fortify-headers

commit 9638684324f7fa849a2ba07c48d579a4fdeb7fac
parent 3cadb40cbec944222b1fcb8d96c4437fe9327a2c
Author: jvoisin <julien.voisin@dustri.org>
Date:   Fri, 31 Oct 2025 21:41:44 +0100

Refresh the readme

Diffstat:
D
README
 | 
110
-------------------------------------------------------------------------------
A
README.md
 | 
112
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

2 files changed, 112 insertions(+), 110 deletions(-)
diff --git a/README b/README
@@ -1,110 +0,0 @@
-What is it?
-===========
-
-This is a standalone implementation of fortify source[0].  It provides
-compile time buffer checks.  It is libc-agnostic and simply overlays the
-system headers by using the #include_next extension found in GCC.  It was
-initially intended to be used on musl[1] based Linux distributions[2].
-
-
-Features
-========
-
-- It is portable, works on *BSD, Linux, Solaris and possibly others.
-- It will only trap non-conformant programs.  This means that fortify
-  level 2 is treated in the same way as level 1.
-- Avoids making function calls when undefined behaviour has already been
-  invoked.  This is handled by using __builtin_trap().
-- Support for out-of-bounds read interfaces, such as send(), write(),
-  fwrite() etc.
-- No ABI is enforced.  All of the fortify check functions are inlined
-  into the resulting binary.
-
-
-Sample usage
-============
-
-If you want to quickly test it, you can try something like the following:
-
-cat > fgets.c <<EOF
-#include <stdio.h>
-int
-main(void)
-{
-	char buf[BUFSIZ];
-	fgets(buf, sizeof(buf) + 1, stdin);
-	return 0;
-}
-EOF
-cc -I<path-to-fortify-include-dir> -D_FORTIFY_SOURCE=1 -O1 fgets.c
-./a.out
-
-At this point, the program will safely crash.
-
-
-Supported interfaces
-====================
-
-FD_CLR
-FD_SET
-bcopy
-bzero
-confstr
-fgets
-fgetws
-fread
-fwrite
-getcwd
-getdomainname
-getgroups
-gethostname
-getlogin_r
-mbsnrtowcs
-mbsrtowcs
-mbstowcs
-memcpy
-memmove
-mempcpy
-memset
-poll
-ppoll
-pread
-read
-readlink
-readlinkat
-realpath
-recv
-recvfrom
-send
-sendto
-snprintf
-sprintf
-stpcpy
-stpncpy
-strcat
-strcpy
-strlcat
-strlcpy
-strncat
-strncpy
-ttyname_r
-vsnprintf
-vsprintf
-wcrtomb
-wcscat
-wcscpy
-wcsncat
-wcsncpy
-wcsnrtombs
-wcsrtombs
-wcstombs
-wctomb
-wmemcpy
-wmemmove
-wmemset
-write
-
-
-[0] http://gcc.gnu.org/ml/gcc-patches/2004-09/msg02055.html
-[1] http://www.musl-libc.org/
-[2] http://git.alpinelinux.org/cgit/aports/commit/?id=067a4f28825478911bb62be3b8da758d9722753e
diff --git a/README.md b/README.md
@@ -0,0 +1,112 @@
+# What is it?
+
+This is a [standalone implementation](https://git.2f30.org/fortify-headers/) of
+[fortify source]( http://gcc.gnu.org/ml/gcc-patches/2004-09/msg02055.html )
+level 3, providing compile time security checks. It is libc-agnostic and simply
+overlays the system headers by using the
+[`#include_next`](https://gcc.gnu.org/onlinedocs/cpp/Wrapper-Headers.html)
+extension found in GCC, and [black
+magic](https://github.com/jvoisin/fortify-headers/commit/fe149628eaae9748be08815d726cc56e8e492c73)
+on Clang. It was initially intended to be used on
+[musl](http://www.musl-libc.org/) based Linux
+distributions like [Alpine Linux](https://alpinelinux.org),
+[Chimera Linux](https://chimera-linux.org/).
+
+
+# Features
+
+- It is portable, works on *BSD, Linux, Solaris and possibly others.
+- It will only trap non-conformant programs. This means that fortify
+  level 2 is treated in the same way as level 1.
+- Avoids making function calls when undefined behaviour has already been
+  invoked. This is handled by using `__builtin_trap()`.
+- Support for out-of-bounds read interfaces, such as send(), write(), fwrite() etc.
+- No ABI is enforced. All of the fortify check functions are inlined
+  into the resulting binary.
+- It has a comprehensive suite of
+  tests, running on multiple versions of Clang and GCC,
+  as well as on C89, C99, C11 and C17.
+
+
+# Sample usage
+
+If you want to quickly test it, you can try something like the following:
+
+```
+cat > fgets.c <<EOF
+#include <stdio.h>
+int
+main(void)
+{
+	char buf[BUFSIZ];
+	fgets(buf, sizeof(buf) + 1, stdin);
+	return 0;
+}
+EOF
+cc -I<path-to-fortify-include-dir> -D_FORTIFY_SOURCE=3 -O1 fgets.c
+./a.out
+```
+
+At this point, the program will safely crash.
+
+
+Supported interfaces
+====================
+
+FD_CLR
+FD_SET
+bcopy
+bzero
+confstr
+fgets
+fgetws
+fread
+fwrite
+getcwd
+getdomainname
+getgroups
+gethostname
+getlogin_r
+mbsnrtowcs
+mbsrtowcs
+mbstowcs
+memcpy
+memmove
+mempcpy
+memset
+poll
+ppoll
+pread
+read
+readlink
+readlinkat
+realpath
+recv
+recvfrom
+send
+sendto
+snprintf
+sprintf
+stpcpy
+stpncpy
+strcat
+strcpy
+strlcat
+strlcpy
+strncat
+strncpy
+ttyname_r
+vsnprintf
+vsprintf
+wcrtomb
+wcscat
+wcscpy
+wcsncat
+wcsncpy
+wcsnrtombs
+wcsrtombs
+wcstombs
+wmemcpy
+wmemmove
+wmemset
+write