fortify-headers/include/string.h

#ifndef FORTIFY_STRING_H_
#define FORTIFY_STRING_H_

#include_next <string.h>

#if defined(_FORTIFY_SOURCE) && _FORTIFY_SOURCE > 0 && defined(__OPTIMIZE__) && __OPTIMIZE__ > 0

#ifndef __cplusplus

static inline __attribute__ ((always_inline))
void *
__fortify_memcpy(void *dest, const void *src, size_t n)
{
	size_t bos = __builtin_object_size(dest, 0);
	char *d = (char *)dest;
	const char *s = (const char *)src;

	/* trap if pointers are overlapping but not if dest == src.
	 * gcc seems to like to generate code that relies on dest == src */
	if ((d < s && d + n > s) ||
	    (s < d && s + n > d))
		__builtin_trap();
	if (n > bos)
		__builtin_trap();
	return memcpy(dest, src, n);
}

static inline __attribute__ ((always_inline))
void *
__fortify_memmove(void *dest, const void *src, size_t n)
{
	size_t bos = __builtin_object_size(dest, 0);

	if (n > bos)
		__builtin_trap();
	return memmove(dest, src, n);
}

static inline __attribute__ ((always_inline))
void *
__fortify_memset(void *dest, int c, size_t n)
{
	size_t bos = __builtin_object_size(dest, 0);

	if (n > bos)
		__builtin_trap();
	return memset(dest, c, n);
}

static inline __attribute__ ((always_inline))
char *
__fortify_stpcpy(char *dest, const char *src)
{
	size_t bos = __builtin_object_size(dest, 0);

	if (strlen(src) + 1 > bos)
		__builtin_trap();
	return stpcpy(dest, src);
}

static inline __attribute__ ((always_inline))
char *
__fortify_stpncpy(char *dest, const char *src, size_t n)
{
	size_t bos = __builtin_object_size(dest, 0);

	if (n > bos)
		__builtin_trap();
	return stpncpy(dest, src, n);
}

static inline __attribute__ ((always_inline))
char *
__fortify_strcat(char *dest, const char *src)
{
	size_t bos = __builtin_object_size(dest, 0);

	if (strlen(src) + strlen(dest) + 1 > bos)
		__builtin_trap();
	return strcat(dest, src);
}

static inline __attribute__ ((always_inline))
char *
__fortify_strcpy(char *dest, const char *src)
{
	size_t bos = __builtin_object_size(dest, 0);

	if (strlen(src) + 1 > bos)
		__builtin_trap();
	return strcpy(dest, src);
}

static inline __attribute__ ((always_inline))
char *
__fortify_strncat(char *dest, const char *src, size_t n)
{
	size_t bos = __builtin_object_size(dest, 0);
	size_t slen, dlen;

	if (n > bos) {
		slen = strlen(src);
		dlen = strlen(dest);
		if (slen > n)
			slen = n;
		if (slen + dlen + 1 > bos)
			__builtin_trap();
	}
	return strncat(dest, src, n);
}

static inline __attribute__ ((always_inline))
char *
__fortify_strncpy(char *dest, const char *src, size_t n)
{
	size_t bos = __builtin_object_size(dest, 0);

	if (n > bos)
		__builtin_trap();
	return strncpy(dest, src, n);
}

#ifdef _GNU_SOURCE
static inline __attribute__ ((always_inline))
void *
__fortify_mempcpy(void *dest, const void *src, size_t n)
{
	size_t bos = __builtin_object_size(dest, 0);

	if (n > bos)
		__builtin_trap();
	return mempcpy(dest, src, n);
}
#endif

#if defined(_GNU_SOURCE) || defined(_BSD_SOURCE)
static inline __attribute__ ((always_inline))
size_t
__fortify_strlcat(char *dest, const char *src, size_t n)
{
	size_t bos = __builtin_object_size(dest, 0);

	if (n > bos)
		__builtin_trap();
	return strlcat(dest, src, n);
}

static inline __attribute__ ((always_inline))
size_t
__fortify_strlcpy(char *dest, const char *src, size_t n)
{
	size_t bos = __builtin_object_size(dest, 0);

	if (n > bos)
		__builtin_trap();
	return strlcpy(dest, src, n);
}
#endif

#undef memcpy
#define memcpy(dest, src, n) __fortify_memcpy(dest, src, n)
#undef memmove
#define memmove(dest, src, n) __fortify_memmove(dest, src, n)
#undef memset
#define memset(dest, src, n) __fortify_memset(dest, src, n)
#undef stpcpy
#define stpcpy(dest, src) __fortify_stpcpy(dest, src)
#undef stpncpy
#define stpncpy(dest, src, n) __fortify_stpncpy(dest, src, n)
#undef strcat
#define strcat(dest, src) __fortify_strcat(dest, src)
#undef strcpy
#define strcpy(dest, src) __fortify_strcpy(dest, src)
#undef strncat
#define strncat(dest, src, n) __fortify_strncat(dest, src, n)
#undef strncpy
#define strncpy(dest, src, n) __fortify_strncpy(dest, src, n)

#ifdef _GNU_SOURCE
#undef mempcpy
#define mempcpy(dest, src, n) __fortify_mempcpy(dest, src, n)
#endif

#if defined(_GNU_SOURCE) || defined(_BSD_SOURCE)
#undef strlcat
#define strlcat(dest, src, n) __fortify_strlcat(dest, src, n)
#undef strlcpy
#define strlcpy(dest, src, n) __fortify_strlcpy(dest, src, n)
#endif

#endif

#endif

#endif
Initial commit 2015-01-28 15:14:49 +00:00			`#ifndef FORTIFY_STRING_H_`
			`#define FORTIFY_STRING_H_`

			`#include_next <string.h>`

			`#if defined(_FORTIFY_SOURCE) && _FORTIFY_SOURCE > 0 && defined(__OPTIMIZE__) && __OPTIMIZE__ > 0`

Ignore C++ for now It is not legal to override standard functions using macros in C++. We may have to revisit this in the future. 2015-03-11 11:18:31 +00:00			`#ifndef __cplusplus`
Add ifdef guards for C++ code 2015-03-11 09:26:11 +00:00
Initial commit 2015-01-28 15:14:49 +00:00			`static inline __attribute__ ((always_inline))`
Use BSD-style func defs 2015-01-28 23:40:17 +00:00			`void *`
Remove __restrict 2015-01-30 16:25:13 +00:00			`__fortify_memcpy(void dest, const void src, size_t n)`
Initial commit 2015-01-28 15:14:49 +00:00			`{`
			`size_t bos = __builtin_object_size(dest, 0);`
Add explicit casts to satisfy C++ code 2015-03-11 09:21:25 +00:00			`char d = (char )dest;`
			`const char s = (const char )src;`
Initial commit 2015-01-28 15:14:49 +00:00
Clarify comment a bit 2015-02-25 10:35:16 +00:00			`/* trap if pointers are overlapping but not if dest == src.`
			`* gcc seems to like to generate code that relies on dest == src */`
Revert "Fix invalid conversion in C++ code" This reverts commit 4b4dfea25d660a8a27e95ea531686001246b3d1e. 2015-03-11 09:21:00 +00:00			`if ((d < s && d + n > s) \|\|`
			`(s < d && s + n > d))`
Trap if memcpy() pointers are overlapping Maybe this should only be done if _FORTIFY_SOURCE > 1. 2015-01-29 10:47:54 +00:00			`__builtin_trap();`
Simplify checks Do not perform checks only when `n' is constant, most of the time it is not. The bos == (size_t)-1 check is redundant because n > bos with bos == -1 will always be false. 2015-01-28 17:12:12 +00:00			`if (n > bos)`
Merge __foo_chk() into __fortify_foo() 2015-01-28 15:36:44 +00:00			`__builtin_trap();`
			`return memcpy(dest, src, n);`
Initial commit 2015-01-28 15:14:49 +00:00			`}`

			`static inline __attribute__ ((always_inline))`
Use BSD-style func defs 2015-01-28 23:40:17 +00:00			`void *`
Remove __restrict 2015-01-30 16:25:13 +00:00			`__fortify_memmove(void dest, const void src, size_t n)`
Initial commit 2015-01-28 15:14:49 +00:00			`{`
			`size_t bos = __builtin_object_size(dest, 0);`

Simplify checks Do not perform checks only when `n' is constant, most of the time it is not. The bos == (size_t)-1 check is redundant because n > bos with bos == -1 will always be false. 2015-01-28 17:12:12 +00:00			`if (n > bos)`
Merge __foo_chk() into __fortify_foo() 2015-01-28 15:36:44 +00:00			`__builtin_trap();`
			`return memmove(dest, src, n);`
Initial commit 2015-01-28 15:14:49 +00:00			`}`

			`static inline __attribute__ ((always_inline))`
Use BSD-style func defs 2015-01-28 23:40:17 +00:00			`void *`
			`__fortify_memset(void *dest, int c, size_t n)`
Initial commit 2015-01-28 15:14:49 +00:00			`{`
			`size_t bos = __builtin_object_size(dest, 0);`

Simplify checks Do not perform checks only when `n' is constant, most of the time it is not. The bos == (size_t)-1 check is redundant because n > bos with bos == -1 will always be false. 2015-01-28 17:12:12 +00:00			`if (n > bos)`
Merge __foo_chk() into __fortify_foo() 2015-01-28 15:36:44 +00:00			`__builtin_trap();`
			`return memset(dest, c, n);`
Initial commit 2015-01-28 15:14:49 +00:00			`}`

Add stpcpy() 2015-01-28 16:16:23 +00:00			`static inline __attribute__ ((always_inline))`
Use BSD-style func defs 2015-01-28 23:40:17 +00:00			`char *`
Remove __restrict 2015-01-30 16:25:13 +00:00			`__fortify_stpcpy(char dest, const char src)`
Add stpcpy() 2015-01-28 16:16:23 +00:00			`{`
			`size_t bos = __builtin_object_size(dest, 0);`

			`if (strlen(src) + 1 > bos)`
			`__builtin_trap();`
			`return stpcpy(dest, src);`
			`}`

Add stpncpy() 2015-01-28 16:21:38 +00:00			`static inline __attribute__ ((always_inline))`
Use BSD-style func defs 2015-01-28 23:40:17 +00:00			`char *`
Remove __restrict 2015-01-30 16:25:13 +00:00			`__fortify_stpncpy(char dest, const char src, size_t n)`
Add stpncpy() 2015-01-28 16:21:38 +00:00			`{`
			`size_t bos = __builtin_object_size(dest, 0);`

Simplify checks Do not perform checks only when `n' is constant, most of the time it is not. The bos == (size_t)-1 check is redundant because n > bos with bos == -1 will always be false. 2015-01-28 17:12:12 +00:00			`if (n > bos)`
Add stpncpy() 2015-01-28 16:21:38 +00:00			`__builtin_trap();`
			`return stpncpy(dest, src, n);`
			`}`

Initial commit 2015-01-28 15:14:49 +00:00			`static inline __attribute__ ((always_inline))`
Use BSD-style func defs 2015-01-28 23:40:17 +00:00			`char *`
Remove __restrict 2015-01-30 16:25:13 +00:00			`__fortify_strcat(char dest, const char src)`
Initial commit 2015-01-28 15:14:49 +00:00			`{`
			`size_t bos = __builtin_object_size(dest, 0);`

Merge __foo_chk() into __fortify_foo() 2015-01-28 15:36:44 +00:00			`if (strlen(src) + strlen(dest) + 1 > bos)`
			`__builtin_trap();`
			`return strcat(dest, src);`
Initial commit 2015-01-28 15:14:49 +00:00			`}`

			`static inline __attribute__ ((always_inline))`
Use BSD-style func defs 2015-01-28 23:40:17 +00:00			`char *`
Remove __restrict 2015-01-30 16:25:13 +00:00			`__fortify_strcpy(char dest, const char src)`
Initial commit 2015-01-28 15:14:49 +00:00			`{`
			`size_t bos = __builtin_object_size(dest, 0);`

Merge __foo_chk() into __fortify_foo() 2015-01-28 15:36:44 +00:00			`if (strlen(src) + 1 > bos)`
			`__builtin_trap();`
			`return strcpy(dest, src);`
Initial commit 2015-01-28 15:14:49 +00:00			`}`

			`static inline __attribute__ ((always_inline))`
Use BSD-style func defs 2015-01-28 23:40:17 +00:00			`char *`
Remove __restrict 2015-01-30 16:25:13 +00:00			`__fortify_strncat(char dest, const char src, size_t n)`
Initial commit 2015-01-28 15:14:49 +00:00			`{`
			`size_t bos = __builtin_object_size(dest, 0);`
Merge __foo_chk() into __fortify_foo() 2015-01-28 15:36:44 +00:00			`size_t slen, dlen;`
Initial commit 2015-01-28 15:14:49 +00:00
Simplify checks Do not perform checks only when `n' is constant, most of the time it is not. The bos == (size_t)-1 check is redundant because n > bos with bos == -1 will always be false. 2015-01-28 17:12:12 +00:00			`if (n > bos) {`
Merge __foo_chk() into __fortify_foo() 2015-01-28 15:36:44 +00:00			`slen = strlen(src);`
			`dlen = strlen(dest);`
			`if (slen > n)`
			`slen = n;`
			`if (slen + dlen + 1 > bos)`
			`__builtin_trap();`
			`}`
			`return strncat(dest, src, n);`
Initial commit 2015-01-28 15:14:49 +00:00			`}`

			`static inline __attribute__ ((always_inline))`
Use BSD-style func defs 2015-01-28 23:40:17 +00:00			`char *`
Remove __restrict 2015-01-30 16:25:13 +00:00			`__fortify_strncpy(char dest, const char src, size_t n)`
Initial commit 2015-01-28 15:14:49 +00:00			`{`
			`size_t bos = __builtin_object_size(dest, 0);`

Simplify checks Do not perform checks only when `n' is constant, most of the time it is not. The bos == (size_t)-1 check is redundant because n > bos with bos == -1 will always be false. 2015-01-28 17:12:12 +00:00			`if (n > bos)`
Merge __foo_chk() into __fortify_foo() 2015-01-28 15:36:44 +00:00			`__builtin_trap();`
			`return strncpy(dest, src, n);`
Initial commit 2015-01-28 15:14:49 +00:00			`}`

Use #ifdef instead of #if defined 2015-01-28 17:47:08 +00:00			`#ifdef _GNU_SOURCE`
Add mempcpy() checks 2015-01-28 17:44:38 +00:00			`static inline __attribute__ ((always_inline))`
Use BSD-style func defs 2015-01-28 23:40:17 +00:00			`void *`
Remove __restrict 2015-01-30 16:25:13 +00:00			`__fortify_mempcpy(void dest, const void src, size_t n)`
Add mempcpy() checks 2015-01-28 17:44:38 +00:00			`{`
			`size_t bos = __builtin_object_size(dest, 0);`

			`if (n > bos)`
			`__builtin_trap();`
			`return mempcpy(dest, src, n);`
			`}`
			`#endif`

Initial commit 2015-01-28 15:14:49 +00:00			`#if defined(_GNU_SOURCE) \|\| defined(_BSD_SOURCE)`
			`static inline __attribute__ ((always_inline))`
Use BSD-style func defs 2015-01-28 23:40:17 +00:00			`size_t`
Remove __restrict 2015-01-30 16:25:13 +00:00			`__fortify_strlcat(char dest, const char src, size_t n)`
Initial commit 2015-01-28 15:14:49 +00:00			`{`
			`size_t bos = __builtin_object_size(dest, 0);`

Simplify checks Do not perform checks only when `n' is constant, most of the time it is not. The bos == (size_t)-1 check is redundant because n > bos with bos == -1 will always be false. 2015-01-28 17:12:12 +00:00			`if (n > bos)`
Merge __foo_chk() into __fortify_foo() 2015-01-28 15:36:44 +00:00			`__builtin_trap();`
			`return strlcat(dest, src, n);`
Initial commit 2015-01-28 15:14:49 +00:00			`}`

			`static inline __attribute__ ((always_inline))`
Use BSD-style func defs 2015-01-28 23:40:17 +00:00			`size_t`
Remove __restrict 2015-01-30 16:25:13 +00:00			`__fortify_strlcpy(char dest, const char src, size_t n)`
Initial commit 2015-01-28 15:14:49 +00:00			`{`
			`size_t bos = __builtin_object_size(dest, 0);`

Simplify checks Do not perform checks only when `n' is constant, most of the time it is not. The bos == (size_t)-1 check is redundant because n > bos with bos == -1 will always be false. 2015-01-28 17:12:12 +00:00			`if (n > bos)`
Merge __foo_chk() into __fortify_foo() 2015-01-28 15:36:44 +00:00			`__builtin_trap();`
			`return strlcpy(dest, src, n);`
Initial commit 2015-01-28 15:14:49 +00:00			`}`
Move defines to the bottom This allows us to re-use the functions internally. 2015-01-28 16:07:24 +00:00			`#endif`

			`#undef memcpy`
			`#define memcpy(dest, src, n) __fortify_memcpy(dest, src, n)`
			`#undef memmove`
			`#define memmove(dest, src, n) __fortify_memmove(dest, src, n)`
			`#undef memset`
			`#define memset(dest, src, n) __fortify_memset(dest, src, n)`
Add stpcpy() 2015-01-28 16:16:23 +00:00			`#undef stpcpy`
Remove trailing semicolon 2015-01-28 16:31:19 +00:00			`#define stpcpy(dest, src) __fortify_stpcpy(dest, src)`
Add stpncpy() 2015-01-28 16:21:38 +00:00			`#undef stpncpy`
Remove trailing semicolon 2015-01-28 16:31:19 +00:00			`#define stpncpy(dest, src, n) __fortify_stpncpy(dest, src, n)`
Move defines to the bottom This allows us to re-use the functions internally. 2015-01-28 16:07:24 +00:00			`#undef strcat`
			`#define strcat(dest, src) __fortify_strcat(dest, src)`
			`#undef strcpy`
			`#define strcpy(dest, src) __fortify_strcpy(dest, src)`
			`#undef strncat`
Fix strncat() and strncpy() mappings Thanks zhasha. 2015-03-07 11:49:44 +00:00			`#define strncat(dest, src, n) __fortify_strncat(dest, src, n)`
Move defines to the bottom This allows us to re-use the functions internally. 2015-01-28 16:07:24 +00:00			`#undef strncpy`
Fix strncat() and strncpy() mappings Thanks zhasha. 2015-03-07 11:49:44 +00:00			`#define strncpy(dest, src, n) __fortify_strncpy(dest, src, n)`
Initial commit 2015-01-28 15:14:49 +00:00
Use #ifdef instead of #if defined 2015-01-28 17:47:08 +00:00			`#ifdef _GNU_SOURCE`
Add mempcpy() checks 2015-01-28 17:44:38 +00:00			`#undef mempcpy`
			`#define mempcpy(dest, src, n) __fortify_mempcpy(dest, src, n)`
			`#endif`

Move defines to the bottom This allows us to re-use the functions internally. 2015-01-28 16:07:24 +00:00			`#if defined(_GNU_SOURCE) \|\| defined(_BSD_SOURCE)`
			`#undef strlcat`
			`#define strlcat(dest, src, n) __fortify_strlcat(dest, src, n)`
Initial commit 2015-01-28 15:14:49 +00:00			`#undef strlcpy`
			`#define strlcpy(dest, src, n) __fortify_strlcpy(dest, src, n)`
			`#endif`
Move defines to the bottom This allows us to re-use the functions internally. 2015-01-28 16:07:24 +00:00
Add ifdef guards for C++ code 2015-03-11 09:26:11 +00:00			`#endif`

Initial commit 2015-01-28 15:14:49 +00:00			`#endif`

			`#endif`