aboutsummaryrefslogtreecommitdiff
path: root/libio
diff options
context:
space:
mode:
authorMartin Sebor <msebor@redhat.com>2020-05-04 11:21:50 -0600
committerMartin Sebor <msebor@redhat.com>2020-05-04 11:21:50 -0600
commit06febd8c6705c816b2f32ee7aa1f4c0184b05248 (patch)
tree71586b8485abc1c6b220cb6aba340e76286b3087 /libio
parent38c67888183db1b6ac21f2f9681b8a384987dfe8 (diff)
downloadglibc-06febd8c6705c816b2f32ee7aa1f4c0184b05248.zip
glibc-06febd8c6705c816b2f32ee7aa1f4c0184b05248.tar.gz
glibc-06febd8c6705c816b2f32ee7aa1f4c0184b05248.tar.bz2
improve out-of-bounds checking with GCC 10 attribute access [BZ #25219]
Adds the access attribute newly introduced in GCC 10 to the subset of function declarations that are already covered by _FORTIFY_SOURCE and that don't have corresponding GCC built-in equivalents. Reviewed-by: DJ Delorie <dj@redhat.com>
Diffstat (limited to 'libio')
-rw-r--r--libio/bits/stdio2.h25
-rw-r--r--libio/stdio.h5
2 files changed, 19 insertions, 11 deletions
diff --git a/libio/bits/stdio2.h b/libio/bits/stdio2.h
index 60bc817..ff9202c 100644
--- a/libio/bits/stdio2.h
+++ b/libio/bits/stdio2.h
@@ -24,10 +24,12 @@
#endif
extern int __sprintf_chk (char *__restrict __s, int __flag, size_t __slen,
- const char *__restrict __format, ...) __THROW;
+ const char *__restrict __format, ...) __THROW
+ __attr_access ((__write_only__, 1, 3));
extern int __vsprintf_chk (char *__restrict __s, int __flag, size_t __slen,
const char *__restrict __format,
- __gnuc_va_list __ap) __THROW;
+ __gnuc_va_list __ap) __THROW
+ __attr_access ((__write_only__, 1, 3));
#ifdef __va_arg_pack
__fortify_function int
@@ -54,7 +56,8 @@ __NTH (vsprintf (char *__restrict __s, const char *__restrict __fmt,
extern int __snprintf_chk (char *__restrict __s, size_t __n, int __flag,
size_t __slen, const char *__restrict __format,
- ...) __THROW;
+ ...) __THROW
+ __attr_access ((__write_only__, 1, 2));
extern int __vsnprintf_chk (char *__restrict __s, size_t __n, int __flag,
size_t __slen, const char *__restrict __format,
__gnuc_va_list __ap) __THROW;
@@ -241,17 +244,19 @@ gets (char *__str)
#endif
extern char *__fgets_chk (char *__restrict __s, size_t __size, int __n,
- FILE *__restrict __stream) __wur;
+ FILE *__restrict __stream)
+ __wur __attr_access ((__write_only__, 1, 3));
extern char *__REDIRECT (__fgets_alias,
(char *__restrict __s, int __n,
- FILE *__restrict __stream), fgets) __wur;
+ FILE *__restrict __stream), fgets)
+ __wur __attr_access ((__write_only__, 1, 2));
extern char *__REDIRECT (__fgets_chk_warn,
(char *__restrict __s, size_t __size, int __n,
FILE *__restrict __stream), __fgets_chk)
__wur __warnattr ("fgets called with bigger size than length "
"of destination buffer");
-__fortify_function __wur char *
+__fortify_function __wur __attr_access ((__write_only__, 1, 2)) char *
fgets (char *__restrict __s, int __n, FILE *__restrict __stream)
{
if (__bos (__s) != (size_t) -1)
@@ -299,17 +304,19 @@ fread (void *__restrict __ptr, size_t __size, size_t __n,
#ifdef __USE_GNU
extern char *__fgets_unlocked_chk (char *__restrict __s, size_t __size,
- int __n, FILE *__restrict __stream) __wur;
+ int __n, FILE *__restrict __stream)
+ __wur __attr_access ((__write_only__, 1, 3));
extern char *__REDIRECT (__fgets_unlocked_alias,
(char *__restrict __s, int __n,
- FILE *__restrict __stream), fgets_unlocked) __wur;
+ FILE *__restrict __stream), fgets_unlocked)
+ __wur __attr_access ((__write_only__, 1, 2));
extern char *__REDIRECT (__fgets_unlocked_chk_warn,
(char *__restrict __s, size_t __size, int __n,
FILE *__restrict __stream), __fgets_unlocked_chk)
__wur __warnattr ("fgets_unlocked called with bigger size than length "
"of destination buffer");
-__fortify_function __wur char *
+__fortify_function __wur __attr_access ((__write_only__, 1, 2)) char *
fgets_unlocked (char *__restrict __s, int __n, FILE *__restrict __stream)
{
if (__bos (__s) != (size_t) -1)
diff --git a/libio/stdio.h b/libio/stdio.h
index 21ef36a..07f2d9a 100644
--- a/libio/stdio.h
+++ b/libio/stdio.h
@@ -566,7 +566,7 @@ extern int putw (int __w, FILE *__stream);
This function is a possible cancellation point and therefore not
marked with __THROW. */
extern char *fgets (char *__restrict __s, int __n, FILE *__restrict __stream)
- __wur;
+ __wur __attr_access ((__write_only__, 1, 2));
#if __GLIBC_USE (DEPRECATED_GETS)
/* Get a newline-terminated string from stdin, removing the newline.
@@ -589,7 +589,8 @@ extern char *gets (char *__s) __wur __attribute_deprecated__;
or due to the implementation it is a cancellation point and
therefore not marked with __THROW. */
extern char *fgets_unlocked (char *__restrict __s, int __n,
- FILE *__restrict __stream) __wur;
+ FILE *__restrict __stream) __wur
+ __attr_access ((__write_only__, 1, 2));
#endif