| Message ID | 20240216164401.3184063-1-siddhesh@sourceware.org |
|---|---|
| State | New |
| Headers | show |
| Series | [v2] cdefs: Drop access attribute for _FORTIFY_SOURCE=3 (BZ #31383) | expand |
On 16/02/24 13:44, Siddhesh Poyarekar wrote: > When passed a pointer to a zero-sized struct, the access attribute > without the third argument misleads -Wstringop-overflow diagnostics to > think that a function is writing 1 byte into the zero-sized structs. > The attribute doesn't add that much value in this context, so drop it > completely for _FORTIFY_SOURCE=3. > > Resolves: BZ #31383 > Signed-off-by: Siddhesh Poyarekar <siddhesh@sourceware.org> It fails to build with aarch64/armhf buildbot [1]. The bots uses the ubuntu 22 system compiler (gcc 11.4), and the tests fails: * with --enable-fortify-source=2 $ make test t=io/tst-read-zero [...] tst-read-zero.c:21: error: "_FORTIFY_SOURCE" redefined [-Werror] 21 | #define _FORTIFY_SOURCE 3 | <command-line>: note: this is the location of the previous definition In file included from ../io/fcntl.h:25, from ../include/fcntl.h:2, from tst-read-zero.c:22: ../include/features.h:434:5: error: #warning _FORTIFY_SOURCE > 2 is treated like 2 on this platform [-Werror=cpp] 434 | # warning _FORTIFY_SOURCE > 2 is treated like 2 on this platform | ^~~~~~~ cc1: all warnings being treated as errors * with --enable-fortify-source=no In file included from ../io/fcntl.h:25, from ../include/fcntl.h:2, from tst-read-zero.c:22: ../include/features.h:434:5: error: #warning _FORTIFY_SOURCE > 2 is treated like 2 on this platform [-Werror=cpp] 434 | # warning _FORTIFY_SOURCE > 2 is treated like 2 on this platform | ^~~~~~~ cc1: all warnings being treated as errors https://patchwork.sourceware.org/project/glibc/patch/20240216164401.3184063-1-siddhesh@sourceware.org/ > --- > Changes from v1: > - Adjust test to read from /dev/zero > > io/Makefile | 1 + > io/tst-read-zero.c | 40 ++++++++++++++++++++++++++++++++++++++++ > misc/sys/cdefs.h | 6 +++--- > 3 files changed, 44 insertions(+), 3 deletions(-) > create mode 100644 io/tst-read-zero.c > > diff --git a/io/Makefile b/io/Makefile > index 54d950d51f..2a52b66255 100644 > --- a/io/Makefile > +++ b/io/Makefile > @@ -215,6 +215,7 @@ tests := \ > tst-openat \ > tst-posix_fallocate \ > tst-posix_fallocate64 \ > + tst-read-zero \ > tst-readlinkat \ > tst-renameat \ > tst-stat \ > diff --git a/io/tst-read-zero.c b/io/tst-read-zero.c > new file mode 100644 > index 0000000000..9442f94e5d > --- /dev/null > +++ b/io/tst-read-zero.c > @@ -0,0 +1,40 @@ > +/* read smoke test for 0-sized structures. > + Copyright The GNU Toolchain Authors. > + This file is part of the GNU C Library. > + > + The GNU C Library is free software; you can redistribute it and/or > + modify it under the terms of the GNU Lesser General Public > + License as published by the Free Software Foundation; either > + version 2.1 of the License, or (at your option) any later version. > + > + The GNU C Library is distributed in the hope that it will be useful, > + but WITHOUT ANY WARRANTY; without even the implied warranty of > + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU > + Lesser General Public License for more details. > + > + You should have received a copy of the GNU Lesser General Public > + License along with the GNU C Library; if not, see > + <https://www.gnu.org/licenses/>. */ > + > +/* Zero-sized structures should not result in any overflow warnings or > + errors when fortification is enabled. */ > +#define _FORTIFY_SOURCE 3 > +#include <fcntl.h> > +#include <stdio.h> > +#include <unistd.h> > +#include <support/check.h> > + > +int > +do_test (void) > +{ > + struct test_st {} test_info[16]; > + int fd = open ("/dev/zero", O_RDONLY, 0); > + > + if (fd == -1) > + FAIL_UNSUPPORTED ("Unable to open /dev/zero: %m"); > + > + TEST_VERIFY_EXIT (read (fd, test_info, sizeof(test_info)) == 0); > + return 0; > +} > + > +#include <support/test-driver.c> > diff --git a/misc/sys/cdefs.h b/misc/sys/cdefs.h > index 520231dbea..800c44640f 100644 > --- a/misc/sys/cdefs.h > +++ b/misc/sys/cdefs.h > @@ -683,10 +683,10 @@ _Static_assert (0, "IEEE 128-bits long double requires redirection on this platf > # define __attr_access(x) __attribute__ ((__access__ x)) > /* For _FORTIFY_SOURCE == 3 we use __builtin_dynamic_object_size, which may > use the access attribute to get object sizes from function definition > - arguments, so we can't use them on functions we fortify. Drop the object > - size hints for such functions. */ > + arguments, so we can't use them on functions we fortify. Drop the access > + attribute for such functions. */ > # if __USE_FORTIFY_LEVEL == 3 > -# define __fortified_attr_access(a, o, s) __attribute__ ((__access__ (a, o))) > +# define __fortified_attr_access(a, o, s) > # else > # define __fortified_attr_access(a, o, s) __attr_access ((a, o, s)) > # endif
On 2024-02-20 09:44, Adhemerval Zanella Netto wrote: > > > On 16/02/24 13:44, Siddhesh Poyarekar wrote: >> When passed a pointer to a zero-sized struct, the access attribute >> without the third argument misleads -Wstringop-overflow diagnostics to >> think that a function is writing 1 byte into the zero-sized structs. >> The attribute doesn't add that much value in this context, so drop it >> completely for _FORTIFY_SOURCE=3. >> >> Resolves: BZ #31383 >> Signed-off-by: Siddhesh Poyarekar <siddhesh@sourceware.org> > > It fails to build with aarch64/armhf buildbot [1]. The bots uses the > ubuntu 22 system compiler (gcc 11.4), and the tests fails: > > * with --enable-fortify-source=2 Ah, I see. I'll fix this; I've hard-coded _FORTIFY_SOURCE=3 in there and maybe I should set it only to the maximum supported fortification level. I'll send an updated patch. Thanks, Sid > > $ make test t=io/tst-read-zero > [...] > tst-read-zero.c:21: error: "_FORTIFY_SOURCE" redefined [-Werror] > 21 | #define _FORTIFY_SOURCE 3 > | > <command-line>: note: this is the location of the previous definition > In file included from ../io/fcntl.h:25, > from ../include/fcntl.h:2, > from tst-read-zero.c:22: > ../include/features.h:434:5: error: #warning _FORTIFY_SOURCE > 2 is treated like 2 on this platform [-Werror=cpp] > 434 | # warning _FORTIFY_SOURCE > 2 is treated like 2 on this platform > | ^~~~~~~ > cc1: all warnings being treated as errors > > * with --enable-fortify-source=no > > In file included from ../io/fcntl.h:25, > from ../include/fcntl.h:2, > from tst-read-zero.c:22: > ../include/features.h:434:5: error: #warning _FORTIFY_SOURCE > 2 is treated like 2 on this platform [-Werror=cpp] > 434 | # warning _FORTIFY_SOURCE > 2 is treated like 2 on this platform > | ^~~~~~~ > cc1: all warnings being treated as errors > > https://patchwork.sourceware.org/project/glibc/patch/20240216164401.3184063-1-siddhesh@sourceware.org/ > >> --- >> Changes from v1: >> - Adjust test to read from /dev/zero >> >> io/Makefile | 1 + >> io/tst-read-zero.c | 40 ++++++++++++++++++++++++++++++++++++++++ >> misc/sys/cdefs.h | 6 +++--- >> 3 files changed, 44 insertions(+), 3 deletions(-) >> create mode 100644 io/tst-read-zero.c >> >> diff --git a/io/Makefile b/io/Makefile >> index 54d950d51f..2a52b66255 100644 >> --- a/io/Makefile >> +++ b/io/Makefile >> @@ -215,6 +215,7 @@ tests := \ >> tst-openat \ >> tst-posix_fallocate \ >> tst-posix_fallocate64 \ >> + tst-read-zero \ >> tst-readlinkat \ >> tst-renameat \ >> tst-stat \ >> diff --git a/io/tst-read-zero.c b/io/tst-read-zero.c >> new file mode 100644 >> index 0000000000..9442f94e5d >> --- /dev/null >> +++ b/io/tst-read-zero.c >> @@ -0,0 +1,40 @@ >> +/* read smoke test for 0-sized structures. >> + Copyright The GNU Toolchain Authors. >> + This file is part of the GNU C Library. >> + >> + The GNU C Library is free software; you can redistribute it and/or >> + modify it under the terms of the GNU Lesser General Public >> + License as published by the Free Software Foundation; either >> + version 2.1 of the License, or (at your option) any later version. >> + >> + The GNU C Library is distributed in the hope that it will be useful, >> + but WITHOUT ANY WARRANTY; without even the implied warranty of >> + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU >> + Lesser General Public License for more details. >> + >> + You should have received a copy of the GNU Lesser General Public >> + License along with the GNU C Library; if not, see >> + <https://www.gnu.org/licenses/>. */ >> + >> +/* Zero-sized structures should not result in any overflow warnings or >> + errors when fortification is enabled. */ >> +#define _FORTIFY_SOURCE 3 >> +#include <fcntl.h> >> +#include <stdio.h> >> +#include <unistd.h> >> +#include <support/check.h> >> + >> +int >> +do_test (void) >> +{ >> + struct test_st {} test_info[16]; >> + int fd = open ("/dev/zero", O_RDONLY, 0); >> + >> + if (fd == -1) >> + FAIL_UNSUPPORTED ("Unable to open /dev/zero: %m"); >> + >> + TEST_VERIFY_EXIT (read (fd, test_info, sizeof(test_info)) == 0); >> + return 0; >> +} >> + >> +#include <support/test-driver.c> >> diff --git a/misc/sys/cdefs.h b/misc/sys/cdefs.h >> index 520231dbea..800c44640f 100644 >> --- a/misc/sys/cdefs.h >> +++ b/misc/sys/cdefs.h >> @@ -683,10 +683,10 @@ _Static_assert (0, "IEEE 128-bits long double requires redirection on this platf >> # define __attr_access(x) __attribute__ ((__access__ x)) >> /* For _FORTIFY_SOURCE == 3 we use __builtin_dynamic_object_size, which may >> use the access attribute to get object sizes from function definition >> - arguments, so we can't use them on functions we fortify. Drop the object >> - size hints for such functions. */ >> + arguments, so we can't use them on functions we fortify. Drop the access >> + attribute for such functions. */ >> # if __USE_FORTIFY_LEVEL == 3 >> -# define __fortified_attr_access(a, o, s) __attribute__ ((__access__ (a, o))) >> +# define __fortified_attr_access(a, o, s) >> # else >> # define __fortified_attr_access(a, o, s) __attr_access ((a, o, s)) >> # endif >
diff --git a/io/Makefile b/io/Makefile index 54d950d51f..2a52b66255 100644 --- a/io/Makefile +++ b/io/Makefile @@ -215,6 +215,7 @@ tests := \ tst-openat \ tst-posix_fallocate \ tst-posix_fallocate64 \ + tst-read-zero \ tst-readlinkat \ tst-renameat \ tst-stat \ diff --git a/io/tst-read-zero.c b/io/tst-read-zero.c new file mode 100644 index 0000000000..9442f94e5d --- /dev/null +++ b/io/tst-read-zero.c @@ -0,0 +1,40 @@ +/* read smoke test for 0-sized structures. + Copyright The GNU Toolchain Authors. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + <https://www.gnu.org/licenses/>. */ + +/* Zero-sized structures should not result in any overflow warnings or + errors when fortification is enabled. */ +#define _FORTIFY_SOURCE 3 +#include <fcntl.h> +#include <stdio.h> +#include <unistd.h> +#include <support/check.h> + +int +do_test (void) +{ + struct test_st {} test_info[16]; + int fd = open ("/dev/zero", O_RDONLY, 0); + + if (fd == -1) + FAIL_UNSUPPORTED ("Unable to open /dev/zero: %m"); + + TEST_VERIFY_EXIT (read (fd, test_info, sizeof(test_info)) == 0); + return 0; +} + +#include <support/test-driver.c> diff --git a/misc/sys/cdefs.h b/misc/sys/cdefs.h index 520231dbea..800c44640f 100644 --- a/misc/sys/cdefs.h +++ b/misc/sys/cdefs.h @@ -683,10 +683,10 @@ _Static_assert (0, "IEEE 128-bits long double requires redirection on this platf # define __attr_access(x) __attribute__ ((__access__ x)) /* For _FORTIFY_SOURCE == 3 we use __builtin_dynamic_object_size, which may use the access attribute to get object sizes from function definition - arguments, so we can't use them on functions we fortify. Drop the object - size hints for such functions. */ + arguments, so we can't use them on functions we fortify. Drop the access + attribute for such functions. */ # if __USE_FORTIFY_LEVEL == 3 -# define __fortified_attr_access(a, o, s) __attribute__ ((__access__ (a, o))) +# define __fortified_attr_access(a, o, s) # else # define __fortified_attr_access(a, o, s) __attr_access ((a, o, s)) # endif
When passed a pointer to a zero-sized struct, the access attribute without the third argument misleads -Wstringop-overflow diagnostics to think that a function is writing 1 byte into the zero-sized structs. The attribute doesn't add that much value in this context, so drop it completely for _FORTIFY_SOURCE=3. Resolves: BZ #31383 Signed-off-by: Siddhesh Poyarekar <siddhesh@sourceware.org> --- Changes from v1: - Adjust test to read from /dev/zero io/Makefile | 1 + io/tst-read-zero.c | 40 ++++++++++++++++++++++++++++++++++++++++ misc/sys/cdefs.h | 6 +++--- 3 files changed, 44 insertions(+), 3 deletions(-) create mode 100644 io/tst-read-zero.c