diff options
author | Martin Sebor <msebor@redhat.com> | 2020-05-04 11:21:50 -0600 |
---|---|---|
committer | Martin Sebor <msebor@redhat.com> | 2020-05-04 11:21:50 -0600 |
commit | 06febd8c6705c816b2f32ee7aa1f4c0184b05248 (patch) | |
tree | 71586b8485abc1c6b220cb6aba340e76286b3087 /libio | |
parent | 38c67888183db1b6ac21f2f9681b8a384987dfe8 (diff) | |
download | glibc-06febd8c6705c816b2f32ee7aa1f4c0184b05248.zip glibc-06febd8c6705c816b2f32ee7aa1f4c0184b05248.tar.gz glibc-06febd8c6705c816b2f32ee7aa1f4c0184b05248.tar.bz2 |
improve out-of-bounds checking with GCC 10 attribute access [BZ #25219]
Adds the access attribute newly introduced in GCC 10 to the subset of
function declarations that are already covered by _FORTIFY_SOURCE and
that don't have corresponding GCC built-in equivalents.
Reviewed-by: DJ Delorie <dj@redhat.com>
Diffstat (limited to 'libio')
-rw-r--r-- | libio/bits/stdio2.h | 25 | ||||
-rw-r--r-- | libio/stdio.h | 5 |
2 files changed, 19 insertions, 11 deletions
diff --git a/libio/bits/stdio2.h b/libio/bits/stdio2.h index 60bc817..ff9202c 100644 --- a/libio/bits/stdio2.h +++ b/libio/bits/stdio2.h @@ -24,10 +24,12 @@ #endif extern int __sprintf_chk (char *__restrict __s, int __flag, size_t __slen, - const char *__restrict __format, ...) __THROW; + const char *__restrict __format, ...) __THROW + __attr_access ((__write_only__, 1, 3)); extern int __vsprintf_chk (char *__restrict __s, int __flag, size_t __slen, const char *__restrict __format, - __gnuc_va_list __ap) __THROW; + __gnuc_va_list __ap) __THROW + __attr_access ((__write_only__, 1, 3)); #ifdef __va_arg_pack __fortify_function int @@ -54,7 +56,8 @@ __NTH (vsprintf (char *__restrict __s, const char *__restrict __fmt, extern int __snprintf_chk (char *__restrict __s, size_t __n, int __flag, size_t __slen, const char *__restrict __format, - ...) __THROW; + ...) __THROW + __attr_access ((__write_only__, 1, 2)); extern int __vsnprintf_chk (char *__restrict __s, size_t __n, int __flag, size_t __slen, const char *__restrict __format, __gnuc_va_list __ap) __THROW; @@ -241,17 +244,19 @@ gets (char *__str) #endif extern char *__fgets_chk (char *__restrict __s, size_t __size, int __n, - FILE *__restrict __stream) __wur; + FILE *__restrict __stream) + __wur __attr_access ((__write_only__, 1, 3)); extern char *__REDIRECT (__fgets_alias, (char *__restrict __s, int __n, - FILE *__restrict __stream), fgets) __wur; + FILE *__restrict __stream), fgets) + __wur __attr_access ((__write_only__, 1, 2)); extern char *__REDIRECT (__fgets_chk_warn, (char *__restrict __s, size_t __size, int __n, FILE *__restrict __stream), __fgets_chk) __wur __warnattr ("fgets called with bigger size than length " "of destination buffer"); -__fortify_function __wur char * +__fortify_function __wur __attr_access ((__write_only__, 1, 2)) char * fgets (char *__restrict __s, int __n, FILE *__restrict __stream) { if (__bos (__s) != (size_t) -1) @@ -299,17 +304,19 @@ fread (void *__restrict __ptr, size_t __size, size_t __n, #ifdef __USE_GNU extern char *__fgets_unlocked_chk (char *__restrict __s, size_t __size, - int __n, FILE *__restrict __stream) __wur; + int __n, FILE *__restrict __stream) + __wur __attr_access ((__write_only__, 1, 3)); extern char *__REDIRECT (__fgets_unlocked_alias, (char *__restrict __s, int __n, - FILE *__restrict __stream), fgets_unlocked) __wur; + FILE *__restrict __stream), fgets_unlocked) + __wur __attr_access ((__write_only__, 1, 2)); extern char *__REDIRECT (__fgets_unlocked_chk_warn, (char *__restrict __s, size_t __size, int __n, FILE *__restrict __stream), __fgets_unlocked_chk) __wur __warnattr ("fgets_unlocked called with bigger size than length " "of destination buffer"); -__fortify_function __wur char * +__fortify_function __wur __attr_access ((__write_only__, 1, 2)) char * fgets_unlocked (char *__restrict __s, int __n, FILE *__restrict __stream) { if (__bos (__s) != (size_t) -1) diff --git a/libio/stdio.h b/libio/stdio.h index 21ef36a..07f2d9a 100644 --- a/libio/stdio.h +++ b/libio/stdio.h @@ -566,7 +566,7 @@ extern int putw (int __w, FILE *__stream); This function is a possible cancellation point and therefore not marked with __THROW. */ extern char *fgets (char *__restrict __s, int __n, FILE *__restrict __stream) - __wur; + __wur __attr_access ((__write_only__, 1, 2)); #if __GLIBC_USE (DEPRECATED_GETS) /* Get a newline-terminated string from stdin, removing the newline. @@ -589,7 +589,8 @@ extern char *gets (char *__s) __wur __attribute_deprecated__; or due to the implementation it is a cancellation point and therefore not marked with __THROW. */ extern char *fgets_unlocked (char *__restrict __s, int __n, - FILE *__restrict __stream) __wur; + FILE *__restrict __stream) __wur + __attr_access ((__write_only__, 1, 2)); #endif |