standalone fortify-source implementation
git clone git://
Log | Files | Refs | README | LICENSE

commit c2bb9e106a32619726cfc5052a1509e96b90de9f
parent c7e82d4863992c2f3bbb6f5a31fa8e5fd0e1643f
Author: Natanael Copa <>
Date:   Thu,  7 May 2015 14:50:03 +0200

fix realpath when stdlib.h is included before limits.h

If program includes stdlib.h before limits.h without _XOPEN_SOURCE,
_GNU_SOURCE or _BSD_SOURCE explicitly set, then will it always trigger
the trap with musl libc.

This is becase stdlib.h will pull in features.h which will set
_GNU_SOURCE. This means that the fortify stdlib.h will not include
limits.h but it will still trigger the fortified realpath(), but without

We fix this by including system stdlib.h before testing if limits.h
should be included.

Since PATH_MAX is known at compile time we can also error at compile
time, instead of compiling a broken realpath().

Minclude/stdlib.h | 6+++---
1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/include/stdlib.h b/include/stdlib.h @@ -1,12 +1,12 @@ #ifndef _FORTIFY_STDLIB_H #define _FORTIFY_STDLIB_H +#include_next <stdlib.h> + #if defined(_XOPEN_SOURCE) || defined(_GNU_SOURCE) || defined(_BSD_SOURCE) #include_next <limits.h> #endif -#include_next <stdlib.h> - #if defined(_FORTIFY_SOURCE) && _FORTIFY_SOURCE > 0 && defined(__OPTIMIZE__) && __OPTIMIZE__ > 0 #ifdef __cplusplus @@ -23,7 +23,7 @@ char *realpath(const char *path, char *resolved) if (resolved) { #ifndef PATH_MAX - __builtin_trap(); +# error PATH_MAX unset. A fortified realpath will not work. #else bos = __builtin_object_size(resolved, 0); if (PATH_MAX > bos)