (__glibc_objsize (__s) != (size_t) -1)
|
|
|
076f82 |
@@ -320,7 +320,7 @@ extern char *__REDIRECT (__fgets_unlocked_chk_warn,
|
|
|
076f82 |
__wur __warnattr ("fgets_unlocked called with bigger size than length "
|
|
|
076f82 |
"of destination buffer");
|
|
|
076f82 |
|
|
|
076f82 |
-__fortify_function __wur __attr_access ((__write_only__, 1, 2)) char *
|
|
|
076f82 |
+__fortify_function __wur __fortified_attr_access (__write_only__, 1, 2) char *
|
|
|
076f82 |
fgets_unlocked (char *__restrict __s, int __n, FILE *__restrict __stream)
|
|
|
076f82 |
{
|
|
|
076f82 |
if (__glibc_objsize (__s) != (size_t) -1)
|
|
|
076f82 |
diff --git a/libio/stdio.h b/libio/stdio.h
|
|
|
076f82 |
index 497da016ffa2e230..abefe640e52d18d5 100644
|
|
|
076f82 |
--- a/libio/stdio.h
|
|
|
076f82 |
+++ b/libio/stdio.h
|
|
|
076f82 |
@@ -584,7 +584,7 @@ extern int putw (int __w, FILE *__stream);
|
|
|
076f82 |
This function is a possible cancellation point and therefore not
|
|
|
076f82 |
marked with __THROW. */
|
|
|
076f82 |
extern char *fgets (char *__restrict __s, int __n, FILE *__restrict __stream)
|
|
|
076f82 |
- __wur __attr_access ((__write_only__, 1, 2));
|
|
|
076f82 |
+ __wur __fortified_attr_access (__write_only__, 1, 2);
|
|
|
076f82 |
|
|
|
076f82 |
#if __GLIBC_USE (DEPRECATED_GETS)
|
|
|
076f82 |
/* Get a newline-terminated string from stdin, removing the newline.
|
|
|
076f82 |
@@ -608,7 +608,7 @@ extern char *gets (char *__s) __wur __attribute_deprecated__;
|
|
|
076f82 |
therefore not marked with __THROW. */
|
|
|
076f82 |
extern char *fgets_unlocked (char *__restrict __s, int __n,
|
|
|
076f82 |
FILE *__restrict __stream) __wur
|
|
|
076f82 |
- __attr_access ((__write_only__, 1, 2));
|
|
|
076f82 |
+ __fortified_attr_access (__write_only__, 1, 2);
|
|
|
076f82 |
#endif
|
|
|
076f82 |
|
|
|
076f82 |
|
|
|
076f82 |
diff --git a/misc/sys/cdefs.h b/misc/sys/cdefs.h
|
|
|
076f82 |
index e490fc1aebeadc3d..cd836441a9807d6a 100644
|
|
|
076f82 |
--- a/misc/sys/cdefs.h
|
|
|
076f82 |
+++ b/misc/sys/cdefs.h
|
|
|
076f82 |
@@ -603,12 +603,22 @@ _Static_assert (0, "IEEE 128-bits long double requires redirection on this platf
|
|
|
076f82 |
size-index is not provided:
|
|
|
076f82 |
access (access-mode, <ref-index> [, <size-index>]) */
|
|
|
076f82 |
# define __attr_access(x) __attribute__ ((__access__ x))
|
|
|
076f82 |
+/* For _FORTIFY_SOURCE == 3 we use __builtin_dynamic_object_size, which may
|
|
|
076f82 |
+ use the access attribute to get object sizes from function definition
|
|
|
076f82 |
+ arguments, so we can't use them on functions we fortify. Drop the object
|
|
|
076f82 |
+ size hints for such functions. */
|
|
|
076f82 |
+# if __USE_FORTIFY_LEVEL == 3
|
|
|
076f82 |
+# define __fortified_attr_access(a, o, s) __attribute__ ((__access__ (a, o)))
|
|
|
076f82 |
+# else
|
|
|
076f82 |
+# define __fortified_attr_access(a, o, s) __attr_access ((a, o, s))
|
|
|
076f82 |
+# endif
|
|
|
076f82 |
# if __GNUC_PREREQ (11, 0)
|
|
|
076f82 |
# define __attr_access_none(argno) __attribute__ ((__access__ (__none__, argno)))
|
|
|
076f82 |
# else
|
|
|
076f82 |
# define __attr_access_none(argno)
|
|
|
076f82 |
# endif
|
|
|
076f82 |
#else
|
|
|
076f82 |
+# define __fortified_attr_access(a, o, s)
|
|
|
076f82 |
# define __attr_access(x)
|
|
|
076f82 |
# define __attr_access_none(argno)
|
|
|
076f82 |
#endif
|
|
|
076f82 |
diff --git a/posix/unistd.h b/posix/unistd.h
|
|
|
076f82 |
index 8224c5fbc956306f..7a61ff5e868c3456 100644
|
|
|
076f82 |
--- a/posix/unistd.h
|
|
|
076f82 |
+++ b/posix/unistd.h
|
|
|
076f82 |
@@ -369,7 +369,7 @@ extern void closefrom (int __lowfd) __THROW;
|
|
|
076f82 |
This function is a cancellation point and therefore not marked with
|
|
|
076f82 |
__THROW. */
|
|
|
076f82 |
extern ssize_t read (int __fd, void *__buf, size_t __nbytes) __wur
|
|
|
076f82 |
- __attr_access ((__write_only__, 2, 3));
|
|
|
076f82 |
+ __fortified_attr_access (__write_only__, 2, 3);
|
|
|
076f82 |
|
|
|
076f82 |
/* Write N bytes of BUF to FD. Return the number written, or -1.
|
|
|
076f82 |
|
|
|
076f82 |
@@ -388,7 +388,7 @@ extern ssize_t write (int __fd, const void *__buf, size_t __n) __wur
|
|
|
076f82 |
__THROW. */
|
|
|
076f82 |
extern ssize_t pread (int __fd, void *__buf, size_t __nbytes,
|
|
|
076f82 |
__off_t __offset) __wur
|
|
|
076f82 |
- __attr_access ((__write_only__, 2, 3));
|
|
|
076f82 |
+ __fortified_attr_access (__write_only__, 2, 3);
|
|
|
076f82 |
|
|
|
076f82 |
/* Write N bytes of BUF to FD at the given position OFFSET without
|
|
|
076f82 |
changing the file pointer. Return the number written, or -1.
|
|
|
076f82 |
@@ -404,7 +404,7 @@ extern ssize_t pwrite (int __fd, const void *__buf, size_t __n,
|
|
|
076f82 |
extern ssize_t __REDIRECT (pread, (int __fd, void *__buf, size_t __nbytes,
|
|
|
076f82 |
__off64_t __offset),
|
|
|
076f82 |
pread64) __wur
|
|
|
076f82 |
- __attr_access ((__write_only__, 2, 3));
|
|
|
076f82 |
+ __fortified_attr_access (__write_only__, 2, 3);
|
|
|
076f82 |
extern ssize_t __REDIRECT (pwrite, (int __fd, const void *__buf,
|
|
|
076f82 |
size_t __nbytes, __off64_t __offset),
|
|
|
076f82 |
pwrite64) __wur
|
|
|
076f82 |
@@ -421,7 +421,7 @@ extern ssize_t __REDIRECT (pwrite, (int __fd, const void *__buf,
|
|
|
076f82 |
or 0 for EOF. */
|
|
|
076f82 |
extern ssize_t pread64 (int __fd, void *__buf, size_t __nbytes,
|
|
|
076f82 |
__off64_t __offset) __wur
|
|
|
076f82 |
- __attr_access ((__write_only__, 2, 3));
|
|
|
076f82 |
+ __fortified_attr_access (__write_only__, 2, 3);
|
|
|
076f82 |
/* Write N bytes of BUF to FD at the given position OFFSET without
|
|
|
076f82 |
changing the file pointer. Return the number written, or -1. */
|
|
|
076f82 |
extern ssize_t pwrite64 (int __fd, const void *__buf, size_t __n,
|
|
|
076f82 |
@@ -642,7 +642,7 @@ extern long int sysconf (int __name) __THROW;
|
|
|
076f82 |
#ifdef __USE_POSIX2
|
|
|
076f82 |
/* Get the value of the string-valued system variable NAME. */
|
|
|
076f82 |
extern size_t confstr (int __name, char *__buf, size_t __len) __THROW
|
|
|
076f82 |
- __attr_access ((__write_only__, 2, 3));
|
|
|
076f82 |
+ __fortified_attr_access (__write_only__, 2, 3);
|
|
|
076f82 |
#endif
|
|
|
076f82 |
|
|
|
076f82 |
|
|
|
076f82 |
@@ -709,7 +709,7 @@ extern __gid_t getegid (void) __THROW;
|
|
|
076f82 |
the calling process is in. Otherwise, fill in the group IDs
|
|
|
076f82 |
of its supplementary groups in LIST and return the number written. */
|
|
|
076f82 |
extern int getgroups (int __size, __gid_t __list[]) __THROW __wur
|
|
|
076f82 |
- __attr_access ((__write_only__, 2, 1));
|
|
|
076f82 |
+ __fortified_attr_access (__write_only__, 2, 1);
|
|
|
076f82 |
#ifdef __USE_GNU
|
|
|
076f82 |
/* Return nonzero iff the calling process is in group GID. */
|
|
|
076f82 |
extern int group_member (__gid_t __gid) __THROW;
|
|
|
076f82 |
@@ -801,7 +801,8 @@ extern char *ttyname (int __fd) __THROW;
|
|
|
076f82 |
/* Store at most BUFLEN characters of the pathname of the terminal FD is
|
|
|
076f82 |
open on in BUF. Return 0 on success, otherwise an error number. */
|
|
|
076f82 |
extern int ttyname_r (int __fd, char *__buf, size_t __buflen)
|
|
|
076f82 |
- __THROW __nonnull ((2)) __wur __attr_access ((__write_only__, 2, 3));
|
|
|
076f82 |
+ __THROW __nonnull ((2)) __wur
|
|
|
076f82 |
+ __fortified_attr_access (__write_only__, 2, 3);
|
|
|
076f82 |
|
|
|
076f82 |
/* Return 1 if FD is a valid descriptor associated
|
|
|
076f82 |
with a terminal, zero if not. */
|
|
|
076f82 |
@@ -836,7 +837,8 @@ extern int symlink (const char *__from, const char *__to)
|
|
|
076f82 |
Returns the number of characters read, or -1 for errors. */
|
|
|
076f82 |
extern ssize_t readlink (const char *__restrict __path,
|
|
|
076f82 |
char *__restrict __buf, size_t __len)
|
|
|
076f82 |
- __THROW __nonnull ((1, 2)) __wur __attr_access ((__write_only__, 2, 3));
|
|
|
076f82 |
+ __THROW __nonnull ((1, 2)) __wur
|
|
|
076f82 |
+ __fortified_attr_access (__write_only__, 2, 3);
|
|
|
076f82 |
|
|
|
076f82 |
#endif /* Use POSIX.1-2001. */
|
|
|
076f82 |
|
|
|
076f82 |
@@ -848,7 +850,8 @@ extern int symlinkat (const char *__from, int __tofd,
|
|
|
076f82 |
/* Like readlink but a relative PATH is interpreted relative to FD. */
|
|
|
076f82 |
extern ssize_t readlinkat (int __fd, const char *__restrict __path,
|
|
|
076f82 |
char *__restrict __buf, size_t __len)
|
|
|
076f82 |
- __THROW __nonnull ((2, 3)) __wur __attr_access ((__write_only__, 3, 4));
|
|
|
076f82 |
+ __THROW __nonnull ((2, 3)) __wur
|
|
|
076f82 |
+ __fortified_attr_access (__write_only__, 3, 4);
|
|
|
076f82 |
#endif
|
|
|
076f82 |
|
|
|
076f82 |
/* Remove the link NAME. */
|
|
|
076f82 |
@@ -884,7 +887,7 @@ extern char *getlogin (void);
|
|
|
076f82 |
This function is a possible cancellation point and therefore not
|
|
|
076f82 |
marked with __THROW. */
|
|
|
076f82 |
extern int getlogin_r (char *__name, size_t __name_len) __nonnull ((1))
|
|
|
076f82 |
- __attr_access ((__write_only__, 1, 2));
|
|
|
076f82 |
+ __fortified_attr_access (__write_only__, 1, 2);
|
|
|
076f82 |
#endif
|
|
|
076f82 |
|
|
|
076f82 |
#ifdef __USE_MISC
|
|
|
076f82 |
@@ -906,7 +909,7 @@ extern int setlogin (const char *__name) __THROW __nonnull ((1));
|
|
|
076f82 |
The result is null-terminated if LEN is large enough for the full
|
|
|
076f82 |
name and the terminator. */
|
|
|
076f82 |
extern int gethostname (char *__name, size_t __len) __THROW __nonnull ((1))
|
|
|
076f82 |
- __attr_access ((__write_only__, 1, 2));
|
|
|
076f82 |
+ __fortified_attr_access (__write_only__, 1, 2);
|
|
|
076f82 |
#endif
|
|
|
076f82 |
|
|
|
076f82 |
|
|
|
076f82 |
@@ -925,7 +928,8 @@ extern int sethostid (long int __id) __THROW __wur;
|
|
|
076f82 |
Called just like `gethostname' and `sethostname'.
|
|
|
076f82 |
The NIS domain name is usually the empty string when not using NIS. */
|
|
|
076f82 |
extern int getdomainname (char *__name, size_t __len)
|
|
|
076f82 |
- __THROW __nonnull ((1)) __wur __attr_access ((__write_only__, 1, 2));
|
|
|
076f82 |
+ __THROW __nonnull ((1)) __wur
|
|
|
076f82 |
+ __fortified_attr_access (__write_only__, 1, 2);
|
|
|
076f82 |
extern int setdomainname (const char *__name, size_t __len)
|
|
|
076f82 |
__THROW __nonnull ((1)) __wur __attr_access ((__read_only__, 1, 2));
|
|
|
076f82 |
|
|
|
076f82 |
diff --git a/stdlib/stdlib.h b/stdlib/stdlib.h
|
|
|
076f82 |
index 0481c1235514f6e7..74c00eee73e4009d 100644
|
|
|
076f82 |
--- a/stdlib/stdlib.h
|
|
|
076f82 |
+++ b/stdlib/stdlib.h
|
|
|
076f82 |
@@ -943,7 +943,8 @@ extern size_t mbstowcs (wchar_t *__restrict __pwcs,
|
|
|
076f82 |
extern size_t wcstombs (char *__restrict __s,
|
|
|
076f82 |
const wchar_t *__restrict __pwcs, size_t __n)
|
|
|
076f82 |
__THROW
|
|
|
076f82 |
- __attr_access ((__write_only__, 1, 3)) __attr_access ((__read_only__, 2));
|
|
|
076f82 |
+ __fortified_attr_access (__write_only__, 1, 3)
|
|
|
076f82 |
+ __attr_access ((__read_only__, 2));
|
|
|
076f82 |
|
|
|
076f82 |
#ifdef __USE_MISC
|
|
|
076f82 |
/* Determine whether the string value of RESPONSE matches the affirmation
|
|
|
076f82 |
@@ -997,7 +998,7 @@ extern char *ptsname (int __fd) __THROW __wur;
|
|
|
076f82 |
terminal associated with the master FD is open on in BUF.
|
|
|
076f82 |
Return 0 on success, otherwise an error number. */
|
|
|
076f82 |
extern int ptsname_r (int __fd, char *__buf, size_t __buflen)
|
|
|
076f82 |
- __THROW __nonnull ((2)) __attr_access ((__write_only__, 2, 3));
|
|
|
076f82 |
+ __THROW __nonnull ((2)) __fortified_attr_access (__write_only__, 2, 3);
|
|
|
076f82 |
|
|
|
076f82 |
/* Open a master pseudo terminal and return its file descriptor. */
|
|
|
076f82 |
extern int getpt (void);
|
|
|
076f82 |
diff --git a/string/bits/string_fortified.h b/string/bits/string_fortified.h
|
|
|
076f82 |
index 67ae2c6b50435368..5731274848260ad2 100644
|
|
|
076f82 |
--- a/string/bits/string_fortified.h
|
|
|
076f82 |
+++ b/string/bits/string_fortified.h
|
|
|
076f82 |
@@ -64,7 +64,7 @@ __NTH (memset (void *__dest, int __ch, size_t __len))
|
|
|
076f82 |
# include <bits/strings_fortified.h>
|
|
|
076f82 |
|
|
|
076f82 |
void __explicit_bzero_chk (void *__dest, size_t __len, size_t __destlen)
|
|
|
076f82 |
- __THROW __nonnull ((1)) __attr_access ((__write_only__, 1, 2));
|
|
|
076f82 |
+ __THROW __nonnull ((1)) __fortified_attr_access (__write_only__, 1, 2);
|
|
|
076f82 |
|
|
|
076f82 |
__fortify_function void
|
|
|
076f82 |
__NTH (explicit_bzero (void *__dest, size_t __len))
|
|
|
076f82 |
@@ -106,7 +106,8 @@ __NTH (stpncpy (char *__dest, const char *__src, size_t __n))
|
|
|
076f82 |
#else
|
|
|
076f82 |
extern char *__stpncpy_chk (char *__dest, const char *__src, size_t __n,
|
|
|
076f82 |
size_t __destlen) __THROW
|
|
|
076f82 |
- __attr_access ((__write_only__, 1, 3)) __attr_access ((__read_only__, 2));
|
|
|
076f82 |
+ __fortified_attr_access ((__write_only__, 1, 3))
|
|
|
076f82 |
+ __attr_access ((__read_only__, 2));
|
|
|
076f82 |
extern char *__REDIRECT_NTH (__stpncpy_alias, (char *__dest, const char *__src,
|
|
|
076f82 |
size_t __n), stpncpy);
|
|
|
076f82 |
|
|
|
076f82 |
diff --git a/string/string.h b/string/string.h
|
|
|
076f82 |
index 04e1b7067dc31d3c..8dcafb4ac4952853 100644
|
|
|
076f82 |
--- a/string/string.h
|
|
|
076f82 |
+++ b/string/string.h
|
|
|
076f82 |
@@ -448,7 +448,7 @@ extern char *strerror_l (int __errnum, locale_t __l) __THROW;
|
|
|
076f82 |
/* Set N bytes of S to 0. The compiler will not delete a call to this
|
|
|
076f82 |
function, even if S is dead after the call. */
|
|
|
076f82 |
extern void explicit_bzero (void *__s, size_t __n) __THROW __nonnull ((1))
|
|
|
076f82 |
- __attr_access ((__write_only__, 1, 2));
|
|
|
076f82 |
+ __fortified_attr_access (__write_only__, 1, 2);
|
|
|
076f82 |
|
|
|
076f82 |
/* Return the next DELIM-delimited token from *STRINGP,
|
|
|
076f82 |
terminating it with a '\0', and update *STRINGP to point past it. */
|