fortify-headers

standalone fortify-source implementation
git clone git://git.2f30.org/fortify-headers
Log | Files | Refs | README | LICENSE
commit a817e1555a755224cacc1cbdeeaefb6a1de606f0
parent 265fa03fa0c467c9c41d803ebe2a538e758cba20
Author: jvoisin <julien.voisin@dustri.org>
Date:   Wed, 24 Apr 2024 17:09:08 +0200

Fix some overlap mismatch

This was caught by the following test:

```

int main(void) {
    char c[32];
    memcpy(c, c + 16, 16);
}
```

Reported-by: q66

Diffstat:

Minclude/fortify-headers.h | 4++--


Minclude/string.h | 8+++-----


Mtests/Makefile | 1+


Atests/test_issue57.c | 11+++++++++++


4 files changed, 17 insertions(+), 7 deletions(-)

diff --git a/include/fortify-headers.h b/include/fortify-headers.h
@@ -141,8 +141,8 @@
  * since gcc seems to like to generate code that relies on dst == src */
 #define __fh_overlap(a, len_a, b, len_b) \
 	( \
-		((a) < (b) && (b) < (a) + (__fh_size_t)(len_a)) \
-	     || ((b) < (a) && (a) < (b) + (__fh_size_t)(len_b)) \
+		((a) < (b) && (b) < ((a) + (__fh_size_t)(len_a))) \
+	     || ((b) < (a) && (a) < ((b) + (__fh_size_t)(len_b))) \
         )
 
 /*
diff --git a/include/string.h b/include/string.h
@@ -58,10 +58,8 @@ __error_if((__fh_bos(__od, 0) < __n), "'memcpy' called with `n` bigger than the 
 
 	__fh_size_t __bd = __fh_bos(__od, 0);
 	__fh_size_t __bs = __fh_bos(__os, 0);
-	char *__d = (char *)__od;
-	const char *__s = (const char *)__os;
 
-	if __fh_overlap(__d, __bd, __s, __n)
+	if __fh_overlap(__od, __n, __os, __n)
 		__builtin_trap();
 	if (__n > __bd || __n > __bs)
 		__builtin_trap();
@@ -189,7 +187,7 @@ _FORTIFY_FN(stpcpy) char *stpcpy(char * _FORTIFY_POS0 __d, const char *__s)
 	__fh_size_t __n = strlen(__s) + 1;
 	__fh_size_t __b = __fh_bos(__d, 0);
 
-	if (__fh_overlap(__d, __b, __s, __n))
+	if (__fh_overlap(__d, __n, __s, __n))
 		__builtin_trap();
 
 	if (__n > __b)
@@ -257,7 +255,7 @@ _FORTIFY_FN(strcpy) char *strcpy(char * _FORTIFY_POS0 __d, const char *__s)
 	__fh_size_t __n = strlen(__s) + 1;
 	__fh_size_t __b = __fh_bos(__d, 0);
 
-	if (__fh_overlap(__d, __b, __s, __n))
+	if (__fh_overlap(__d, __n, __s, __n))
 		__builtin_trap();
 
 	if (__n > __b)
diff --git a/tests/Makefile b/tests/Makefile
@@ -42,6 +42,7 @@ RUNTIME_TARGETS= \
 	test_gethostname_static      \
 	test_getlogin_r_dynamic      \
 	test_getlogin_r_static       \
+	test_issue57                 \
 	test_mbsrtowcs_dynamic       \
 	test_mbsrtowcs_static        \
 	test_mbstowcs_dynamic        \
diff --git a/tests/test_issue57.c b/tests/test_issue57.c
@@ -0,0 +1,11 @@
+#include "common.h"
+
+#include <string.h>
+
+int main(int argc, char** argv) {
+  char buffer[32];
+  memcpy(buffer , buffer + 16, 16);
+  puts(buffer);
+
+  return ret;
+}