fortify-headers

standalone fortify-source implementation
git clone git://git.2f30.org/fortify-headers
Log | Files | Refs | README | LICENSE
commit f2e7f24daaa43c0927130b6ed02c3ed17689b3ca
parent 114b563adc2b942bc5abd4c5820507076d453f64
Author: jvoisin <julien.voisin@dustri.org>
Date:   Fri,  6 Sep 2024 13:36:15 +0200

Work around a gcc warning

It seems that annotating sprintf with `write` makes gcc unhappy, as its
analyser is unable to understand that we're checking if `__b != -1` before
calling `__orig_snprintf`, so let's comment this annotation for now.

Diffstat:

Minclude/stdio.h | 14+++++++-------


Mtests/Makefile | 2++


Atests/test_sprintf.c | 8++++++++


Atests/test_sprintf_62.c | 21+++++++++++++++++++++


4 files changed, 38 insertions(+), 7 deletions(-)

diff --git a/include/stdio.h b/include/stdio.h
@@ -286,7 +286,7 @@ _FORTIFY_FN(snprintf) int snprintf(char *__s, size_t __n,
 }
 
 __fh_format(printf, 2, 3)
-__fh_access(write_only, 1)
+//__fh_access(write_only, 1)
 __fh_access(read_only, 2)
 _FORTIFY_FN(sprintf) int sprintf(char *__s, const char *__f, ...)
 {
@@ -296,13 +296,13 @@ _FORTIFY_FN(sprintf) int sprintf(char *__s, const char *__f, ...)
 	__fh_size_t __b = __fh_bos(__s, 0);
 	int __r;
 
-	if (__b != (__fh_size_t)-1) {
-		__r = __orig_snprintf(__s, __b, __f, __builtin_va_arg_pack());
-		if (__r != -1 && (__fh_size_t)__r >= __b)
-			__builtin_trap();
-	} else {
-		__r = __orig_sprintf(__s, __f, __builtin_va_arg_pack());
+	if (__b == (__fh_size_t)-1) {
+		return __orig_sprintf(__s, __f, __builtin_va_arg_pack());
 	}
+
+	__r = __orig_snprintf(__s, __b, __f, __builtin_va_arg_pack());
+	if (__r != -1 && (__fh_size_t)__r >= __b)
+		__builtin_trap();
 	return __r;
 #endif
 }
diff --git a/tests/Makefile b/tests/Makefile
@@ -96,6 +96,8 @@ RUNTIME_TARGETS= \
 	test_send_static             \
 	test_sendto_dynamic          \
 	test_sendto_static           \
+	test_sprintf                 \
+	test_sprintf_62              \
 	test_stpcpy_dynamic_write    \
 	test_stpcpy_overwrite_over   \
 	test_stpcpy_overwrite_under  \
diff --git a/tests/test_sprintf.c b/tests/test_sprintf.c
@@ -0,0 +1,8 @@
+#include "common.h"
+
+#include <stdio.h>
+
+int main(int argc, char** argv) {
+  char buffer[12] = {0};
+  sprintf(buffer, "%s", "1234567");
+}
diff --git a/tests/test_sprintf_62.c b/tests/test_sprintf_62.c
@@ -0,0 +1,21 @@
+#include "common.h"
+
+#include <stdio.h>
+
+static char *offstr(char *str)
+{
+	int len = 0;
+
+	len = sprintf(str, "%s+0x%lx", "foo", (long unsigned int)0);
+	sprintf(str+len, " (%s+0x%lx)","bar", (long unsigned int)0);
+	if (len < 0)
+		return NULL;
+	return str;
+}
+
+int main() {
+	char buf[100];
+	char *c = offstr(buf);
+	printf("%s\n", c);
+	return 0;
+}