fortify-headers

standalone fortify-source implementation
git clone git://git.2f30.org/fortify-headers
Log | Files | Refs | README | LICENSE
commit 70bbb621b5bad33b03053264abc6deb0c6c5525e
parent e182dd0138d8040c44481a48277cab4098ccca0a
Author: jvoisin <julien.voisin@dustri.org>
Date:   Sun, 20 Aug 2023 18:25:12 +0200

Refresh a bit the README

Diffstat:

DREADME | 110-------------------------------------------------------------------------------


AREADME.md | 115+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


2 files changed, 115 insertions(+), 110 deletions(-)

diff --git a/README b/README
@@ -1,110 +0,0 @@
-What is it?
-===========
-
-This is a standalone implementation of fortify source[0].  It provides
-compile time buffer checks.  It is libc-agnostic and simply overlays the
-system headers by using the #include_next extension found in GCC.  It was
-initially intended to be used on musl[1] based Linux distributions[2].
-
-
-Features
-========
-
-- It is portable, works on *BSD, Linux, Solaris and possibly others.
-- It will only trap non-conformant programs.  This means that fortify
-  level 2 is treated in the same way as level 1.
-- Avoids making function calls when undefined behaviour has already been
-  invoked.  This is handled by using __builtin_trap().
-- Support for out-of-bounds read interfaces, such as send(), write(),
-  fwrite() etc.
-- No ABI is enforced.  All of the fortify check functions are inlined
-  into the resulting binary.
-
-
-Sample usage
-============
-
-If you want to quickly test it, you can try something like the following:
-
-cat > fgets.c <<EOF
-#include <stdio.h>
-int
-main(void)
-{
-	char buf[BUFSIZ];
-	fgets(buf, sizeof(buf) + 1, stdin);
-	return 0;
-}
-EOF
-cc -I<path-to-fortify-include-dir> -D_FORTIFY_SOURCE=1 -O1 fgets.c
-./a.out
-
-At this point, the program will safely crash.
-
-
-Supported interfaces
-====================
-
-FD_CLR
-FD_SET
-bcopy
-bzero
-confstr
-fgets
-fgetws
-fread
-fwrite
-getcwd
-getdomainname
-getgroups
-gethostname
-getlogin_r
-mbsnrtowcs
-mbsrtowcs
-mbstowcs
-memcpy
-memmove
-mempcpy
-memset
-poll
-ppoll
-pread
-read
-readlink
-readlinkat
-realpath
-recv
-recvfrom
-send
-sendto
-snprintf
-sprintf
-stpcpy
-stpncpy
-strcat
-strcpy
-strlcat
-strlcpy
-strncat
-strncpy
-ttyname_r
-vsnprintf
-vsprintf
-wcrtomb
-wcscat
-wcscpy
-wcsncat
-wcsncpy
-wcsnrtombs
-wcsrtombs
-wcstombs
-wctomb
-wmemcpy
-wmemmove
-wmemset
-write
-
-
-[0] http://gcc.gnu.org/ml/gcc-patches/2004-09/msg02055.html
-[1] http://www.musl-libc.org/
-[2] http://git.alpinelinux.org/cgit/aports/commit/?id=067a4f28825478911bb62be3b8da758d9722753e
diff --git a/README.md b/README.md
@@ -0,0 +1,115 @@
+# What is it?
+
+This is a standalone implementation of
+[fortify source]( http://gcc.gnu.org/ml/gcc-patches/2004-09/msg02055.html )
+based on [the one](https://git.2f30.org/fortify-headers/) from
+[sin](https://u.2f30.org/sin/). It provides compile time buffer checks.
+It is libc-agnostic and simply overlays the system headers by using the
+[`#include_next`](https://gcc.gnu.org/onlinedocs/cpp/Wrapper-Headers.html)
+extension found in GCC, and
+[black magic](https://github.com/jvoisin/fortify-headers/commit/fe149628eaae9748be08815d726cc56e8e492c73)
+on Clang. It was initially intended to be used on
+[musl](http://www.musl-libc.org/) based
+[Linux distributions](https://git.alpinelinux.org/aports/commit/?id=067a4f28825478911bb62be3b8da758d9722753e).
+
+
+# Features
+
+- It is portable, works on *BSD, Linux, Solaris and possibly others.
+- It will only trap non-conformant programs.  This means that fortify
+  level 2 is treated in the same way as level 1.
+- Avoids making function calls when undefined behaviour has already been
+  invoked.  This is handled by using `__builtin_trap()`.
+- Support for out-of-bounds read interfaces, such as send(), write(),
+  fwrite() etc.
+- No ABI is enforced.  All of the fortify check functions are inlined
+  into the resulting binary.
+- It has a [comprehensive suite of tests](https://github.com/jvoisin/fortify-headers/tree/master/tests),
+  running both on Clang and on GCC for every commit, with
+  [significant coverage](https://jvoisin.github.io/fortify-headers/)
+
+
+# Sample usage
+
+If you want to quickly test it, you can try something like the following:
+
+```
+cat > fgets.c <<EOF
+#include <stdio.h>
+int
+main(void)
+{
+	char buf[BUFSIZ];
+	fgets(buf, sizeof(buf) + 1, stdin);
+	return 0;
+}
+EOF
+cc -I<path-to-fortify-include-dir> -D_FORTIFY_SOURCE=1 -O1 fgets.c
+./a.out
+```
+
+At this point, the program will safely crash.
+
+
+# Supported interfaces
+
+- `FD_CLR`
+- `FD_SET`
+- `bcopy`
+- `bzero`
+- `confstr`
+- `fgets`
+- `fgetws`
+- `fread`
+- `fwrite`
+- `getcwd`
+- `getdomainname`
+- `getgroups`
+- `gethostname`
+- `getlogin_r`
+- `mbsnrtowcs`
+- `mbsrtowcs`
+- `mbstowcs`
+- `memcpy`
+- `memmove`
+- `mempcpy`
+- `memset`
+- `poll`
+- `ppoll`
+- `pread`
+- `read`
+- `readlink`
+- `readlinkat`
+- `realpath`
+- `recv`
+- `recvfrom`
+- `send`
+- `sendto`
+- `snprintf`
+- `sprintf`
+- `stpcpy`
+- `stpncpy`
+- `strcat`
+- `strchr`
+- `strcpy`
+- `strlcat`
+- `strlcpy`
+- `strncat`
+- `strncpy`
+- `strrchr`
+- `ttyname_r`
+- `vsnprintf`
+- `vsprintf`
+- `wcrtomb`
+- `wcscat`
+- `wcscpy`
+- `wcsncat`
+- `wcsncpy`
+- `wcsnrtombs`
+- `wcsrtombs`
+- `wcstombs`
+- `wctomb`
+- `wmemcpy`
+- `wmemmove`
+- `wmemset`
+- `write`