commit b2c20e6c16278fe556ce4c4ff7d3b146b3a8f009
parent b9bd9400d2a6a4484ef92d708f363b9e8d0e3cb7
Author: jvoisin <julien.voisin@dustri.org>
Date: Mon, 11 Sep 2023 20:23:12 +0200
Factorize overlap checks into a macro
Diffstat:
2 files changed, 14 insertions(+), 20 deletions(-)
diff --git a/include/fortify-headers.h b/include/fortify-headers.h
@@ -123,6 +123,15 @@
#endif /* __has_attribute */
+//TODO(jvoisin) Add a check for overflows
+/* check if pointers are overlapping but not if dst == src,
+ * since gcc seems to like to generate code that relies on dst == src */
+#define __fh_overlap(a, b, l) \
+ ( \
+ ((a) < (b) && (b) < (a) + (size_t)(l)) \
+ || ((b) < (a) && (a) < (b) + (size_t)(l)) \
+ )
+
/*
* We're not making use of C23's <stdckdint.h> since:
* - there is no elegant way to make it ignore the results.
diff --git a/include/string.h b/include/string.h
@@ -49,10 +49,7 @@ _FORTIFY_FN(memcpy) void *memcpy(void * _FORTIFY_POS0 __od,
char *__d = (char *)__od;
const char *__s = (const char *)__os;
- /* trap if pointers are overlapping but not if dst == src.
- * gcc seems to like to generate code that relies on dst == src */
- if ((__d < __s && __d + __n > __s) ||
- (__s < __d && __s + __n > __d))
+ if __fh_overlap(__d, __s, __n)
__builtin_trap();
if (__n > __bd || __n > __bs)
__builtin_trap();
@@ -131,10 +128,7 @@ _FORTIFY_FN(stpcpy) char *stpcpy(char * _FORTIFY_POS0 __d, const char *__s)
{
size_t __n = strlen(__s) + 1;
- /* trap if pointers are overlapping but not if dst == src.
- * gcc seems to like to generate code that relies on dst == src */
- if ((__d < __s && __d + __n > __s) ||
- (__s < __d && __s + __n > __d))
+ if (__fh_overlap(__d, __s, __n))
__builtin_trap();
size_t __b = __bos(__d, 0);
@@ -150,10 +144,7 @@ __diagnose_as_builtin(__builtin_stpncpy, 1, 2, 3)
_FORTIFY_FN(stpncpy) char *stpncpy(char * _FORTIFY_POS0 __d, const char *__s,
size_t __n)
{
- /* trap if pointers are overlapping but not if dst == src.
- * gcc seems to like to generate code that relies on dst == src */
- if ((__d < __s && __d + __n > __s) ||
- (__s < __d && __s + __n > __d))
+ if (__fh_overlap(__d, __s, __n))
__builtin_trap();
size_t __b = __bos(__d, 0);
@@ -182,10 +173,7 @@ _FORTIFY_FN(strcpy) char *strcpy(char * _FORTIFY_POS0 __d, const char *__s)
{
size_t __n = strlen(__s) + 1;
- /* trap if pointers are overlapping but not if dst == src.
- * gcc seems to like to generate code that relies on dst == src */
- if ((__d < __s && __d + __n > __s) ||
- (__s < __d && __s + __n > __d))
+ if (__fh_overlap(__d, __s, __n))
__builtin_trap();
size_t __b = __bos(__d, 0);
@@ -219,10 +207,7 @@ __diagnose_as_builtin(__builtin_strncpy, 1, 2, 3)
_FORTIFY_FN(strncpy) char *strncpy(char * _FORTIFY_POS0 __d,
const char *__s, size_t __n)
{
- /* trap if pointers are overlapping but not if dst == src.
- * gcc seems to like to generate code that relies on dst == src */
- if ((__d < __s && __d + __n > __s) ||
- (__s < __d && __s + __n > __d))
+ if (__fh_overlap(__d, __s, __n))
__builtin_trap();
size_t __b = __bos(__d, 0);
