Merge pull request #967 from stilor/fix-building-older-glibc

Fix building older glibc
This commit is contained in:
Alexey Neyman 2018-05-15 16:41:28 -07:00 committed by GitHub
commit d274ab06fe
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
88 changed files with 4259 additions and 31 deletions

View File

@ -320,4 +320,16 @@ config GLIBC_MIN_KERNEL
default LINUX_VERSION if GLIBC_KERNEL_VERSION_AS_HEADERS default LINUX_VERSION if GLIBC_KERNEL_VERSION_AS_HEADERS
default GLIBC_MIN_KERNEL_VERSION if GLIBC_KERNEL_VERSION_CHOSEN default GLIBC_MIN_KERNEL_VERSION if GLIBC_KERNEL_VERSION_CHOSEN
# All supported versions of glibc build cleanly with GCC7 and earlier.
# GCC8-related fixes were only available in glibc 2.27.
config GLIBC_ENABLE_WERROR
bool "Enable -Werror during the build"
default y if GCC_7_or_older
default y if GCC_8_or_later && GLIBC_2_27_or_later
help
By default, glibc enables strict warning checks during the build.
However, older version of glibc may not build with newer versions
of the compiler than there were available at the time of a glibc
release (because newer compilers typically have better diagnostics).
endif # KERNEL_LINUX endif # KERNEL_LINUX

View File

@ -0,0 +1,73 @@
commit e4043b84c49e1cf9bcf1e8320233343ecc34f8eb
Author: Joseph Myers <joseph@codesourcery.com>
Date: Tue Jun 27 17:12:13 2017 +0000
Fix strftime build with GCC 8.
Building with current GCC mainline fails with:
strftime_l.c: In function '__strftime_internal':
strftime_l.c:719:4: error: macro expands to multiple statements [-Werror=multistatement-macros]
digits = d > width ? d : width; \
^
strftime_l.c:1260:6: note: in expansion of macro 'DO_NUMBER'
DO_NUMBER (1, tp->tm_year + TM_YEAR_BASE);
^~~~~~~~~
strftime_l.c:1259:4: note: some parts of macro expansion are not guarded by this 'else' clause
else
^~~~
In fact this particular instance is harmless; the code looks like:
if (modifier == L_('O'))
goto bad_format;
else
DO_NUMBER (1, tp->tm_year + TM_YEAR_BASE);
and because of the goto, it doesn't matter that part of the expansion
isn't under the "else" conditional. But it's also clearly bad style
to rely on that. This patch changes DO_NUMBER and DO_NUMBER_SPACEPAD
to use do { } while (0) to avoid such problems.
Tested (full testsuite) for x86_64 (GCC 6), and with
build-many-glibcs.py with GCC mainline, in conjunction with my libgcc
patch <https://gcc.gnu.org/ml/gcc-patches/2017-06/msg02032.html>.
* time/strftime_l.c (DO_NUMBER): Define using do { } while (0).
(DO_NUMBER_SPACEPAD): Likewise.
---
time/strftime_l.c | 22 ++++++++++++++++------
1 file changed, 16 insertions(+), 6 deletions(-)
--- a/time/strftime_l.c
+++ b/time/strftime_l.c
@@ -738,12 +738,22 @@
format_char = *f;
switch (format_char)
{
-#define DO_NUMBER(d, v) \
- digits = d > width ? d : width; \
- number_value = v; goto do_number
-#define DO_NUMBER_SPACEPAD(d, v) \
- digits = d > width ? d : width; \
- number_value = v; goto do_number_spacepad
+#define DO_NUMBER(d, v) \
+ do \
+ { \
+ digits = d > width ? d : width; \
+ number_value = v; \
+ goto do_number; \
+ } \
+ while (0)
+#define DO_NUMBER_SPACEPAD(d, v) \
+ do \
+ { \
+ digits = d > width ? d : width; \
+ number_value = v; \
+ goto do_number_spacepad; \
+ } \
+ while (0)
case L_('%'):
if (modifier != 0)

View File

@ -0,0 +1,29 @@
commit 2180fee114b778515b3f560e5ff1e795282e60b0
Author: Steve Ellcey <sellcey@caviumnetworks.com>
Date: Wed Nov 15 08:58:48 2017 -0800
Check length of ifname before copying it into to ifreq structure.
[BZ #22442]
* sysdeps/unix/sysv/linux/if_index.c (__if_nametoindex):
Check if ifname is too long.
---
sysdeps/unix/sysv/linux/if_index.c | 6 ++++++
1 file changed, 6 insertions(+)
--- a/sysdeps/unix/sysv/linux/if_index.c
+++ b/sysdeps/unix/sysv/linux/if_index.c
@@ -43,6 +43,12 @@
if (fd < 0)
return 0;
+ if (strlen (ifname) >= IFNAMSIZ)
+ {
+ __set_errno (ENODEV);
+ return 0;
+ }
+
strncpy (ifr.ifr_name, ifname, sizeof (ifr.ifr_name));
if (__ioctl (fd, SIOCGIFINDEX, &ifr) < 0)
{

View File

@ -0,0 +1,80 @@
commit 7532837d7b03b3ca5b9a63d77a5bd81dd23f3d9c
Author: Martin Sebor <msebor@redhat.com>
Date: Wed Nov 15 17:39:59 2017 -0700
The -Wstringop-truncation option new in GCC 8 detects common misuses
of the strncat and strncpy function that may result in truncating
the copied string before the terminating NUL. To avoid false positive
warnings for correct code that intentionally creates sequences of
characters that aren't guaranteed to be NUL-terminated, arrays that
are intended to store such sequences should be decorated with a new
nonstring attribute. This change add this attribute to Glibc and
uses it to suppress such false positives.
ChangeLog:
* misc/sys/cdefs.h (__attribute_nonstring__): New macro.
* sysdeps/gnu/bits/utmp.h (struct utmp): Use it.
* sysdeps/unix/sysv/linux/s390/bits/utmp.h (struct utmp): Same.
---
misc/sys/cdefs.h | 9 +++++++++
sysdeps/gnu/bits/utmp.h | 9 ++++++---
sysdeps/unix/sysv/linux/s390/bits/utmp.h | 9 ++++++---
3 files changed, 21 insertions(+), 6 deletions(-)
--- a/misc/sys/cdefs.h
+++ b/misc/sys/cdefs.h
@@ -393,6 +393,15 @@
# endif
#endif
+#if __GNUC_PREREQ (8, 0)
+/* Describes a char array whose address can safely be passed as the first
+ argument to strncpy and strncat, as the char array is not necessarily
+ a NUL-terminated string. */
+# define __attribute_nonstring__ __attribute__ ((__nonstring__))
+#else
+# define __attribute_nonstring__
+#endif
+
#include <bits/wordsize.h>
#if defined __LONG_DOUBLE_MATH_OPTIONAL && defined __NO_LONG_DOUBLE_MATH
--- a/sysdeps/gnu/bits/utmp.h
+++ b/sysdeps/gnu/bits/utmp.h
@@ -59,10 +59,13 @@
{
short int ut_type; /* Type of login. */
pid_t ut_pid; /* Process ID of login process. */
- char ut_line[UT_LINESIZE]; /* Devicename. */
+ char ut_line[UT_LINESIZE]
+ __attribute_nonstring__; /* Devicename. */
char ut_id[4]; /* Inittab ID. */
- char ut_user[UT_NAMESIZE]; /* Username. */
- char ut_host[UT_HOSTSIZE]; /* Hostname for remote login. */
+ char ut_user[UT_NAMESIZE]
+ __attribute_nonstring__; /* Username. */
+ char ut_host[UT_HOSTSIZE]
+ __attribute_nonstring__; /* Hostname for remote login. */
struct exit_status ut_exit; /* Exit status of a process marked
as DEAD_PROCESS. */
/* The ut_session and ut_tv fields must be the same size when compiled
--- a/sysdeps/unix/sysv/linux/s390/bits/utmp.h
+++ b/sysdeps/unix/sysv/linux/s390/bits/utmp.h
@@ -59,10 +59,13 @@
{
short int ut_type; /* Type of login. */
pid_t ut_pid; /* Process ID of login process. */
- char ut_line[UT_LINESIZE]; /* Devicename. */
+ char ut_line[UT_LINESIZE]
+ __attribute_nonstring__; /* Devicename. */
char ut_id[4]; /* Inittab ID. */
- char ut_user[UT_NAMESIZE]; /* Username. */
- char ut_host[UT_HOSTSIZE]; /* Hostname for remote login. */
+ char ut_user[UT_NAMESIZE]
+ __attribute_nonstring__; /* Username. */
+ char ut_host[UT_HOSTSIZE]
+ __attribute_nonstring__; /* Hostname for remote login. */
struct exit_status ut_exit; /* Exit status of a process marked
as DEAD_PROCESS. */
/* The ut_session and ut_tv fields must be the same size when compiled

View File

@ -0,0 +1,47 @@
commit 4bae615022cb5a5da79ccda83cc6c9ba9f2d479c
Author: Joseph Myers <joseph@codesourcery.com>
Date: Wed Nov 22 18:44:23 2017 +0000
Avoid use of strlen in getlogin_r (bug 22447).
Building glibc with current mainline GCC fails, among other reasons,
because of an error for use of strlen on the nonstring ut_user field.
This patch changes the problem code in getlogin_r to use __strnlen
instead. It also needs to set the trailing NUL byte of the result
explicitly, because of the case where ut_user does not have such a
trailing NUL byte (but the result should always have one).
Tested for x86_64. Also tested that, in conjunction with
<https://sourceware.org/ml/libc-alpha/2017-11/msg00797.html>, it fixes
the build for arm with mainline GCC.
[BZ #22447]
* sysdeps/unix/getlogin_r.c (__getlogin_r): Use __strnlen not
strlen to compute length of ut_user and set trailing NUL byte of
result explicitly.
---
sysdeps/unix/getlogin_r.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
--- a/sysdeps/unix/getlogin_r.c
+++ b/sysdeps/unix/getlogin_r.c
@@ -82,7 +82,7 @@
if (result == 0)
{
- size_t needed = strlen (ut->ut_user) + 1;
+ size_t needed = __strnlen (ut->ut_user, UT_NAMESIZE) + 1;
if (needed > name_len)
{
@@ -91,7 +91,8 @@
}
else
{
- memcpy (name, ut->ut_user, needed);
+ memcpy (name, ut->ut_user, needed - 1);
+ name[needed - 1] = 0;
result = 0;
}
}

View File

@ -0,0 +1,25 @@
commit e69897bf202e18034cbef26f363bae64de70a196
Author: Paul Eggert <eggert@cs.ucla.edu>
Date: Sun Nov 12 22:00:28 2017 -0800
timezone: pacify GCC -Wstringop-truncation
Problem reported by Martin Sebor in:
https://sourceware.org/ml/libc-alpha/2017-11/msg00336.html
* timezone/zic.c (writezone): Use memcpy, not strncpy.
---
timezone/zic.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/timezone/zic.c
+++ b/timezone/zic.c
@@ -1713,7 +1713,7 @@
}
#define DO(field) ((void) fwrite(tzh.field, sizeof tzh.field, 1, fp))
tzh = tzh0;
- (void) strncpy(tzh.tzh_magic, TZ_MAGIC, sizeof tzh.tzh_magic);
+ memcpy(tzh.tzh_magic, TZ_MAGIC, sizeof tzh.tzh_magic);
tzh.tzh_version[0] = version;
convert(thistypecnt, tzh.tzh_ttisgmtcnt);
convert(thistypecnt, tzh.tzh_ttisstdcnt);

View File

@ -0,0 +1,73 @@
commit e4043b84c49e1cf9bcf1e8320233343ecc34f8eb
Author: Joseph Myers <joseph@codesourcery.com>
Date: Tue Jun 27 17:12:13 2017 +0000
Fix strftime build with GCC 8.
Building with current GCC mainline fails with:
strftime_l.c: In function '__strftime_internal':
strftime_l.c:719:4: error: macro expands to multiple statements [-Werror=multistatement-macros]
digits = d > width ? d : width; \
^
strftime_l.c:1260:6: note: in expansion of macro 'DO_NUMBER'
DO_NUMBER (1, tp->tm_year + TM_YEAR_BASE);
^~~~~~~~~
strftime_l.c:1259:4: note: some parts of macro expansion are not guarded by this 'else' clause
else
^~~~
In fact this particular instance is harmless; the code looks like:
if (modifier == L_('O'))
goto bad_format;
else
DO_NUMBER (1, tp->tm_year + TM_YEAR_BASE);
and because of the goto, it doesn't matter that part of the expansion
isn't under the "else" conditional. But it's also clearly bad style
to rely on that. This patch changes DO_NUMBER and DO_NUMBER_SPACEPAD
to use do { } while (0) to avoid such problems.
Tested (full testsuite) for x86_64 (GCC 6), and with
build-many-glibcs.py with GCC mainline, in conjunction with my libgcc
patch <https://gcc.gnu.org/ml/gcc-patches/2017-06/msg02032.html>.
* time/strftime_l.c (DO_NUMBER): Define using do { } while (0).
(DO_NUMBER_SPACEPAD): Likewise.
---
time/strftime_l.c | 22 ++++++++++++++++------
1 file changed, 16 insertions(+), 6 deletions(-)
--- a/time/strftime_l.c
+++ b/time/strftime_l.c
@@ -742,12 +742,22 @@
format_char = *f;
switch (format_char)
{
-#define DO_NUMBER(d, v) \
- digits = d > width ? d : width; \
- number_value = v; goto do_number
-#define DO_NUMBER_SPACEPAD(d, v) \
- digits = d > width ? d : width; \
- number_value = v; goto do_number_spacepad
+#define DO_NUMBER(d, v) \
+ do \
+ { \
+ digits = d > width ? d : width; \
+ number_value = v; \
+ goto do_number; \
+ } \
+ while (0)
+#define DO_NUMBER_SPACEPAD(d, v) \
+ do \
+ { \
+ digits = d > width ? d : width; \
+ number_value = v; \
+ goto do_number_spacepad; \
+ } \
+ while (0)
case L_('%'):
if (modifier != 0)

View File

@ -0,0 +1,29 @@
commit 2180fee114b778515b3f560e5ff1e795282e60b0
Author: Steve Ellcey <sellcey@caviumnetworks.com>
Date: Wed Nov 15 08:58:48 2017 -0800
Check length of ifname before copying it into to ifreq structure.
[BZ #22442]
* sysdeps/unix/sysv/linux/if_index.c (__if_nametoindex):
Check if ifname is too long.
---
sysdeps/unix/sysv/linux/if_index.c | 6 ++++++
1 file changed, 6 insertions(+)
--- a/sysdeps/unix/sysv/linux/if_index.c
+++ b/sysdeps/unix/sysv/linux/if_index.c
@@ -54,6 +54,12 @@
if (fd < 0)
return 0;
+ if (strlen (ifname) >= IFNAMSIZ)
+ {
+ __set_errno (ENODEV);
+ return 0;
+ }
+
strncpy (ifr.ifr_name, ifname, sizeof (ifr.ifr_name));
if (__ioctl (fd, SIOCGIFINDEX, &ifr) < 0)
{

View File

@ -0,0 +1,80 @@
commit 7532837d7b03b3ca5b9a63d77a5bd81dd23f3d9c
Author: Martin Sebor <msebor@redhat.com>
Date: Wed Nov 15 17:39:59 2017 -0700
The -Wstringop-truncation option new in GCC 8 detects common misuses
of the strncat and strncpy function that may result in truncating
the copied string before the terminating NUL. To avoid false positive
warnings for correct code that intentionally creates sequences of
characters that aren't guaranteed to be NUL-terminated, arrays that
are intended to store such sequences should be decorated with a new
nonstring attribute. This change add this attribute to Glibc and
uses it to suppress such false positives.
ChangeLog:
* misc/sys/cdefs.h (__attribute_nonstring__): New macro.
* sysdeps/gnu/bits/utmp.h (struct utmp): Use it.
* sysdeps/unix/sysv/linux/s390/bits/utmp.h (struct utmp): Same.
---
misc/sys/cdefs.h | 9 +++++++++
sysdeps/gnu/bits/utmp.h | 9 ++++++---
sysdeps/unix/sysv/linux/s390/bits/utmp.h | 9 ++++++---
3 files changed, 21 insertions(+), 6 deletions(-)
--- a/misc/sys/cdefs.h
+++ b/misc/sys/cdefs.h
@@ -350,6 +350,15 @@
# endif
#endif
+#if __GNUC_PREREQ (8, 0)
+/* Describes a char array whose address can safely be passed as the first
+ argument to strncpy and strncat, as the char array is not necessarily
+ a NUL-terminated string. */
+# define __attribute_nonstring__ __attribute__ ((__nonstring__))
+#else
+# define __attribute_nonstring__
+#endif
+
#include <bits/wordsize.h>
#if defined __LONG_DOUBLE_MATH_OPTIONAL && defined __NO_LONG_DOUBLE_MATH
--- a/sysdeps/gnu/bits/utmp.h
+++ b/sysdeps/gnu/bits/utmp.h
@@ -61,10 +61,13 @@
{
short int ut_type; /* Type of login. */
pid_t ut_pid; /* Process ID of login process. */
- char ut_line[UT_LINESIZE]; /* Devicename. */
+ char ut_line[UT_LINESIZE]
+ __attribute_nonstring__; /* Devicename. */
char ut_id[4]; /* Inittab ID. */
- char ut_user[UT_NAMESIZE]; /* Username. */
- char ut_host[UT_HOSTSIZE]; /* Hostname for remote login. */
+ char ut_user[UT_NAMESIZE]
+ __attribute_nonstring__; /* Username. */
+ char ut_host[UT_HOSTSIZE]
+ __attribute_nonstring__; /* Hostname for remote login. */
struct exit_status ut_exit; /* Exit status of a process marked
as DEAD_PROCESS. */
/* The ut_session and ut_tv fields must be the same size when compiled
--- a/sysdeps/unix/sysv/linux/s390/bits/utmp.h
+++ b/sysdeps/unix/sysv/linux/s390/bits/utmp.h
@@ -61,10 +61,13 @@
{
short int ut_type; /* Type of login. */
pid_t ut_pid; /* Process ID of login process. */
- char ut_line[UT_LINESIZE]; /* Devicename. */
+ char ut_line[UT_LINESIZE]
+ __attribute_nonstring__; /* Devicename. */
char ut_id[4]; /* Inittab ID. */
- char ut_user[UT_NAMESIZE]; /* Username. */
- char ut_host[UT_HOSTSIZE]; /* Hostname for remote login. */
+ char ut_user[UT_NAMESIZE]
+ __attribute_nonstring__; /* Username. */
+ char ut_host[UT_HOSTSIZE]
+ __attribute_nonstring__; /* Hostname for remote login. */
struct exit_status ut_exit; /* Exit status of a process marked
as DEAD_PROCESS. */
/* The ut_session and ut_tv fields must be the same size when compiled

View File

@ -0,0 +1,47 @@
commit 4bae615022cb5a5da79ccda83cc6c9ba9f2d479c
Author: Joseph Myers <joseph@codesourcery.com>
Date: Wed Nov 22 18:44:23 2017 +0000
Avoid use of strlen in getlogin_r (bug 22447).
Building glibc with current mainline GCC fails, among other reasons,
because of an error for use of strlen on the nonstring ut_user field.
This patch changes the problem code in getlogin_r to use __strnlen
instead. It also needs to set the trailing NUL byte of the result
explicitly, because of the case where ut_user does not have such a
trailing NUL byte (but the result should always have one).
Tested for x86_64. Also tested that, in conjunction with
<https://sourceware.org/ml/libc-alpha/2017-11/msg00797.html>, it fixes
the build for arm with mainline GCC.
[BZ #22447]
* sysdeps/unix/getlogin_r.c (__getlogin_r): Use __strnlen not
strlen to compute length of ut_user and set trailing NUL byte of
result explicitly.
---
sysdeps/unix/getlogin_r.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
--- a/sysdeps/unix/getlogin_r.c
+++ b/sysdeps/unix/getlogin_r.c
@@ -83,7 +83,7 @@
if (result == 0)
{
- size_t needed = strlen (ut->ut_user) + 1;
+ size_t needed = __strnlen (ut->ut_user, UT_NAMESIZE) + 1;
if (needed > name_len)
{
@@ -92,7 +92,8 @@
}
else
{
- memcpy (name, ut->ut_user, needed);
+ memcpy (name, ut->ut_user, needed - 1);
+ name[needed - 1] = 0;
result = 0;
}
}

View File

@ -0,0 +1,25 @@
commit e69897bf202e18034cbef26f363bae64de70a196
Author: Paul Eggert <eggert@cs.ucla.edu>
Date: Sun Nov 12 22:00:28 2017 -0800
timezone: pacify GCC -Wstringop-truncation
Problem reported by Martin Sebor in:
https://sourceware.org/ml/libc-alpha/2017-11/msg00336.html
* timezone/zic.c (writezone): Use memcpy, not strncpy.
---
timezone/zic.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/timezone/zic.c
+++ b/timezone/zic.c
@@ -1648,7 +1648,7 @@
#define DO(field) (void) fwrite((void *) tzh.field, \
(size_t) sizeof tzh.field, (size_t) 1, fp)
tzh = tzh0;
- (void) strncpy(tzh.tzh_magic, TZ_MAGIC, sizeof tzh.tzh_magic);
+ memcpy(tzh.tzh_magic, TZ_MAGIC, sizeof tzh.tzh_magic);
tzh.tzh_version[0] = ZIC_VERSION;
convert(eitol(thistypecnt), tzh.tzh_ttisgmtcnt);
convert(eitol(thistypecnt), tzh.tzh_ttisstdcnt);

View File

@ -0,0 +1,73 @@
commit e4043b84c49e1cf9bcf1e8320233343ecc34f8eb
Author: Joseph Myers <joseph@codesourcery.com>
Date: Tue Jun 27 17:12:13 2017 +0000
Fix strftime build with GCC 8.
Building with current GCC mainline fails with:
strftime_l.c: In function '__strftime_internal':
strftime_l.c:719:4: error: macro expands to multiple statements [-Werror=multistatement-macros]
digits = d > width ? d : width; \
^
strftime_l.c:1260:6: note: in expansion of macro 'DO_NUMBER'
DO_NUMBER (1, tp->tm_year + TM_YEAR_BASE);
^~~~~~~~~
strftime_l.c:1259:4: note: some parts of macro expansion are not guarded by this 'else' clause
else
^~~~
In fact this particular instance is harmless; the code looks like:
if (modifier == L_('O'))
goto bad_format;
else
DO_NUMBER (1, tp->tm_year + TM_YEAR_BASE);
and because of the goto, it doesn't matter that part of the expansion
isn't under the "else" conditional. But it's also clearly bad style
to rely on that. This patch changes DO_NUMBER and DO_NUMBER_SPACEPAD
to use do { } while (0) to avoid such problems.
Tested (full testsuite) for x86_64 (GCC 6), and with
build-many-glibcs.py with GCC mainline, in conjunction with my libgcc
patch <https://gcc.gnu.org/ml/gcc-patches/2017-06/msg02032.html>.
* time/strftime_l.c (DO_NUMBER): Define using do { } while (0).
(DO_NUMBER_SPACEPAD): Likewise.
---
time/strftime_l.c | 22 ++++++++++++++++------
1 file changed, 16 insertions(+), 6 deletions(-)
--- a/time/strftime_l.c
+++ b/time/strftime_l.c
@@ -742,12 +742,22 @@
format_char = *f;
switch (format_char)
{
-#define DO_NUMBER(d, v) \
- digits = d > width ? d : width; \
- number_value = v; goto do_number
-#define DO_NUMBER_SPACEPAD(d, v) \
- digits = d > width ? d : width; \
- number_value = v; goto do_number_spacepad
+#define DO_NUMBER(d, v) \
+ do \
+ { \
+ digits = d > width ? d : width; \
+ number_value = v; \
+ goto do_number; \
+ } \
+ while (0)
+#define DO_NUMBER_SPACEPAD(d, v) \
+ do \
+ { \
+ digits = d > width ? d : width; \
+ number_value = v; \
+ goto do_number_spacepad; \
+ } \
+ while (0)
case L_('%'):
if (modifier != 0)

View File

@ -0,0 +1,29 @@
commit 2180fee114b778515b3f560e5ff1e795282e60b0
Author: Steve Ellcey <sellcey@caviumnetworks.com>
Date: Wed Nov 15 08:58:48 2017 -0800
Check length of ifname before copying it into to ifreq structure.
[BZ #22442]
* sysdeps/unix/sysv/linux/if_index.c (__if_nametoindex):
Check if ifname is too long.
---
sysdeps/unix/sysv/linux/if_index.c | 6 ++++++
1 file changed, 6 insertions(+)
--- a/sysdeps/unix/sysv/linux/if_index.c
+++ b/sysdeps/unix/sysv/linux/if_index.c
@@ -54,6 +54,12 @@
if (fd < 0)
return 0;
+ if (strlen (ifname) >= IFNAMSIZ)
+ {
+ __set_errno (ENODEV);
+ return 0;
+ }
+
strncpy (ifr.ifr_name, ifname, sizeof (ifr.ifr_name));
if (__ioctl (fd, SIOCGIFINDEX, &ifr) < 0)
{

View File

@ -0,0 +1,80 @@
commit 7532837d7b03b3ca5b9a63d77a5bd81dd23f3d9c
Author: Martin Sebor <msebor@redhat.com>
Date: Wed Nov 15 17:39:59 2017 -0700
The -Wstringop-truncation option new in GCC 8 detects common misuses
of the strncat and strncpy function that may result in truncating
the copied string before the terminating NUL. To avoid false positive
warnings for correct code that intentionally creates sequences of
characters that aren't guaranteed to be NUL-terminated, arrays that
are intended to store such sequences should be decorated with a new
nonstring attribute. This change add this attribute to Glibc and
uses it to suppress such false positives.
ChangeLog:
* misc/sys/cdefs.h (__attribute_nonstring__): New macro.
* sysdeps/gnu/bits/utmp.h (struct utmp): Use it.
* sysdeps/unix/sysv/linux/s390/bits/utmp.h (struct utmp): Same.
---
misc/sys/cdefs.h | 9 +++++++++
sysdeps/gnu/bits/utmp.h | 9 ++++++---
sysdeps/unix/sysv/linux/s390/bits/utmp.h | 9 ++++++---
3 files changed, 21 insertions(+), 6 deletions(-)
--- a/misc/sys/cdefs.h
+++ b/misc/sys/cdefs.h
@@ -350,6 +350,15 @@
# endif
#endif
+#if __GNUC_PREREQ (8, 0)
+/* Describes a char array whose address can safely be passed as the first
+ argument to strncpy and strncat, as the char array is not necessarily
+ a NUL-terminated string. */
+# define __attribute_nonstring__ __attribute__ ((__nonstring__))
+#else
+# define __attribute_nonstring__
+#endif
+
#include <bits/wordsize.h>
#if defined __LONG_DOUBLE_MATH_OPTIONAL && defined __NO_LONG_DOUBLE_MATH
--- a/sysdeps/gnu/bits/utmp.h
+++ b/sysdeps/gnu/bits/utmp.h
@@ -61,10 +61,13 @@
{
short int ut_type; /* Type of login. */
pid_t ut_pid; /* Process ID of login process. */
- char ut_line[UT_LINESIZE]; /* Devicename. */
+ char ut_line[UT_LINESIZE]
+ __attribute_nonstring__; /* Devicename. */
char ut_id[4]; /* Inittab ID. */
- char ut_user[UT_NAMESIZE]; /* Username. */
- char ut_host[UT_HOSTSIZE]; /* Hostname for remote login. */
+ char ut_user[UT_NAMESIZE]
+ __attribute_nonstring__; /* Username. */
+ char ut_host[UT_HOSTSIZE]
+ __attribute_nonstring__; /* Hostname for remote login. */
struct exit_status ut_exit; /* Exit status of a process marked
as DEAD_PROCESS. */
/* The ut_session and ut_tv fields must be the same size when compiled
--- a/sysdeps/unix/sysv/linux/s390/bits/utmp.h
+++ b/sysdeps/unix/sysv/linux/s390/bits/utmp.h
@@ -61,10 +61,13 @@
{
short int ut_type; /* Type of login. */
pid_t ut_pid; /* Process ID of login process. */
- char ut_line[UT_LINESIZE]; /* Devicename. */
+ char ut_line[UT_LINESIZE]
+ __attribute_nonstring__; /* Devicename. */
char ut_id[4]; /* Inittab ID. */
- char ut_user[UT_NAMESIZE]; /* Username. */
- char ut_host[UT_HOSTSIZE]; /* Hostname for remote login. */
+ char ut_user[UT_NAMESIZE]
+ __attribute_nonstring__; /* Username. */
+ char ut_host[UT_HOSTSIZE]
+ __attribute_nonstring__; /* Hostname for remote login. */
struct exit_status ut_exit; /* Exit status of a process marked
as DEAD_PROCESS. */
/* The ut_session and ut_tv fields must be the same size when compiled

View File

@ -0,0 +1,47 @@
commit 4bae615022cb5a5da79ccda83cc6c9ba9f2d479c
Author: Joseph Myers <joseph@codesourcery.com>
Date: Wed Nov 22 18:44:23 2017 +0000
Avoid use of strlen in getlogin_r (bug 22447).
Building glibc with current mainline GCC fails, among other reasons,
because of an error for use of strlen on the nonstring ut_user field.
This patch changes the problem code in getlogin_r to use __strnlen
instead. It also needs to set the trailing NUL byte of the result
explicitly, because of the case where ut_user does not have such a
trailing NUL byte (but the result should always have one).
Tested for x86_64. Also tested that, in conjunction with
<https://sourceware.org/ml/libc-alpha/2017-11/msg00797.html>, it fixes
the build for arm with mainline GCC.
[BZ #22447]
* sysdeps/unix/getlogin_r.c (__getlogin_r): Use __strnlen not
strlen to compute length of ut_user and set trailing NUL byte of
result explicitly.
---
sysdeps/unix/getlogin_r.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
--- a/sysdeps/unix/getlogin_r.c
+++ b/sysdeps/unix/getlogin_r.c
@@ -83,7 +83,7 @@
if (result == 0)
{
- size_t needed = strlen (ut->ut_user) + 1;
+ size_t needed = __strnlen (ut->ut_user, UT_NAMESIZE) + 1;
if (needed > name_len)
{
@@ -92,7 +92,8 @@
}
else
{
- memcpy (name, ut->ut_user, needed);
+ memcpy (name, ut->ut_user, needed - 1);
+ name[needed - 1] = 0;
result = 0;
}
}

View File

@ -0,0 +1,25 @@
commit e69897bf202e18034cbef26f363bae64de70a196
Author: Paul Eggert <eggert@cs.ucla.edu>
Date: Sun Nov 12 22:00:28 2017 -0800
timezone: pacify GCC -Wstringop-truncation
Problem reported by Martin Sebor in:
https://sourceware.org/ml/libc-alpha/2017-11/msg00336.html
* timezone/zic.c (writezone): Use memcpy, not strncpy.
---
timezone/zic.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/timezone/zic.c
+++ b/timezone/zic.c
@@ -1648,7 +1648,7 @@
#define DO(field) (void) fwrite((void *) tzh.field, \
(size_t) sizeof tzh.field, (size_t) 1, fp)
tzh = tzh0;
- (void) strncpy(tzh.tzh_magic, TZ_MAGIC, sizeof tzh.tzh_magic);
+ memcpy(tzh.tzh_magic, TZ_MAGIC, sizeof tzh.tzh_magic);
tzh.tzh_version[0] = ZIC_VERSION;
convert(eitol(thistypecnt), tzh.tzh_ttisgmtcnt);
convert(eitol(thistypecnt), tzh.tzh_ttisstdcnt);

View File

@ -0,0 +1,73 @@
commit e4043b84c49e1cf9bcf1e8320233343ecc34f8eb
Author: Joseph Myers <joseph@codesourcery.com>
Date: Tue Jun 27 17:12:13 2017 +0000
Fix strftime build with GCC 8.
Building with current GCC mainline fails with:
strftime_l.c: In function '__strftime_internal':
strftime_l.c:719:4: error: macro expands to multiple statements [-Werror=multistatement-macros]
digits = d > width ? d : width; \
^
strftime_l.c:1260:6: note: in expansion of macro 'DO_NUMBER'
DO_NUMBER (1, tp->tm_year + TM_YEAR_BASE);
^~~~~~~~~
strftime_l.c:1259:4: note: some parts of macro expansion are not guarded by this 'else' clause
else
^~~~
In fact this particular instance is harmless; the code looks like:
if (modifier == L_('O'))
goto bad_format;
else
DO_NUMBER (1, tp->tm_year + TM_YEAR_BASE);
and because of the goto, it doesn't matter that part of the expansion
isn't under the "else" conditional. But it's also clearly bad style
to rely on that. This patch changes DO_NUMBER and DO_NUMBER_SPACEPAD
to use do { } while (0) to avoid such problems.
Tested (full testsuite) for x86_64 (GCC 6), and with
build-many-glibcs.py with GCC mainline, in conjunction with my libgcc
patch <https://gcc.gnu.org/ml/gcc-patches/2017-06/msg02032.html>.
* time/strftime_l.c (DO_NUMBER): Define using do { } while (0).
(DO_NUMBER_SPACEPAD): Likewise.
---
time/strftime_l.c | 22 ++++++++++++++++------
1 file changed, 16 insertions(+), 6 deletions(-)
--- a/time/strftime_l.c
+++ b/time/strftime_l.c
@@ -742,12 +742,22 @@
format_char = *f;
switch (format_char)
{
-#define DO_NUMBER(d, v) \
- digits = d > width ? d : width; \
- number_value = v; goto do_number
-#define DO_NUMBER_SPACEPAD(d, v) \
- digits = d > width ? d : width; \
- number_value = v; goto do_number_spacepad
+#define DO_NUMBER(d, v) \
+ do \
+ { \
+ digits = d > width ? d : width; \
+ number_value = v; \
+ goto do_number; \
+ } \
+ while (0)
+#define DO_NUMBER_SPACEPAD(d, v) \
+ do \
+ { \
+ digits = d > width ? d : width; \
+ number_value = v; \
+ goto do_number_spacepad; \
+ } \
+ while (0)
case L_('%'):
if (modifier != 0)

View File

@ -0,0 +1,29 @@
commit 2180fee114b778515b3f560e5ff1e795282e60b0
Author: Steve Ellcey <sellcey@caviumnetworks.com>
Date: Wed Nov 15 08:58:48 2017 -0800
Check length of ifname before copying it into to ifreq structure.
[BZ #22442]
* sysdeps/unix/sysv/linux/if_index.c (__if_nametoindex):
Check if ifname is too long.
---
sysdeps/unix/sysv/linux/if_index.c | 6 ++++++
1 file changed, 6 insertions(+)
--- a/sysdeps/unix/sysv/linux/if_index.c
+++ b/sysdeps/unix/sysv/linux/if_index.c
@@ -54,6 +54,12 @@
if (fd < 0)
return 0;
+ if (strlen (ifname) >= IFNAMSIZ)
+ {
+ __set_errno (ENODEV);
+ return 0;
+ }
+
strncpy (ifr.ifr_name, ifname, sizeof (ifr.ifr_name));
if (__ioctl (fd, SIOCGIFINDEX, &ifr) < 0)
{

View File

@ -0,0 +1,80 @@
commit 7532837d7b03b3ca5b9a63d77a5bd81dd23f3d9c
Author: Martin Sebor <msebor@redhat.com>
Date: Wed Nov 15 17:39:59 2017 -0700
The -Wstringop-truncation option new in GCC 8 detects common misuses
of the strncat and strncpy function that may result in truncating
the copied string before the terminating NUL. To avoid false positive
warnings for correct code that intentionally creates sequences of
characters that aren't guaranteed to be NUL-terminated, arrays that
are intended to store such sequences should be decorated with a new
nonstring attribute. This change add this attribute to Glibc and
uses it to suppress such false positives.
ChangeLog:
* misc/sys/cdefs.h (__attribute_nonstring__): New macro.
* sysdeps/gnu/bits/utmp.h (struct utmp): Use it.
* sysdeps/unix/sysv/linux/s390/bits/utmp.h (struct utmp): Same.
---
misc/sys/cdefs.h | 9 +++++++++
sysdeps/gnu/bits/utmp.h | 9 ++++++---
sysdeps/unix/sysv/linux/s390/bits/utmp.h | 9 ++++++---
3 files changed, 21 insertions(+), 6 deletions(-)
--- a/misc/sys/cdefs.h
+++ b/misc/sys/cdefs.h
@@ -350,6 +350,15 @@
# endif
#endif
+#if __GNUC_PREREQ (8, 0)
+/* Describes a char array whose address can safely be passed as the first
+ argument to strncpy and strncat, as the char array is not necessarily
+ a NUL-terminated string. */
+# define __attribute_nonstring__ __attribute__ ((__nonstring__))
+#else
+# define __attribute_nonstring__
+#endif
+
#include <bits/wordsize.h>
#if defined __LONG_DOUBLE_MATH_OPTIONAL && defined __NO_LONG_DOUBLE_MATH
--- a/sysdeps/gnu/bits/utmp.h
+++ b/sysdeps/gnu/bits/utmp.h
@@ -61,10 +61,13 @@
{
short int ut_type; /* Type of login. */
pid_t ut_pid; /* Process ID of login process. */
- char ut_line[UT_LINESIZE]; /* Devicename. */
+ char ut_line[UT_LINESIZE]
+ __attribute_nonstring__; /* Devicename. */
char ut_id[4]; /* Inittab ID. */
- char ut_user[UT_NAMESIZE]; /* Username. */
- char ut_host[UT_HOSTSIZE]; /* Hostname for remote login. */
+ char ut_user[UT_NAMESIZE]
+ __attribute_nonstring__; /* Username. */
+ char ut_host[UT_HOSTSIZE]
+ __attribute_nonstring__; /* Hostname for remote login. */
struct exit_status ut_exit; /* Exit status of a process marked
as DEAD_PROCESS. */
/* The ut_session and ut_tv fields must be the same size when compiled
--- a/sysdeps/unix/sysv/linux/s390/bits/utmp.h
+++ b/sysdeps/unix/sysv/linux/s390/bits/utmp.h
@@ -61,10 +61,13 @@
{
short int ut_type; /* Type of login. */
pid_t ut_pid; /* Process ID of login process. */
- char ut_line[UT_LINESIZE]; /* Devicename. */
+ char ut_line[UT_LINESIZE]
+ __attribute_nonstring__; /* Devicename. */
char ut_id[4]; /* Inittab ID. */
- char ut_user[UT_NAMESIZE]; /* Username. */
- char ut_host[UT_HOSTSIZE]; /* Hostname for remote login. */
+ char ut_user[UT_NAMESIZE]
+ __attribute_nonstring__; /* Username. */
+ char ut_host[UT_HOSTSIZE]
+ __attribute_nonstring__; /* Hostname for remote login. */
struct exit_status ut_exit; /* Exit status of a process marked
as DEAD_PROCESS. */
/* The ut_session and ut_tv fields must be the same size when compiled

View File

@ -0,0 +1,47 @@
commit 4bae615022cb5a5da79ccda83cc6c9ba9f2d479c
Author: Joseph Myers <joseph@codesourcery.com>
Date: Wed Nov 22 18:44:23 2017 +0000
Avoid use of strlen in getlogin_r (bug 22447).
Building glibc with current mainline GCC fails, among other reasons,
because of an error for use of strlen on the nonstring ut_user field.
This patch changes the problem code in getlogin_r to use __strnlen
instead. It also needs to set the trailing NUL byte of the result
explicitly, because of the case where ut_user does not have such a
trailing NUL byte (but the result should always have one).
Tested for x86_64. Also tested that, in conjunction with
<https://sourceware.org/ml/libc-alpha/2017-11/msg00797.html>, it fixes
the build for arm with mainline GCC.
[BZ #22447]
* sysdeps/unix/getlogin_r.c (__getlogin_r): Use __strnlen not
strlen to compute length of ut_user and set trailing NUL byte of
result explicitly.
---
sysdeps/unix/getlogin_r.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
--- a/sysdeps/unix/getlogin_r.c
+++ b/sysdeps/unix/getlogin_r.c
@@ -83,7 +83,7 @@
if (result == 0)
{
- size_t needed = strlen (ut->ut_user) + 1;
+ size_t needed = __strnlen (ut->ut_user, UT_NAMESIZE) + 1;
if (needed > name_len)
{
@@ -92,7 +92,8 @@
}
else
{
- memcpy (name, ut->ut_user, needed);
+ memcpy (name, ut->ut_user, needed - 1);
+ name[needed - 1] = 0;
result = 0;
}
}

View File

@ -0,0 +1,25 @@
commit e69897bf202e18034cbef26f363bae64de70a196
Author: Paul Eggert <eggert@cs.ucla.edu>
Date: Sun Nov 12 22:00:28 2017 -0800
timezone: pacify GCC -Wstringop-truncation
Problem reported by Martin Sebor in:
https://sourceware.org/ml/libc-alpha/2017-11/msg00336.html
* timezone/zic.c (writezone): Use memcpy, not strncpy.
---
timezone/zic.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/timezone/zic.c
+++ b/timezone/zic.c
@@ -1648,7 +1648,7 @@
#define DO(field) (void) fwrite((void *) tzh.field, \
(size_t) sizeof tzh.field, (size_t) 1, fp)
tzh = tzh0;
- (void) strncpy(tzh.tzh_magic, TZ_MAGIC, sizeof tzh.tzh_magic);
+ memcpy(tzh.tzh_magic, TZ_MAGIC, sizeof tzh.tzh_magic);
tzh.tzh_version[0] = ZIC_VERSION;
convert(eitol(thistypecnt), tzh.tzh_ttisgmtcnt);
convert(eitol(thistypecnt), tzh.tzh_ttisstdcnt);

View File

@ -0,0 +1,73 @@
commit e4043b84c49e1cf9bcf1e8320233343ecc34f8eb
Author: Joseph Myers <joseph@codesourcery.com>
Date: Tue Jun 27 17:12:13 2017 +0000
Fix strftime build with GCC 8.
Building with current GCC mainline fails with:
strftime_l.c: In function '__strftime_internal':
strftime_l.c:719:4: error: macro expands to multiple statements [-Werror=multistatement-macros]
digits = d > width ? d : width; \
^
strftime_l.c:1260:6: note: in expansion of macro 'DO_NUMBER'
DO_NUMBER (1, tp->tm_year + TM_YEAR_BASE);
^~~~~~~~~
strftime_l.c:1259:4: note: some parts of macro expansion are not guarded by this 'else' clause
else
^~~~
In fact this particular instance is harmless; the code looks like:
if (modifier == L_('O'))
goto bad_format;
else
DO_NUMBER (1, tp->tm_year + TM_YEAR_BASE);
and because of the goto, it doesn't matter that part of the expansion
isn't under the "else" conditional. But it's also clearly bad style
to rely on that. This patch changes DO_NUMBER and DO_NUMBER_SPACEPAD
to use do { } while (0) to avoid such problems.
Tested (full testsuite) for x86_64 (GCC 6), and with
build-many-glibcs.py with GCC mainline, in conjunction with my libgcc
patch <https://gcc.gnu.org/ml/gcc-patches/2017-06/msg02032.html>.
* time/strftime_l.c (DO_NUMBER): Define using do { } while (0).
(DO_NUMBER_SPACEPAD): Likewise.
---
time/strftime_l.c | 22 ++++++++++++++++------
1 file changed, 16 insertions(+), 6 deletions(-)
--- a/time/strftime_l.c
+++ b/time/strftime_l.c
@@ -742,12 +742,22 @@
format_char = *f;
switch (format_char)
{
-#define DO_NUMBER(d, v) \
- digits = d > width ? d : width; \
- number_value = v; goto do_number
-#define DO_NUMBER_SPACEPAD(d, v) \
- digits = d > width ? d : width; \
- number_value = v; goto do_number_spacepad
+#define DO_NUMBER(d, v) \
+ do \
+ { \
+ digits = d > width ? d : width; \
+ number_value = v; \
+ goto do_number; \
+ } \
+ while (0)
+#define DO_NUMBER_SPACEPAD(d, v) \
+ do \
+ { \
+ digits = d > width ? d : width; \
+ number_value = v; \
+ goto do_number_spacepad; \
+ } \
+ while (0)
case L_('%'):
if (modifier != 0)

View File

@ -0,0 +1,29 @@
commit 2180fee114b778515b3f560e5ff1e795282e60b0
Author: Steve Ellcey <sellcey@caviumnetworks.com>
Date: Wed Nov 15 08:58:48 2017 -0800
Check length of ifname before copying it into to ifreq structure.
[BZ #22442]
* sysdeps/unix/sysv/linux/if_index.c (__if_nametoindex):
Check if ifname is too long.
---
sysdeps/unix/sysv/linux/if_index.c | 6 ++++++
1 file changed, 6 insertions(+)
--- a/sysdeps/unix/sysv/linux/if_index.c
+++ b/sysdeps/unix/sysv/linux/if_index.c
@@ -54,6 +54,12 @@
if (fd < 0)
return 0;
+ if (strlen (ifname) >= IFNAMSIZ)
+ {
+ __set_errno (ENODEV);
+ return 0;
+ }
+
strncpy (ifr.ifr_name, ifname, sizeof (ifr.ifr_name));
if (__ioctl (fd, SIOCGIFINDEX, &ifr) < 0)
{

View File

@ -0,0 +1,80 @@
commit 7532837d7b03b3ca5b9a63d77a5bd81dd23f3d9c
Author: Martin Sebor <msebor@redhat.com>
Date: Wed Nov 15 17:39:59 2017 -0700
The -Wstringop-truncation option new in GCC 8 detects common misuses
of the strncat and strncpy function that may result in truncating
the copied string before the terminating NUL. To avoid false positive
warnings for correct code that intentionally creates sequences of
characters that aren't guaranteed to be NUL-terminated, arrays that
are intended to store such sequences should be decorated with a new
nonstring attribute. This change add this attribute to Glibc and
uses it to suppress such false positives.
ChangeLog:
* misc/sys/cdefs.h (__attribute_nonstring__): New macro.
* sysdeps/gnu/bits/utmp.h (struct utmp): Use it.
* sysdeps/unix/sysv/linux/s390/bits/utmp.h (struct utmp): Same.
---
misc/sys/cdefs.h | 9 +++++++++
sysdeps/gnu/bits/utmp.h | 9 ++++++---
sysdeps/unix/sysv/linux/s390/bits/utmp.h | 9 ++++++---
3 files changed, 21 insertions(+), 6 deletions(-)
--- a/misc/sys/cdefs.h
+++ b/misc/sys/cdefs.h
@@ -350,6 +350,15 @@
# endif
#endif
+#if __GNUC_PREREQ (8, 0)
+/* Describes a char array whose address can safely be passed as the first
+ argument to strncpy and strncat, as the char array is not necessarily
+ a NUL-terminated string. */
+# define __attribute_nonstring__ __attribute__ ((__nonstring__))
+#else
+# define __attribute_nonstring__
+#endif
+
#include <bits/wordsize.h>
#if defined __LONG_DOUBLE_MATH_OPTIONAL && defined __NO_LONG_DOUBLE_MATH
--- a/sysdeps/gnu/bits/utmp.h
+++ b/sysdeps/gnu/bits/utmp.h
@@ -61,10 +61,13 @@
{
short int ut_type; /* Type of login. */
pid_t ut_pid; /* Process ID of login process. */
- char ut_line[UT_LINESIZE]; /* Devicename. */
+ char ut_line[UT_LINESIZE]
+ __attribute_nonstring__; /* Devicename. */
char ut_id[4]; /* Inittab ID. */
- char ut_user[UT_NAMESIZE]; /* Username. */
- char ut_host[UT_HOSTSIZE]; /* Hostname for remote login. */
+ char ut_user[UT_NAMESIZE]
+ __attribute_nonstring__; /* Username. */
+ char ut_host[UT_HOSTSIZE]
+ __attribute_nonstring__; /* Hostname for remote login. */
struct exit_status ut_exit; /* Exit status of a process marked
as DEAD_PROCESS. */
/* The ut_session and ut_tv fields must be the same size when compiled
--- a/sysdeps/unix/sysv/linux/s390/bits/utmp.h
+++ b/sysdeps/unix/sysv/linux/s390/bits/utmp.h
@@ -61,10 +61,13 @@
{
short int ut_type; /* Type of login. */
pid_t ut_pid; /* Process ID of login process. */
- char ut_line[UT_LINESIZE]; /* Devicename. */
+ char ut_line[UT_LINESIZE]
+ __attribute_nonstring__; /* Devicename. */
char ut_id[4]; /* Inittab ID. */
- char ut_user[UT_NAMESIZE]; /* Username. */
- char ut_host[UT_HOSTSIZE]; /* Hostname for remote login. */
+ char ut_user[UT_NAMESIZE]
+ __attribute_nonstring__; /* Username. */
+ char ut_host[UT_HOSTSIZE]
+ __attribute_nonstring__; /* Hostname for remote login. */
struct exit_status ut_exit; /* Exit status of a process marked
as DEAD_PROCESS. */
/* The ut_session and ut_tv fields must be the same size when compiled

View File

@ -0,0 +1,47 @@
commit 4bae615022cb5a5da79ccda83cc6c9ba9f2d479c
Author: Joseph Myers <joseph@codesourcery.com>
Date: Wed Nov 22 18:44:23 2017 +0000
Avoid use of strlen in getlogin_r (bug 22447).
Building glibc with current mainline GCC fails, among other reasons,
because of an error for use of strlen on the nonstring ut_user field.
This patch changes the problem code in getlogin_r to use __strnlen
instead. It also needs to set the trailing NUL byte of the result
explicitly, because of the case where ut_user does not have such a
trailing NUL byte (but the result should always have one).
Tested for x86_64. Also tested that, in conjunction with
<https://sourceware.org/ml/libc-alpha/2017-11/msg00797.html>, it fixes
the build for arm with mainline GCC.
[BZ #22447]
* sysdeps/unix/getlogin_r.c (__getlogin_r): Use __strnlen not
strlen to compute length of ut_user and set trailing NUL byte of
result explicitly.
---
sysdeps/unix/getlogin_r.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
--- a/sysdeps/unix/getlogin_r.c
+++ b/sysdeps/unix/getlogin_r.c
@@ -83,7 +83,7 @@
if (result == 0)
{
- size_t needed = strlen (ut->ut_user) + 1;
+ size_t needed = __strnlen (ut->ut_user, UT_NAMESIZE) + 1;
if (needed > name_len)
{
@@ -92,7 +92,8 @@
}
else
{
- memcpy (name, ut->ut_user, needed);
+ memcpy (name, ut->ut_user, needed - 1);
+ name[needed - 1] = 0;
result = 0;
}
}

View File

@ -0,0 +1,25 @@
commit e69897bf202e18034cbef26f363bae64de70a196
Author: Paul Eggert <eggert@cs.ucla.edu>
Date: Sun Nov 12 22:00:28 2017 -0800
timezone: pacify GCC -Wstringop-truncation
Problem reported by Martin Sebor in:
https://sourceware.org/ml/libc-alpha/2017-11/msg00336.html
* timezone/zic.c (writezone): Use memcpy, not strncpy.
---
timezone/zic.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/timezone/zic.c
+++ b/timezone/zic.c
@@ -1648,7 +1648,7 @@
#define DO(field) (void) fwrite((void *) tzh.field, \
(size_t) sizeof tzh.field, (size_t) 1, fp)
tzh = tzh0;
- (void) strncpy(tzh.tzh_magic, TZ_MAGIC, sizeof tzh.tzh_magic);
+ memcpy(tzh.tzh_magic, TZ_MAGIC, sizeof tzh.tzh_magic);
tzh.tzh_version[0] = ZIC_VERSION;
convert(eitol(thistypecnt), tzh.tzh_ttisgmtcnt);
convert(eitol(thistypecnt), tzh.tzh_ttisstdcnt);

View File

@ -1,30 +0,0 @@
commit 39b1f6172a2f9ddc74a8f82d6e84dd13b22dbaf2
Author: Peter Collingbourne <pcc@google.com>
Date: Wed May 15 20:28:08 2013 +0200
Move _obstack_compat out of common
it is impossible to create an alias of a common symbol (as
compat_symbol does), because common symbols do not have a section or
an offset until linked. GNU as tolerates aliases of common symbols by
simply creating another common symbol, but other assemblers (notably
LLVM's integrated assembler) are less tolerant.
2013-05-15 Peter Collingbourne <pcc@google.com>
* malloc/obstack.c (_obstack_compat): Add initializer.
-
diff --git a/malloc/obstack.c b/malloc/obstack.c
index 25a90514f7..c3c7db4a96 100644
--- a/malloc/obstack.c
+++ b/malloc/obstack.c
@@ -115,7 +115,7 @@ int obstack_exit_failure = EXIT_FAILURE;
/* A looong time ago (before 1994, anyway; we're not sure) this global variable
was used by non-GNU-C macros to avoid multiple evaluation. The GNU C
library still exports it because somebody might use it. */
-struct obstack *_obstack_compat;
+struct obstack *_obstack_compat = 0;
compat_symbol (libc, _obstack_compat, _obstack, GLIBC_2_0);
# endif
# endif

View File

@ -0,0 +1,73 @@
commit e4043b84c49e1cf9bcf1e8320233343ecc34f8eb
Author: Joseph Myers <joseph@codesourcery.com>
Date: Tue Jun 27 17:12:13 2017 +0000
Fix strftime build with GCC 8.
Building with current GCC mainline fails with:
strftime_l.c: In function '__strftime_internal':
strftime_l.c:719:4: error: macro expands to multiple statements [-Werror=multistatement-macros]
digits = d > width ? d : width; \
^
strftime_l.c:1260:6: note: in expansion of macro 'DO_NUMBER'
DO_NUMBER (1, tp->tm_year + TM_YEAR_BASE);
^~~~~~~~~
strftime_l.c:1259:4: note: some parts of macro expansion are not guarded by this 'else' clause
else
^~~~
In fact this particular instance is harmless; the code looks like:
if (modifier == L_('O'))
goto bad_format;
else
DO_NUMBER (1, tp->tm_year + TM_YEAR_BASE);
and because of the goto, it doesn't matter that part of the expansion
isn't under the "else" conditional. But it's also clearly bad style
to rely on that. This patch changes DO_NUMBER and DO_NUMBER_SPACEPAD
to use do { } while (0) to avoid such problems.
Tested (full testsuite) for x86_64 (GCC 6), and with
build-many-glibcs.py with GCC mainline, in conjunction with my libgcc
patch <https://gcc.gnu.org/ml/gcc-patches/2017-06/msg02032.html>.
* time/strftime_l.c (DO_NUMBER): Define using do { } while (0).
(DO_NUMBER_SPACEPAD): Likewise.
---
time/strftime_l.c | 22 ++++++++++++++++------
1 file changed, 16 insertions(+), 6 deletions(-)
--- a/time/strftime_l.c
+++ b/time/strftime_l.c
@@ -742,12 +742,22 @@
format_char = *f;
switch (format_char)
{
-#define DO_NUMBER(d, v) \
- digits = d > width ? d : width; \
- number_value = v; goto do_number
-#define DO_NUMBER_SPACEPAD(d, v) \
- digits = d > width ? d : width; \
- number_value = v; goto do_number_spacepad
+#define DO_NUMBER(d, v) \
+ do \
+ { \
+ digits = d > width ? d : width; \
+ number_value = v; \
+ goto do_number; \
+ } \
+ while (0)
+#define DO_NUMBER_SPACEPAD(d, v) \
+ do \
+ { \
+ digits = d > width ? d : width; \
+ number_value = v; \
+ goto do_number_spacepad; \
+ } \
+ while (0)
case L_('%'):
if (modifier != 0)

View File

@ -0,0 +1,29 @@
commit 2180fee114b778515b3f560e5ff1e795282e60b0
Author: Steve Ellcey <sellcey@caviumnetworks.com>
Date: Wed Nov 15 08:58:48 2017 -0800
Check length of ifname before copying it into to ifreq structure.
[BZ #22442]
* sysdeps/unix/sysv/linux/if_index.c (__if_nametoindex):
Check if ifname is too long.
---
sysdeps/unix/sysv/linux/if_index.c | 6 ++++++
1 file changed, 6 insertions(+)
--- a/sysdeps/unix/sysv/linux/if_index.c
+++ b/sysdeps/unix/sysv/linux/if_index.c
@@ -54,6 +54,12 @@
if (fd < 0)
return 0;
+ if (strlen (ifname) >= IFNAMSIZ)
+ {
+ __set_errno (ENODEV);
+ return 0;
+ }
+
strncpy (ifr.ifr_name, ifname, sizeof (ifr.ifr_name));
if (__ioctl (fd, SIOCGIFINDEX, &ifr) < 0)
{

View File

@ -0,0 +1,80 @@
commit 7532837d7b03b3ca5b9a63d77a5bd81dd23f3d9c
Author: Martin Sebor <msebor@redhat.com>
Date: Wed Nov 15 17:39:59 2017 -0700
The -Wstringop-truncation option new in GCC 8 detects common misuses
of the strncat and strncpy function that may result in truncating
the copied string before the terminating NUL. To avoid false positive
warnings for correct code that intentionally creates sequences of
characters that aren't guaranteed to be NUL-terminated, arrays that
are intended to store such sequences should be decorated with a new
nonstring attribute. This change add this attribute to Glibc and
uses it to suppress such false positives.
ChangeLog:
* misc/sys/cdefs.h (__attribute_nonstring__): New macro.
* sysdeps/gnu/bits/utmp.h (struct utmp): Use it.
* sysdeps/unix/sysv/linux/s390/bits/utmp.h (struct utmp): Same.
---
misc/sys/cdefs.h | 9 +++++++++
sysdeps/gnu/bits/utmp.h | 9 ++++++---
sysdeps/unix/sysv/linux/s390/bits/utmp.h | 9 ++++++---
3 files changed, 21 insertions(+), 6 deletions(-)
--- a/misc/sys/cdefs.h
+++ b/misc/sys/cdefs.h
@@ -375,6 +375,15 @@
# endif
#endif
+#if __GNUC_PREREQ (8, 0)
+/* Describes a char array whose address can safely be passed as the first
+ argument to strncpy and strncat, as the char array is not necessarily
+ a NUL-terminated string. */
+# define __attribute_nonstring__ __attribute__ ((__nonstring__))
+#else
+# define __attribute_nonstring__
+#endif
+
#include <bits/wordsize.h>
#if defined __LONG_DOUBLE_MATH_OPTIONAL && defined __NO_LONG_DOUBLE_MATH
--- a/sysdeps/gnu/bits/utmp.h
+++ b/sysdeps/gnu/bits/utmp.h
@@ -61,10 +61,13 @@
{
short int ut_type; /* Type of login. */
pid_t ut_pid; /* Process ID of login process. */
- char ut_line[UT_LINESIZE]; /* Devicename. */
+ char ut_line[UT_LINESIZE]
+ __attribute_nonstring__; /* Devicename. */
char ut_id[4]; /* Inittab ID. */
- char ut_user[UT_NAMESIZE]; /* Username. */
- char ut_host[UT_HOSTSIZE]; /* Hostname for remote login. */
+ char ut_user[UT_NAMESIZE]
+ __attribute_nonstring__; /* Username. */
+ char ut_host[UT_HOSTSIZE]
+ __attribute_nonstring__; /* Hostname for remote login. */
struct exit_status ut_exit; /* Exit status of a process marked
as DEAD_PROCESS. */
/* The ut_session and ut_tv fields must be the same size when compiled
--- a/sysdeps/unix/sysv/linux/s390/bits/utmp.h
+++ b/sysdeps/unix/sysv/linux/s390/bits/utmp.h
@@ -61,10 +61,13 @@
{
short int ut_type; /* Type of login. */
pid_t ut_pid; /* Process ID of login process. */
- char ut_line[UT_LINESIZE]; /* Devicename. */
+ char ut_line[UT_LINESIZE]
+ __attribute_nonstring__; /* Devicename. */
char ut_id[4]; /* Inittab ID. */
- char ut_user[UT_NAMESIZE]; /* Username. */
- char ut_host[UT_HOSTSIZE]; /* Hostname for remote login. */
+ char ut_user[UT_NAMESIZE]
+ __attribute_nonstring__; /* Username. */
+ char ut_host[UT_HOSTSIZE]
+ __attribute_nonstring__; /* Hostname for remote login. */
struct exit_status ut_exit; /* Exit status of a process marked
as DEAD_PROCESS. */
/* The ut_session and ut_tv fields must be the same size when compiled

View File

@ -0,0 +1,47 @@
commit 4bae615022cb5a5da79ccda83cc6c9ba9f2d479c
Author: Joseph Myers <joseph@codesourcery.com>
Date: Wed Nov 22 18:44:23 2017 +0000
Avoid use of strlen in getlogin_r (bug 22447).
Building glibc with current mainline GCC fails, among other reasons,
because of an error for use of strlen on the nonstring ut_user field.
This patch changes the problem code in getlogin_r to use __strnlen
instead. It also needs to set the trailing NUL byte of the result
explicitly, because of the case where ut_user does not have such a
trailing NUL byte (but the result should always have one).
Tested for x86_64. Also tested that, in conjunction with
<https://sourceware.org/ml/libc-alpha/2017-11/msg00797.html>, it fixes
the build for arm with mainline GCC.
[BZ #22447]
* sysdeps/unix/getlogin_r.c (__getlogin_r): Use __strnlen not
strlen to compute length of ut_user and set trailing NUL byte of
result explicitly.
---
sysdeps/unix/getlogin_r.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
--- a/sysdeps/unix/getlogin_r.c
+++ b/sysdeps/unix/getlogin_r.c
@@ -83,7 +83,7 @@
if (result == 0)
{
- size_t needed = strlen (ut->ut_user) + 1;
+ size_t needed = __strnlen (ut->ut_user, UT_NAMESIZE) + 1;
if (needed > name_len)
{
@@ -92,7 +92,8 @@
}
else
{
- memcpy (name, ut->ut_user, needed);
+ memcpy (name, ut->ut_user, needed - 1);
+ name[needed - 1] = 0;
result = 0;
}
}

View File

@ -0,0 +1,25 @@
commit e69897bf202e18034cbef26f363bae64de70a196
Author: Paul Eggert <eggert@cs.ucla.edu>
Date: Sun Nov 12 22:00:28 2017 -0800
timezone: pacify GCC -Wstringop-truncation
Problem reported by Martin Sebor in:
https://sourceware.org/ml/libc-alpha/2017-11/msg00336.html
* timezone/zic.c (writezone): Use memcpy, not strncpy.
---
timezone/zic.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/timezone/zic.c
+++ b/timezone/zic.c
@@ -1648,7 +1648,7 @@
#define DO(field) (void) fwrite((void *) tzh.field, \
(size_t) sizeof tzh.field, (size_t) 1, fp)
tzh = tzh0;
- (void) strncpy(tzh.tzh_magic, TZ_MAGIC, sizeof tzh.tzh_magic);
+ memcpy(tzh.tzh_magic, TZ_MAGIC, sizeof tzh.tzh_magic);
tzh.tzh_version[0] = ZIC_VERSION;
convert(eitol(thistypecnt), tzh.tzh_ttisgmtcnt);
convert(eitol(thistypecnt), tzh.tzh_ttisstdcnt);

View File

@ -0,0 +1,73 @@
commit e4043b84c49e1cf9bcf1e8320233343ecc34f8eb
Author: Joseph Myers <joseph@codesourcery.com>
Date: Tue Jun 27 17:12:13 2017 +0000
Fix strftime build with GCC 8.
Building with current GCC mainline fails with:
strftime_l.c: In function '__strftime_internal':
strftime_l.c:719:4: error: macro expands to multiple statements [-Werror=multistatement-macros]
digits = d > width ? d : width; \
^
strftime_l.c:1260:6: note: in expansion of macro 'DO_NUMBER'
DO_NUMBER (1, tp->tm_year + TM_YEAR_BASE);
^~~~~~~~~
strftime_l.c:1259:4: note: some parts of macro expansion are not guarded by this 'else' clause
else
^~~~
In fact this particular instance is harmless; the code looks like:
if (modifier == L_('O'))
goto bad_format;
else
DO_NUMBER (1, tp->tm_year + TM_YEAR_BASE);
and because of the goto, it doesn't matter that part of the expansion
isn't under the "else" conditional. But it's also clearly bad style
to rely on that. This patch changes DO_NUMBER and DO_NUMBER_SPACEPAD
to use do { } while (0) to avoid such problems.
Tested (full testsuite) for x86_64 (GCC 6), and with
build-many-glibcs.py with GCC mainline, in conjunction with my libgcc
patch <https://gcc.gnu.org/ml/gcc-patches/2017-06/msg02032.html>.
* time/strftime_l.c (DO_NUMBER): Define using do { } while (0).
(DO_NUMBER_SPACEPAD): Likewise.
---
time/strftime_l.c | 22 ++++++++++++++++------
1 file changed, 16 insertions(+), 6 deletions(-)
--- a/time/strftime_l.c
+++ b/time/strftime_l.c
@@ -737,12 +737,22 @@
format_char = *f;
switch (format_char)
{
-#define DO_NUMBER(d, v) \
- digits = d > width ? d : width; \
- number_value = v; goto do_number
-#define DO_NUMBER_SPACEPAD(d, v) \
- digits = d > width ? d : width; \
- number_value = v; goto do_number_spacepad
+#define DO_NUMBER(d, v) \
+ do \
+ { \
+ digits = d > width ? d : width; \
+ number_value = v; \
+ goto do_number; \
+ } \
+ while (0)
+#define DO_NUMBER_SPACEPAD(d, v) \
+ do \
+ { \
+ digits = d > width ? d : width; \
+ number_value = v; \
+ goto do_number_spacepad; \
+ } \
+ while (0)
case L_('%'):
if (modifier != 0)

View File

@ -0,0 +1,29 @@
commit 2180fee114b778515b3f560e5ff1e795282e60b0
Author: Steve Ellcey <sellcey@caviumnetworks.com>
Date: Wed Nov 15 08:58:48 2017 -0800
Check length of ifname before copying it into to ifreq structure.
[BZ #22442]
* sysdeps/unix/sysv/linux/if_index.c (__if_nametoindex):
Check if ifname is too long.
---
sysdeps/unix/sysv/linux/if_index.c | 6 ++++++
1 file changed, 6 insertions(+)
--- a/sysdeps/unix/sysv/linux/if_index.c
+++ b/sysdeps/unix/sysv/linux/if_index.c
@@ -44,6 +44,12 @@
if (fd < 0)
return 0;
+ if (strlen (ifname) >= IFNAMSIZ)
+ {
+ __set_errno (ENODEV);
+ return 0;
+ }
+
strncpy (ifr.ifr_name, ifname, sizeof (ifr.ifr_name));
if (__ioctl (fd, SIOCGIFINDEX, &ifr) < 0)
{

View File

@ -0,0 +1,80 @@
commit 7532837d7b03b3ca5b9a63d77a5bd81dd23f3d9c
Author: Martin Sebor <msebor@redhat.com>
Date: Wed Nov 15 17:39:59 2017 -0700
The -Wstringop-truncation option new in GCC 8 detects common misuses
of the strncat and strncpy function that may result in truncating
the copied string before the terminating NUL. To avoid false positive
warnings for correct code that intentionally creates sequences of
characters that aren't guaranteed to be NUL-terminated, arrays that
are intended to store such sequences should be decorated with a new
nonstring attribute. This change add this attribute to Glibc and
uses it to suppress such false positives.
ChangeLog:
* misc/sys/cdefs.h (__attribute_nonstring__): New macro.
* sysdeps/gnu/bits/utmp.h (struct utmp): Use it.
* sysdeps/unix/sysv/linux/s390/bits/utmp.h (struct utmp): Same.
---
misc/sys/cdefs.h | 9 +++++++++
sysdeps/gnu/bits/utmp.h | 9 ++++++---
sysdeps/unix/sysv/linux/s390/bits/utmp.h | 9 ++++++---
3 files changed, 21 insertions(+), 6 deletions(-)
--- a/misc/sys/cdefs.h
+++ b/misc/sys/cdefs.h
@@ -375,6 +375,15 @@
# define __glibc_unlikely(cond) (cond)
#endif
+#if __GNUC_PREREQ (8, 0)
+/* Describes a char array whose address can safely be passed as the first
+ argument to strncpy and strncat, as the char array is not necessarily
+ a NUL-terminated string. */
+# define __attribute_nonstring__ __attribute__ ((__nonstring__))
+#else
+# define __attribute_nonstring__
+#endif
+
#include <bits/wordsize.h>
#if defined __LONG_DOUBLE_MATH_OPTIONAL && defined __NO_LONG_DOUBLE_MATH
--- a/sysdeps/gnu/bits/utmp.h
+++ b/sysdeps/gnu/bits/utmp.h
@@ -59,10 +59,13 @@
{
short int ut_type; /* Type of login. */
pid_t ut_pid; /* Process ID of login process. */
- char ut_line[UT_LINESIZE]; /* Devicename. */
+ char ut_line[UT_LINESIZE]
+ __attribute_nonstring__; /* Devicename. */
char ut_id[4]; /* Inittab ID. */
- char ut_user[UT_NAMESIZE]; /* Username. */
- char ut_host[UT_HOSTSIZE]; /* Hostname for remote login. */
+ char ut_user[UT_NAMESIZE]
+ __attribute_nonstring__; /* Username. */
+ char ut_host[UT_HOSTSIZE]
+ __attribute_nonstring__; /* Hostname for remote login. */
struct exit_status ut_exit; /* Exit status of a process marked
as DEAD_PROCESS. */
/* The ut_session and ut_tv fields must be the same size when compiled
--- a/sysdeps/unix/sysv/linux/s390/bits/utmp.h
+++ b/sysdeps/unix/sysv/linux/s390/bits/utmp.h
@@ -60,10 +60,13 @@
{
short int ut_type; /* Type of login. */
pid_t ut_pid; /* Process ID of login process. */
- char ut_line[UT_LINESIZE]; /* Devicename. */
+ char ut_line[UT_LINESIZE]
+ __attribute_nonstring__; /* Devicename. */
char ut_id[4]; /* Inittab ID. */
- char ut_user[UT_NAMESIZE]; /* Username. */
- char ut_host[UT_HOSTSIZE]; /* Hostname for remote login. */
+ char ut_user[UT_NAMESIZE]
+ __attribute_nonstring__; /* Username. */
+ char ut_host[UT_HOSTSIZE]
+ __attribute_nonstring__; /* Hostname for remote login. */
struct exit_status ut_exit; /* Exit status of a process marked
as DEAD_PROCESS. */
/* The ut_session and ut_tv fields must be the same size when compiled

View File

@ -0,0 +1,47 @@
commit 4bae615022cb5a5da79ccda83cc6c9ba9f2d479c
Author: Joseph Myers <joseph@codesourcery.com>
Date: Wed Nov 22 18:44:23 2017 +0000
Avoid use of strlen in getlogin_r (bug 22447).
Building glibc with current mainline GCC fails, among other reasons,
because of an error for use of strlen on the nonstring ut_user field.
This patch changes the problem code in getlogin_r to use __strnlen
instead. It also needs to set the trailing NUL byte of the result
explicitly, because of the case where ut_user does not have such a
trailing NUL byte (but the result should always have one).
Tested for x86_64. Also tested that, in conjunction with
<https://sourceware.org/ml/libc-alpha/2017-11/msg00797.html>, it fixes
the build for arm with mainline GCC.
[BZ #22447]
* sysdeps/unix/getlogin_r.c (__getlogin_r): Use __strnlen not
strlen to compute length of ut_user and set trailing NUL byte of
result explicitly.
---
sysdeps/unix/getlogin_r.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
--- a/sysdeps/unix/getlogin_r.c
+++ b/sysdeps/unix/getlogin_r.c
@@ -82,7 +82,7 @@
if (result == 0)
{
- size_t needed = strlen (ut->ut_user) + 1;
+ size_t needed = __strnlen (ut->ut_user, UT_NAMESIZE) + 1;
if (needed > name_len)
{
@@ -91,7 +91,8 @@
}
else
{
- memcpy (name, ut->ut_user, needed);
+ memcpy (name, ut->ut_user, needed - 1);
+ name[needed - 1] = 0;
result = 0;
}
}

View File

@ -0,0 +1,25 @@
commit e69897bf202e18034cbef26f363bae64de70a196
Author: Paul Eggert <eggert@cs.ucla.edu>
Date: Sun Nov 12 22:00:28 2017 -0800
timezone: pacify GCC -Wstringop-truncation
Problem reported by Martin Sebor in:
https://sourceware.org/ml/libc-alpha/2017-11/msg00336.html
* timezone/zic.c (writezone): Use memcpy, not strncpy.
---
timezone/zic.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/timezone/zic.c
+++ b/timezone/zic.c
@@ -1695,7 +1695,7 @@
#define DO(field) (void) fwrite((void *) tzh.field, \
(size_t) sizeof tzh.field, (size_t) 1, fp)
tzh = tzh0;
- (void) strncpy(tzh.tzh_magic, TZ_MAGIC, sizeof tzh.tzh_magic);
+ memcpy(tzh.tzh_magic, TZ_MAGIC, sizeof tzh.tzh_magic);
tzh.tzh_version[0] = ZIC_VERSION;
convert(eitol(thistypecnt), tzh.tzh_ttisgmtcnt);
convert(eitol(thistypecnt), tzh.tzh_ttisstdcnt);

View File

@ -0,0 +1,73 @@
commit e4043b84c49e1cf9bcf1e8320233343ecc34f8eb
Author: Joseph Myers <joseph@codesourcery.com>
Date: Tue Jun 27 17:12:13 2017 +0000
Fix strftime build with GCC 8.
Building with current GCC mainline fails with:
strftime_l.c: In function '__strftime_internal':
strftime_l.c:719:4: error: macro expands to multiple statements [-Werror=multistatement-macros]
digits = d > width ? d : width; \
^
strftime_l.c:1260:6: note: in expansion of macro 'DO_NUMBER'
DO_NUMBER (1, tp->tm_year + TM_YEAR_BASE);
^~~~~~~~~
strftime_l.c:1259:4: note: some parts of macro expansion are not guarded by this 'else' clause
else
^~~~
In fact this particular instance is harmless; the code looks like:
if (modifier == L_('O'))
goto bad_format;
else
DO_NUMBER (1, tp->tm_year + TM_YEAR_BASE);
and because of the goto, it doesn't matter that part of the expansion
isn't under the "else" conditional. But it's also clearly bad style
to rely on that. This patch changes DO_NUMBER and DO_NUMBER_SPACEPAD
to use do { } while (0) to avoid such problems.
Tested (full testsuite) for x86_64 (GCC 6), and with
build-many-glibcs.py with GCC mainline, in conjunction with my libgcc
patch <https://gcc.gnu.org/ml/gcc-patches/2017-06/msg02032.html>.
* time/strftime_l.c (DO_NUMBER): Define using do { } while (0).
(DO_NUMBER_SPACEPAD): Likewise.
---
time/strftime_l.c | 22 ++++++++++++++++------
1 file changed, 16 insertions(+), 6 deletions(-)
--- a/time/strftime_l.c
+++ b/time/strftime_l.c
@@ -737,12 +737,22 @@
format_char = *f;
switch (format_char)
{
-#define DO_NUMBER(d, v) \
- digits = d > width ? d : width; \
- number_value = v; goto do_number
-#define DO_NUMBER_SPACEPAD(d, v) \
- digits = d > width ? d : width; \
- number_value = v; goto do_number_spacepad
+#define DO_NUMBER(d, v) \
+ do \
+ { \
+ digits = d > width ? d : width; \
+ number_value = v; \
+ goto do_number; \
+ } \
+ while (0)
+#define DO_NUMBER_SPACEPAD(d, v) \
+ do \
+ { \
+ digits = d > width ? d : width; \
+ number_value = v; \
+ goto do_number_spacepad; \
+ } \
+ while (0)
case L_('%'):
if (modifier != 0)

View File

@ -0,0 +1,29 @@
commit 2180fee114b778515b3f560e5ff1e795282e60b0
Author: Steve Ellcey <sellcey@caviumnetworks.com>
Date: Wed Nov 15 08:58:48 2017 -0800
Check length of ifname before copying it into to ifreq structure.
[BZ #22442]
* sysdeps/unix/sysv/linux/if_index.c (__if_nametoindex):
Check if ifname is too long.
---
sysdeps/unix/sysv/linux/if_index.c | 6 ++++++
1 file changed, 6 insertions(+)
--- a/sysdeps/unix/sysv/linux/if_index.c
+++ b/sysdeps/unix/sysv/linux/if_index.c
@@ -44,6 +44,12 @@
if (fd < 0)
return 0;
+ if (strlen (ifname) >= IFNAMSIZ)
+ {
+ __set_errno (ENODEV);
+ return 0;
+ }
+
strncpy (ifr.ifr_name, ifname, sizeof (ifr.ifr_name));
if (__ioctl (fd, SIOCGIFINDEX, &ifr) < 0)
{

View File

@ -0,0 +1,80 @@
commit 7532837d7b03b3ca5b9a63d77a5bd81dd23f3d9c
Author: Martin Sebor <msebor@redhat.com>
Date: Wed Nov 15 17:39:59 2017 -0700
The -Wstringop-truncation option new in GCC 8 detects common misuses
of the strncat and strncpy function that may result in truncating
the copied string before the terminating NUL. To avoid false positive
warnings for correct code that intentionally creates sequences of
characters that aren't guaranteed to be NUL-terminated, arrays that
are intended to store such sequences should be decorated with a new
nonstring attribute. This change add this attribute to Glibc and
uses it to suppress such false positives.
ChangeLog:
* misc/sys/cdefs.h (__attribute_nonstring__): New macro.
* sysdeps/gnu/bits/utmp.h (struct utmp): Use it.
* sysdeps/unix/sysv/linux/s390/bits/utmp.h (struct utmp): Same.
---
misc/sys/cdefs.h | 9 +++++++++
sysdeps/gnu/bits/utmp.h | 9 ++++++---
sysdeps/unix/sysv/linux/s390/bits/utmp.h | 9 ++++++---
3 files changed, 21 insertions(+), 6 deletions(-)
--- a/misc/sys/cdefs.h
+++ b/misc/sys/cdefs.h
@@ -382,6 +382,15 @@
# define __glibc_unlikely(cond) (cond)
#endif
+#if __GNUC_PREREQ (8, 0)
+/* Describes a char array whose address can safely be passed as the first
+ argument to strncpy and strncat, as the char array is not necessarily
+ a NUL-terminated string. */
+# define __attribute_nonstring__ __attribute__ ((__nonstring__))
+#else
+# define __attribute_nonstring__
+#endif
+
#include <bits/wordsize.h>
#if defined __LONG_DOUBLE_MATH_OPTIONAL && defined __NO_LONG_DOUBLE_MATH
--- a/sysdeps/gnu/bits/utmp.h
+++ b/sysdeps/gnu/bits/utmp.h
@@ -59,10 +59,13 @@
{
short int ut_type; /* Type of login. */
pid_t ut_pid; /* Process ID of login process. */
- char ut_line[UT_LINESIZE]; /* Devicename. */
+ char ut_line[UT_LINESIZE]
+ __attribute_nonstring__; /* Devicename. */
char ut_id[4]; /* Inittab ID. */
- char ut_user[UT_NAMESIZE]; /* Username. */
- char ut_host[UT_HOSTSIZE]; /* Hostname for remote login. */
+ char ut_user[UT_NAMESIZE]
+ __attribute_nonstring__; /* Username. */
+ char ut_host[UT_HOSTSIZE]
+ __attribute_nonstring__; /* Hostname for remote login. */
struct exit_status ut_exit; /* Exit status of a process marked
as DEAD_PROCESS. */
/* The ut_session and ut_tv fields must be the same size when compiled
--- a/sysdeps/unix/sysv/linux/s390/bits/utmp.h
+++ b/sysdeps/unix/sysv/linux/s390/bits/utmp.h
@@ -60,10 +60,13 @@
{
short int ut_type; /* Type of login. */
pid_t ut_pid; /* Process ID of login process. */
- char ut_line[UT_LINESIZE]; /* Devicename. */
+ char ut_line[UT_LINESIZE]
+ __attribute_nonstring__; /* Devicename. */
char ut_id[4]; /* Inittab ID. */
- char ut_user[UT_NAMESIZE]; /* Username. */
- char ut_host[UT_HOSTSIZE]; /* Hostname for remote login. */
+ char ut_user[UT_NAMESIZE]
+ __attribute_nonstring__; /* Username. */
+ char ut_host[UT_HOSTSIZE]
+ __attribute_nonstring__; /* Hostname for remote login. */
struct exit_status ut_exit; /* Exit status of a process marked
as DEAD_PROCESS. */
/* The ut_session and ut_tv fields must be the same size when compiled

View File

@ -0,0 +1,47 @@
commit 4bae615022cb5a5da79ccda83cc6c9ba9f2d479c
Author: Joseph Myers <joseph@codesourcery.com>
Date: Wed Nov 22 18:44:23 2017 +0000
Avoid use of strlen in getlogin_r (bug 22447).
Building glibc with current mainline GCC fails, among other reasons,
because of an error for use of strlen on the nonstring ut_user field.
This patch changes the problem code in getlogin_r to use __strnlen
instead. It also needs to set the trailing NUL byte of the result
explicitly, because of the case where ut_user does not have such a
trailing NUL byte (but the result should always have one).
Tested for x86_64. Also tested that, in conjunction with
<https://sourceware.org/ml/libc-alpha/2017-11/msg00797.html>, it fixes
the build for arm with mainline GCC.
[BZ #22447]
* sysdeps/unix/getlogin_r.c (__getlogin_r): Use __strnlen not
strlen to compute length of ut_user and set trailing NUL byte of
result explicitly.
---
sysdeps/unix/getlogin_r.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
--- a/sysdeps/unix/getlogin_r.c
+++ b/sysdeps/unix/getlogin_r.c
@@ -82,7 +82,7 @@
if (result == 0)
{
- size_t needed = strlen (ut->ut_user) + 1;
+ size_t needed = __strnlen (ut->ut_user, UT_NAMESIZE) + 1;
if (needed > name_len)
{
@@ -91,7 +91,8 @@
}
else
{
- memcpy (name, ut->ut_user, needed);
+ memcpy (name, ut->ut_user, needed - 1);
+ name[needed - 1] = 0;
result = 0;
}
}

View File

@ -0,0 +1,25 @@
commit e69897bf202e18034cbef26f363bae64de70a196
Author: Paul Eggert <eggert@cs.ucla.edu>
Date: Sun Nov 12 22:00:28 2017 -0800
timezone: pacify GCC -Wstringop-truncation
Problem reported by Martin Sebor in:
https://sourceware.org/ml/libc-alpha/2017-11/msg00336.html
* timezone/zic.c (writezone): Use memcpy, not strncpy.
---
timezone/zic.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/timezone/zic.c
+++ b/timezone/zic.c
@@ -1609,7 +1609,7 @@
}
#define DO(field) ((void) fwrite(tzh.field, sizeof tzh.field, 1, fp))
tzh = tzh0;
- (void) strncpy(tzh.tzh_magic, TZ_MAGIC, sizeof tzh.tzh_magic);
+ memcpy(tzh.tzh_magic, TZ_MAGIC, sizeof tzh.tzh_magic);
tzh.tzh_version[0] = ZIC_VERSION;
convert(eitol(thistypecnt), tzh.tzh_ttisgmtcnt);
convert(eitol(thistypecnt), tzh.tzh_ttisstdcnt);

View File

@ -0,0 +1,73 @@
commit e4043b84c49e1cf9bcf1e8320233343ecc34f8eb
Author: Joseph Myers <joseph@codesourcery.com>
Date: Tue Jun 27 17:12:13 2017 +0000
Fix strftime build with GCC 8.
Building with current GCC mainline fails with:
strftime_l.c: In function '__strftime_internal':
strftime_l.c:719:4: error: macro expands to multiple statements [-Werror=multistatement-macros]
digits = d > width ? d : width; \
^
strftime_l.c:1260:6: note: in expansion of macro 'DO_NUMBER'
DO_NUMBER (1, tp->tm_year + TM_YEAR_BASE);
^~~~~~~~~
strftime_l.c:1259:4: note: some parts of macro expansion are not guarded by this 'else' clause
else
^~~~
In fact this particular instance is harmless; the code looks like:
if (modifier == L_('O'))
goto bad_format;
else
DO_NUMBER (1, tp->tm_year + TM_YEAR_BASE);
and because of the goto, it doesn't matter that part of the expansion
isn't under the "else" conditional. But it's also clearly bad style
to rely on that. This patch changes DO_NUMBER and DO_NUMBER_SPACEPAD
to use do { } while (0) to avoid such problems.
Tested (full testsuite) for x86_64 (GCC 6), and with
build-many-glibcs.py with GCC mainline, in conjunction with my libgcc
patch <https://gcc.gnu.org/ml/gcc-patches/2017-06/msg02032.html>.
* time/strftime_l.c (DO_NUMBER): Define using do { } while (0).
(DO_NUMBER_SPACEPAD): Likewise.
---
time/strftime_l.c | 22 ++++++++++++++++------
1 file changed, 16 insertions(+), 6 deletions(-)
--- a/time/strftime_l.c
+++ b/time/strftime_l.c
@@ -737,12 +737,22 @@
format_char = *f;
switch (format_char)
{
-#define DO_NUMBER(d, v) \
- digits = d > width ? d : width; \
- number_value = v; goto do_number
-#define DO_NUMBER_SPACEPAD(d, v) \
- digits = d > width ? d : width; \
- number_value = v; goto do_number_spacepad
+#define DO_NUMBER(d, v) \
+ do \
+ { \
+ digits = d > width ? d : width; \
+ number_value = v; \
+ goto do_number; \
+ } \
+ while (0)
+#define DO_NUMBER_SPACEPAD(d, v) \
+ do \
+ { \
+ digits = d > width ? d : width; \
+ number_value = v; \
+ goto do_number_spacepad; \
+ } \
+ while (0)
case L_('%'):
if (modifier != 0)

View File

@ -0,0 +1,29 @@
commit 2180fee114b778515b3f560e5ff1e795282e60b0
Author: Steve Ellcey <sellcey@caviumnetworks.com>
Date: Wed Nov 15 08:58:48 2017 -0800
Check length of ifname before copying it into to ifreq structure.
[BZ #22442]
* sysdeps/unix/sysv/linux/if_index.c (__if_nametoindex):
Check if ifname is too long.
---
sysdeps/unix/sysv/linux/if_index.c | 6 ++++++
1 file changed, 6 insertions(+)
--- a/sysdeps/unix/sysv/linux/if_index.c
+++ b/sysdeps/unix/sysv/linux/if_index.c
@@ -44,6 +44,12 @@
if (fd < 0)
return 0;
+ if (strlen (ifname) >= IFNAMSIZ)
+ {
+ __set_errno (ENODEV);
+ return 0;
+ }
+
strncpy (ifr.ifr_name, ifname, sizeof (ifr.ifr_name));
if (__ioctl (fd, SIOCGIFINDEX, &ifr) < 0)
{

View File

@ -0,0 +1,80 @@
commit 7532837d7b03b3ca5b9a63d77a5bd81dd23f3d9c
Author: Martin Sebor <msebor@redhat.com>
Date: Wed Nov 15 17:39:59 2017 -0700
The -Wstringop-truncation option new in GCC 8 detects common misuses
of the strncat and strncpy function that may result in truncating
the copied string before the terminating NUL. To avoid false positive
warnings for correct code that intentionally creates sequences of
characters that aren't guaranteed to be NUL-terminated, arrays that
are intended to store such sequences should be decorated with a new
nonstring attribute. This change add this attribute to Glibc and
uses it to suppress such false positives.
ChangeLog:
* misc/sys/cdefs.h (__attribute_nonstring__): New macro.
* sysdeps/gnu/bits/utmp.h (struct utmp): Use it.
* sysdeps/unix/sysv/linux/s390/bits/utmp.h (struct utmp): Same.
---
misc/sys/cdefs.h | 9 +++++++++
sysdeps/gnu/bits/utmp.h | 9 ++++++---
sysdeps/unix/sysv/linux/s390/bits/utmp.h | 9 ++++++---
3 files changed, 21 insertions(+), 6 deletions(-)
--- a/misc/sys/cdefs.h
+++ b/misc/sys/cdefs.h
@@ -382,6 +382,15 @@
# define __glibc_likely(cond) (cond)
#endif
+#if __GNUC_PREREQ (8, 0)
+/* Describes a char array whose address can safely be passed as the first
+ argument to strncpy and strncat, as the char array is not necessarily
+ a NUL-terminated string. */
+# define __attribute_nonstring__ __attribute__ ((__nonstring__))
+#else
+# define __attribute_nonstring__
+#endif
+
#include <bits/wordsize.h>
#if defined __LONG_DOUBLE_MATH_OPTIONAL && defined __NO_LONG_DOUBLE_MATH
--- a/sysdeps/gnu/bits/utmp.h
+++ b/sysdeps/gnu/bits/utmp.h
@@ -59,10 +59,13 @@
{
short int ut_type; /* Type of login. */
pid_t ut_pid; /* Process ID of login process. */
- char ut_line[UT_LINESIZE]; /* Devicename. */
+ char ut_line[UT_LINESIZE]
+ __attribute_nonstring__; /* Devicename. */
char ut_id[4]; /* Inittab ID. */
- char ut_user[UT_NAMESIZE]; /* Username. */
- char ut_host[UT_HOSTSIZE]; /* Hostname for remote login. */
+ char ut_user[UT_NAMESIZE]
+ __attribute_nonstring__; /* Username. */
+ char ut_host[UT_HOSTSIZE]
+ __attribute_nonstring__; /* Hostname for remote login. */
struct exit_status ut_exit; /* Exit status of a process marked
as DEAD_PROCESS. */
/* The ut_session and ut_tv fields must be the same size when compiled
--- a/sysdeps/unix/sysv/linux/s390/bits/utmp.h
+++ b/sysdeps/unix/sysv/linux/s390/bits/utmp.h
@@ -59,10 +59,13 @@
{
short int ut_type; /* Type of login. */
pid_t ut_pid; /* Process ID of login process. */
- char ut_line[UT_LINESIZE]; /* Devicename. */
+ char ut_line[UT_LINESIZE]
+ __attribute_nonstring__; /* Devicename. */
char ut_id[4]; /* Inittab ID. */
- char ut_user[UT_NAMESIZE]; /* Username. */
- char ut_host[UT_HOSTSIZE]; /* Hostname for remote login. */
+ char ut_user[UT_NAMESIZE]
+ __attribute_nonstring__; /* Username. */
+ char ut_host[UT_HOSTSIZE]
+ __attribute_nonstring__; /* Hostname for remote login. */
struct exit_status ut_exit; /* Exit status of a process marked
as DEAD_PROCESS. */
/* The ut_session and ut_tv fields must be the same size when compiled

View File

@ -0,0 +1,47 @@
commit 4bae615022cb5a5da79ccda83cc6c9ba9f2d479c
Author: Joseph Myers <joseph@codesourcery.com>
Date: Wed Nov 22 18:44:23 2017 +0000
Avoid use of strlen in getlogin_r (bug 22447).
Building glibc with current mainline GCC fails, among other reasons,
because of an error for use of strlen on the nonstring ut_user field.
This patch changes the problem code in getlogin_r to use __strnlen
instead. It also needs to set the trailing NUL byte of the result
explicitly, because of the case where ut_user does not have such a
trailing NUL byte (but the result should always have one).
Tested for x86_64. Also tested that, in conjunction with
<https://sourceware.org/ml/libc-alpha/2017-11/msg00797.html>, it fixes
the build for arm with mainline GCC.
[BZ #22447]
* sysdeps/unix/getlogin_r.c (__getlogin_r): Use __strnlen not
strlen to compute length of ut_user and set trailing NUL byte of
result explicitly.
---
sysdeps/unix/getlogin_r.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
--- a/sysdeps/unix/getlogin_r.c
+++ b/sysdeps/unix/getlogin_r.c
@@ -82,7 +82,7 @@
if (result == 0)
{
- size_t needed = strlen (ut->ut_user) + 1;
+ size_t needed = __strnlen (ut->ut_user, UT_NAMESIZE) + 1;
if (needed > name_len)
{
@@ -91,7 +91,8 @@
}
else
{
- memcpy (name, ut->ut_user, needed);
+ memcpy (name, ut->ut_user, needed - 1);
+ name[needed - 1] = 0;
result = 0;
}
}

View File

@ -0,0 +1,25 @@
commit e69897bf202e18034cbef26f363bae64de70a196
Author: Paul Eggert <eggert@cs.ucla.edu>
Date: Sun Nov 12 22:00:28 2017 -0800
timezone: pacify GCC -Wstringop-truncation
Problem reported by Martin Sebor in:
https://sourceware.org/ml/libc-alpha/2017-11/msg00336.html
* timezone/zic.c (writezone): Use memcpy, not strncpy.
---
timezone/zic.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/timezone/zic.c
+++ b/timezone/zic.c
@@ -1609,7 +1609,7 @@
}
#define DO(field) ((void) fwrite(tzh.field, sizeof tzh.field, 1, fp))
tzh = tzh0;
- (void) strncpy(tzh.tzh_magic, TZ_MAGIC, sizeof tzh.tzh_magic);
+ memcpy(tzh.tzh_magic, TZ_MAGIC, sizeof tzh.tzh_magic);
tzh.tzh_version[0] = ZIC_VERSION;
convert(eitol(thistypecnt), tzh.tzh_ttisgmtcnt);
convert(eitol(thistypecnt), tzh.tzh_ttisstdcnt);

View File

@ -0,0 +1,73 @@
commit e4043b84c49e1cf9bcf1e8320233343ecc34f8eb
Author: Joseph Myers <joseph@codesourcery.com>
Date: Tue Jun 27 17:12:13 2017 +0000
Fix strftime build with GCC 8.
Building with current GCC mainline fails with:
strftime_l.c: In function '__strftime_internal':
strftime_l.c:719:4: error: macro expands to multiple statements [-Werror=multistatement-macros]
digits = d > width ? d : width; \
^
strftime_l.c:1260:6: note: in expansion of macro 'DO_NUMBER'
DO_NUMBER (1, tp->tm_year + TM_YEAR_BASE);
^~~~~~~~~
strftime_l.c:1259:4: note: some parts of macro expansion are not guarded by this 'else' clause
else
^~~~
In fact this particular instance is harmless; the code looks like:
if (modifier == L_('O'))
goto bad_format;
else
DO_NUMBER (1, tp->tm_year + TM_YEAR_BASE);
and because of the goto, it doesn't matter that part of the expansion
isn't under the "else" conditional. But it's also clearly bad style
to rely on that. This patch changes DO_NUMBER and DO_NUMBER_SPACEPAD
to use do { } while (0) to avoid such problems.
Tested (full testsuite) for x86_64 (GCC 6), and with
build-many-glibcs.py with GCC mainline, in conjunction with my libgcc
patch <https://gcc.gnu.org/ml/gcc-patches/2017-06/msg02032.html>.
* time/strftime_l.c (DO_NUMBER): Define using do { } while (0).
(DO_NUMBER_SPACEPAD): Likewise.
---
time/strftime_l.c | 22 ++++++++++++++++------
1 file changed, 16 insertions(+), 6 deletions(-)
--- a/time/strftime_l.c
+++ b/time/strftime_l.c
@@ -737,12 +737,22 @@
format_char = *f;
switch (format_char)
{
-#define DO_NUMBER(d, v) \
- digits = d > width ? d : width; \
- number_value = v; goto do_number
-#define DO_NUMBER_SPACEPAD(d, v) \
- digits = d > width ? d : width; \
- number_value = v; goto do_number_spacepad
+#define DO_NUMBER(d, v) \
+ do \
+ { \
+ digits = d > width ? d : width; \
+ number_value = v; \
+ goto do_number; \
+ } \
+ while (0)
+#define DO_NUMBER_SPACEPAD(d, v) \
+ do \
+ { \
+ digits = d > width ? d : width; \
+ number_value = v; \
+ goto do_number_spacepad; \
+ } \
+ while (0)
case L_('%'):
if (modifier != 0)

View File

@ -0,0 +1,29 @@
commit 2180fee114b778515b3f560e5ff1e795282e60b0
Author: Steve Ellcey <sellcey@caviumnetworks.com>
Date: Wed Nov 15 08:58:48 2017 -0800
Check length of ifname before copying it into to ifreq structure.
[BZ #22442]
* sysdeps/unix/sysv/linux/if_index.c (__if_nametoindex):
Check if ifname is too long.
---
sysdeps/unix/sysv/linux/if_index.c | 6 ++++++
1 file changed, 6 insertions(+)
--- a/sysdeps/unix/sysv/linux/if_index.c
+++ b/sysdeps/unix/sysv/linux/if_index.c
@@ -44,6 +44,12 @@
if (fd < 0)
return 0;
+ if (strlen (ifname) >= IFNAMSIZ)
+ {
+ __set_errno (ENODEV);
+ return 0;
+ }
+
strncpy (ifr.ifr_name, ifname, sizeof (ifr.ifr_name));
if (__ioctl (fd, SIOCGIFINDEX, &ifr) < 0)
{

View File

@ -0,0 +1,80 @@
commit 7532837d7b03b3ca5b9a63d77a5bd81dd23f3d9c
Author: Martin Sebor <msebor@redhat.com>
Date: Wed Nov 15 17:39:59 2017 -0700
The -Wstringop-truncation option new in GCC 8 detects common misuses
of the strncat and strncpy function that may result in truncating
the copied string before the terminating NUL. To avoid false positive
warnings for correct code that intentionally creates sequences of
characters that aren't guaranteed to be NUL-terminated, arrays that
are intended to store such sequences should be decorated with a new
nonstring attribute. This change add this attribute to Glibc and
uses it to suppress such false positives.
ChangeLog:
* misc/sys/cdefs.h (__attribute_nonstring__): New macro.
* sysdeps/gnu/bits/utmp.h (struct utmp): Use it.
* sysdeps/unix/sysv/linux/s390/bits/utmp.h (struct utmp): Same.
---
misc/sys/cdefs.h | 9 +++++++++
sysdeps/gnu/bits/utmp.h | 9 ++++++---
sysdeps/unix/sysv/linux/s390/bits/utmp.h | 9 ++++++---
3 files changed, 21 insertions(+), 6 deletions(-)
--- a/misc/sys/cdefs.h
+++ b/misc/sys/cdefs.h
@@ -382,6 +382,15 @@
# define __glibc_likely(cond) (cond)
#endif
+#if __GNUC_PREREQ (8, 0)
+/* Describes a char array whose address can safely be passed as the first
+ argument to strncpy and strncat, as the char array is not necessarily
+ a NUL-terminated string. */
+# define __attribute_nonstring__ __attribute__ ((__nonstring__))
+#else
+# define __attribute_nonstring__
+#endif
+
#include <bits/wordsize.h>
#if defined __LONG_DOUBLE_MATH_OPTIONAL && defined __NO_LONG_DOUBLE_MATH
--- a/sysdeps/gnu/bits/utmp.h
+++ b/sysdeps/gnu/bits/utmp.h
@@ -59,10 +59,13 @@
{
short int ut_type; /* Type of login. */
pid_t ut_pid; /* Process ID of login process. */
- char ut_line[UT_LINESIZE]; /* Devicename. */
+ char ut_line[UT_LINESIZE]
+ __attribute_nonstring__; /* Devicename. */
char ut_id[4]; /* Inittab ID. */
- char ut_user[UT_NAMESIZE]; /* Username. */
- char ut_host[UT_HOSTSIZE]; /* Hostname for remote login. */
+ char ut_user[UT_NAMESIZE]
+ __attribute_nonstring__; /* Username. */
+ char ut_host[UT_HOSTSIZE]
+ __attribute_nonstring__; /* Hostname for remote login. */
struct exit_status ut_exit; /* Exit status of a process marked
as DEAD_PROCESS. */
/* The ut_session and ut_tv fields must be the same size when compiled
--- a/sysdeps/unix/sysv/linux/s390/bits/utmp.h
+++ b/sysdeps/unix/sysv/linux/s390/bits/utmp.h
@@ -59,10 +59,13 @@
{
short int ut_type; /* Type of login. */
pid_t ut_pid; /* Process ID of login process. */
- char ut_line[UT_LINESIZE]; /* Devicename. */
+ char ut_line[UT_LINESIZE]
+ __attribute_nonstring__; /* Devicename. */
char ut_id[4]; /* Inittab ID. */
- char ut_user[UT_NAMESIZE]; /* Username. */
- char ut_host[UT_HOSTSIZE]; /* Hostname for remote login. */
+ char ut_user[UT_NAMESIZE]
+ __attribute_nonstring__; /* Username. */
+ char ut_host[UT_HOSTSIZE]
+ __attribute_nonstring__; /* Hostname for remote login. */
struct exit_status ut_exit; /* Exit status of a process marked
as DEAD_PROCESS. */
/* The ut_session and ut_tv fields must be the same size when compiled

View File

@ -0,0 +1,47 @@
commit 4bae615022cb5a5da79ccda83cc6c9ba9f2d479c
Author: Joseph Myers <joseph@codesourcery.com>
Date: Wed Nov 22 18:44:23 2017 +0000
Avoid use of strlen in getlogin_r (bug 22447).
Building glibc with current mainline GCC fails, among other reasons,
because of an error for use of strlen on the nonstring ut_user field.
This patch changes the problem code in getlogin_r to use __strnlen
instead. It also needs to set the trailing NUL byte of the result
explicitly, because of the case where ut_user does not have such a
trailing NUL byte (but the result should always have one).
Tested for x86_64. Also tested that, in conjunction with
<https://sourceware.org/ml/libc-alpha/2017-11/msg00797.html>, it fixes
the build for arm with mainline GCC.
[BZ #22447]
* sysdeps/unix/getlogin_r.c (__getlogin_r): Use __strnlen not
strlen to compute length of ut_user and set trailing NUL byte of
result explicitly.
---
sysdeps/unix/getlogin_r.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
--- a/sysdeps/unix/getlogin_r.c
+++ b/sysdeps/unix/getlogin_r.c
@@ -82,7 +82,7 @@
if (result == 0)
{
- size_t needed = strlen (ut->ut_user) + 1;
+ size_t needed = __strnlen (ut->ut_user, UT_NAMESIZE) + 1;
if (needed > name_len)
{
@@ -91,7 +91,8 @@
}
else
{
- memcpy (name, ut->ut_user, needed);
+ memcpy (name, ut->ut_user, needed - 1);
+ name[needed - 1] = 0;
result = 0;
}
}

View File

@ -0,0 +1,25 @@
commit e69897bf202e18034cbef26f363bae64de70a196
Author: Paul Eggert <eggert@cs.ucla.edu>
Date: Sun Nov 12 22:00:28 2017 -0800
timezone: pacify GCC -Wstringop-truncation
Problem reported by Martin Sebor in:
https://sourceware.org/ml/libc-alpha/2017-11/msg00336.html
* timezone/zic.c (writezone): Use memcpy, not strncpy.
---
timezone/zic.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/timezone/zic.c
+++ b/timezone/zic.c
@@ -1676,7 +1676,7 @@
}
#define DO(field) ((void) fwrite(tzh.field, sizeof tzh.field, 1, fp))
tzh = tzh0;
- (void) strncpy(tzh.tzh_magic, TZ_MAGIC, sizeof tzh.tzh_magic);
+ memcpy(tzh.tzh_magic, TZ_MAGIC, sizeof tzh.tzh_magic);
tzh.tzh_version[0] = version;
convert(thistypecnt, tzh.tzh_ttisgmtcnt);
convert(thistypecnt, tzh.tzh_ttisstdcnt);

View File

@ -0,0 +1,73 @@
commit e4043b84c49e1cf9bcf1e8320233343ecc34f8eb
Author: Joseph Myers <joseph@codesourcery.com>
Date: Tue Jun 27 17:12:13 2017 +0000
Fix strftime build with GCC 8.
Building with current GCC mainline fails with:
strftime_l.c: In function '__strftime_internal':
strftime_l.c:719:4: error: macro expands to multiple statements [-Werror=multistatement-macros]
digits = d > width ? d : width; \
^
strftime_l.c:1260:6: note: in expansion of macro 'DO_NUMBER'
DO_NUMBER (1, tp->tm_year + TM_YEAR_BASE);
^~~~~~~~~
strftime_l.c:1259:4: note: some parts of macro expansion are not guarded by this 'else' clause
else
^~~~
In fact this particular instance is harmless; the code looks like:
if (modifier == L_('O'))
goto bad_format;
else
DO_NUMBER (1, tp->tm_year + TM_YEAR_BASE);
and because of the goto, it doesn't matter that part of the expansion
isn't under the "else" conditional. But it's also clearly bad style
to rely on that. This patch changes DO_NUMBER and DO_NUMBER_SPACEPAD
to use do { } while (0) to avoid such problems.
Tested (full testsuite) for x86_64 (GCC 6), and with
build-many-glibcs.py with GCC mainline, in conjunction with my libgcc
patch <https://gcc.gnu.org/ml/gcc-patches/2017-06/msg02032.html>.
* time/strftime_l.c (DO_NUMBER): Define using do { } while (0).
(DO_NUMBER_SPACEPAD): Likewise.
---
time/strftime_l.c | 22 ++++++++++++++++------
1 file changed, 16 insertions(+), 6 deletions(-)
--- a/time/strftime_l.c
+++ b/time/strftime_l.c
@@ -738,12 +738,22 @@
format_char = *f;
switch (format_char)
{
-#define DO_NUMBER(d, v) \
- digits = d > width ? d : width; \
- number_value = v; goto do_number
-#define DO_NUMBER_SPACEPAD(d, v) \
- digits = d > width ? d : width; \
- number_value = v; goto do_number_spacepad
+#define DO_NUMBER(d, v) \
+ do \
+ { \
+ digits = d > width ? d : width; \
+ number_value = v; \
+ goto do_number; \
+ } \
+ while (0)
+#define DO_NUMBER_SPACEPAD(d, v) \
+ do \
+ { \
+ digits = d > width ? d : width; \
+ number_value = v; \
+ goto do_number_spacepad; \
+ } \
+ while (0)
case L_('%'):
if (modifier != 0)

View File

@ -0,0 +1,29 @@
commit 2180fee114b778515b3f560e5ff1e795282e60b0
Author: Steve Ellcey <sellcey@caviumnetworks.com>
Date: Wed Nov 15 08:58:48 2017 -0800
Check length of ifname before copying it into to ifreq structure.
[BZ #22442]
* sysdeps/unix/sysv/linux/if_index.c (__if_nametoindex):
Check if ifname is too long.
---
sysdeps/unix/sysv/linux/if_index.c | 6 ++++++
1 file changed, 6 insertions(+)
--- a/sysdeps/unix/sysv/linux/if_index.c
+++ b/sysdeps/unix/sysv/linux/if_index.c
@@ -43,6 +43,12 @@
if (fd < 0)
return 0;
+ if (strlen (ifname) >= IFNAMSIZ)
+ {
+ __set_errno (ENODEV);
+ return 0;
+ }
+
strncpy (ifr.ifr_name, ifname, sizeof (ifr.ifr_name));
if (__ioctl (fd, SIOCGIFINDEX, &ifr) < 0)
{

View File

@ -0,0 +1,80 @@
commit 7532837d7b03b3ca5b9a63d77a5bd81dd23f3d9c
Author: Martin Sebor <msebor@redhat.com>
Date: Wed Nov 15 17:39:59 2017 -0700
The -Wstringop-truncation option new in GCC 8 detects common misuses
of the strncat and strncpy function that may result in truncating
the copied string before the terminating NUL. To avoid false positive
warnings for correct code that intentionally creates sequences of
characters that aren't guaranteed to be NUL-terminated, arrays that
are intended to store such sequences should be decorated with a new
nonstring attribute. This change add this attribute to Glibc and
uses it to suppress such false positives.
ChangeLog:
* misc/sys/cdefs.h (__attribute_nonstring__): New macro.
* sysdeps/gnu/bits/utmp.h (struct utmp): Use it.
* sysdeps/unix/sysv/linux/s390/bits/utmp.h (struct utmp): Same.
---
misc/sys/cdefs.h | 9 +++++++++
sysdeps/gnu/bits/utmp.h | 9 ++++++---
sysdeps/unix/sysv/linux/s390/bits/utmp.h | 9 ++++++---
3 files changed, 21 insertions(+), 6 deletions(-)
--- a/misc/sys/cdefs.h
+++ b/misc/sys/cdefs.h
@@ -392,6 +392,15 @@
# endif
#endif
+#if __GNUC_PREREQ (8, 0)
+/* Describes a char array whose address can safely be passed as the first
+ argument to strncpy and strncat, as the char array is not necessarily
+ a NUL-terminated string. */
+# define __attribute_nonstring__ __attribute__ ((__nonstring__))
+#else
+# define __attribute_nonstring__
+#endif
+
#include <bits/wordsize.h>
#if defined __LONG_DOUBLE_MATH_OPTIONAL && defined __NO_LONG_DOUBLE_MATH
--- a/sysdeps/gnu/bits/utmp.h
+++ b/sysdeps/gnu/bits/utmp.h
@@ -59,10 +59,13 @@
{
short int ut_type; /* Type of login. */
pid_t ut_pid; /* Process ID of login process. */
- char ut_line[UT_LINESIZE]; /* Devicename. */
+ char ut_line[UT_LINESIZE]
+ __attribute_nonstring__; /* Devicename. */
char ut_id[4]; /* Inittab ID. */
- char ut_user[UT_NAMESIZE]; /* Username. */
- char ut_host[UT_HOSTSIZE]; /* Hostname for remote login. */
+ char ut_user[UT_NAMESIZE]
+ __attribute_nonstring__; /* Username. */
+ char ut_host[UT_HOSTSIZE]
+ __attribute_nonstring__; /* Hostname for remote login. */
struct exit_status ut_exit; /* Exit status of a process marked
as DEAD_PROCESS. */
/* The ut_session and ut_tv fields must be the same size when compiled
--- a/sysdeps/unix/sysv/linux/s390/bits/utmp.h
+++ b/sysdeps/unix/sysv/linux/s390/bits/utmp.h
@@ -59,10 +59,13 @@
{
short int ut_type; /* Type of login. */
pid_t ut_pid; /* Process ID of login process. */
- char ut_line[UT_LINESIZE]; /* Devicename. */
+ char ut_line[UT_LINESIZE]
+ __attribute_nonstring__; /* Devicename. */
char ut_id[4]; /* Inittab ID. */
- char ut_user[UT_NAMESIZE]; /* Username. */
- char ut_host[UT_HOSTSIZE]; /* Hostname for remote login. */
+ char ut_user[UT_NAMESIZE]
+ __attribute_nonstring__; /* Username. */
+ char ut_host[UT_HOSTSIZE]
+ __attribute_nonstring__; /* Hostname for remote login. */
struct exit_status ut_exit; /* Exit status of a process marked
as DEAD_PROCESS. */
/* The ut_session and ut_tv fields must be the same size when compiled

View File

@ -0,0 +1,47 @@
commit 4bae615022cb5a5da79ccda83cc6c9ba9f2d479c
Author: Joseph Myers <joseph@codesourcery.com>
Date: Wed Nov 22 18:44:23 2017 +0000
Avoid use of strlen in getlogin_r (bug 22447).
Building glibc with current mainline GCC fails, among other reasons,
because of an error for use of strlen on the nonstring ut_user field.
This patch changes the problem code in getlogin_r to use __strnlen
instead. It also needs to set the trailing NUL byte of the result
explicitly, because of the case where ut_user does not have such a
trailing NUL byte (but the result should always have one).
Tested for x86_64. Also tested that, in conjunction with
<https://sourceware.org/ml/libc-alpha/2017-11/msg00797.html>, it fixes
the build for arm with mainline GCC.
[BZ #22447]
* sysdeps/unix/getlogin_r.c (__getlogin_r): Use __strnlen not
strlen to compute length of ut_user and set trailing NUL byte of
result explicitly.
---
sysdeps/unix/getlogin_r.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
--- a/sysdeps/unix/getlogin_r.c
+++ b/sysdeps/unix/getlogin_r.c
@@ -82,7 +82,7 @@
if (result == 0)
{
- size_t needed = strlen (ut->ut_user) + 1;
+ size_t needed = __strnlen (ut->ut_user, UT_NAMESIZE) + 1;
if (needed > name_len)
{
@@ -91,7 +91,8 @@
}
else
{
- memcpy (name, ut->ut_user, needed);
+ memcpy (name, ut->ut_user, needed - 1);
+ name[needed - 1] = 0;
result = 0;
}
}

View File

@ -0,0 +1,25 @@
commit e69897bf202e18034cbef26f363bae64de70a196
Author: Paul Eggert <eggert@cs.ucla.edu>
Date: Sun Nov 12 22:00:28 2017 -0800
timezone: pacify GCC -Wstringop-truncation
Problem reported by Martin Sebor in:
https://sourceware.org/ml/libc-alpha/2017-11/msg00336.html
* timezone/zic.c (writezone): Use memcpy, not strncpy.
---
timezone/zic.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/timezone/zic.c
+++ b/timezone/zic.c
@@ -1713,7 +1713,7 @@
}
#define DO(field) ((void) fwrite(tzh.field, sizeof tzh.field, 1, fp))
tzh = tzh0;
- (void) strncpy(tzh.tzh_magic, TZ_MAGIC, sizeof tzh.tzh_magic);
+ memcpy(tzh.tzh_magic, TZ_MAGIC, sizeof tzh.tzh_magic);
tzh.tzh_version[0] = version;
convert(thistypecnt, tzh.tzh_ttisgmtcnt);
convert(thistypecnt, tzh.tzh_ttisstdcnt);

View File

@ -0,0 +1,73 @@
commit e4043b84c49e1cf9bcf1e8320233343ecc34f8eb
Author: Joseph Myers <joseph@codesourcery.com>
Date: Tue Jun 27 17:12:13 2017 +0000
Fix strftime build with GCC 8.
Building with current GCC mainline fails with:
strftime_l.c: In function '__strftime_internal':
strftime_l.c:719:4: error: macro expands to multiple statements [-Werror=multistatement-macros]
digits = d > width ? d : width; \
^
strftime_l.c:1260:6: note: in expansion of macro 'DO_NUMBER'
DO_NUMBER (1, tp->tm_year + TM_YEAR_BASE);
^~~~~~~~~
strftime_l.c:1259:4: note: some parts of macro expansion are not guarded by this 'else' clause
else
^~~~
In fact this particular instance is harmless; the code looks like:
if (modifier == L_('O'))
goto bad_format;
else
DO_NUMBER (1, tp->tm_year + TM_YEAR_BASE);
and because of the goto, it doesn't matter that part of the expansion
isn't under the "else" conditional. But it's also clearly bad style
to rely on that. This patch changes DO_NUMBER and DO_NUMBER_SPACEPAD
to use do { } while (0) to avoid such problems.
Tested (full testsuite) for x86_64 (GCC 6), and with
build-many-glibcs.py with GCC mainline, in conjunction with my libgcc
patch <https://gcc.gnu.org/ml/gcc-patches/2017-06/msg02032.html>.
* time/strftime_l.c (DO_NUMBER): Define using do { } while (0).
(DO_NUMBER_SPACEPAD): Likewise.
---
time/strftime_l.c | 22 ++++++++++++++++------
1 file changed, 16 insertions(+), 6 deletions(-)
--- a/time/strftime_l.c
+++ b/time/strftime_l.c
@@ -738,12 +738,22 @@
format_char = *f;
switch (format_char)
{
-#define DO_NUMBER(d, v) \
- digits = d > width ? d : width; \
- number_value = v; goto do_number
-#define DO_NUMBER_SPACEPAD(d, v) \
- digits = d > width ? d : width; \
- number_value = v; goto do_number_spacepad
+#define DO_NUMBER(d, v) \
+ do \
+ { \
+ digits = d > width ? d : width; \
+ number_value = v; \
+ goto do_number; \
+ } \
+ while (0)
+#define DO_NUMBER_SPACEPAD(d, v) \
+ do \
+ { \
+ digits = d > width ? d : width; \
+ number_value = v; \
+ goto do_number_spacepad; \
+ } \
+ while (0)
case L_('%'):
if (modifier != 0)

View File

@ -0,0 +1,29 @@
commit 2180fee114b778515b3f560e5ff1e795282e60b0
Author: Steve Ellcey <sellcey@caviumnetworks.com>
Date: Wed Nov 15 08:58:48 2017 -0800
Check length of ifname before copying it into to ifreq structure.
[BZ #22442]
* sysdeps/unix/sysv/linux/if_index.c (__if_nametoindex):
Check if ifname is too long.
---
sysdeps/unix/sysv/linux/if_index.c | 6 ++++++
1 file changed, 6 insertions(+)
--- a/sysdeps/unix/sysv/linux/if_index.c
+++ b/sysdeps/unix/sysv/linux/if_index.c
@@ -43,6 +43,12 @@
if (fd < 0)
return 0;
+ if (strlen (ifname) >= IFNAMSIZ)
+ {
+ __set_errno (ENODEV);
+ return 0;
+ }
+
strncpy (ifr.ifr_name, ifname, sizeof (ifr.ifr_name));
if (__ioctl (fd, SIOCGIFINDEX, &ifr) < 0)
{

View File

@ -0,0 +1,80 @@
commit 7532837d7b03b3ca5b9a63d77a5bd81dd23f3d9c
Author: Martin Sebor <msebor@redhat.com>
Date: Wed Nov 15 17:39:59 2017 -0700
The -Wstringop-truncation option new in GCC 8 detects common misuses
of the strncat and strncpy function that may result in truncating
the copied string before the terminating NUL. To avoid false positive
warnings for correct code that intentionally creates sequences of
characters that aren't guaranteed to be NUL-terminated, arrays that
are intended to store such sequences should be decorated with a new
nonstring attribute. This change add this attribute to Glibc and
uses it to suppress such false positives.
ChangeLog:
* misc/sys/cdefs.h (__attribute_nonstring__): New macro.
* sysdeps/gnu/bits/utmp.h (struct utmp): Use it.
* sysdeps/unix/sysv/linux/s390/bits/utmp.h (struct utmp): Same.
---
misc/sys/cdefs.h | 9 +++++++++
sysdeps/gnu/bits/utmp.h | 9 ++++++---
sysdeps/unix/sysv/linux/s390/bits/utmp.h | 9 ++++++---
3 files changed, 21 insertions(+), 6 deletions(-)
--- a/misc/sys/cdefs.h
+++ b/misc/sys/cdefs.h
@@ -399,6 +399,15 @@
# endif
#endif
+#if __GNUC_PREREQ (8, 0)
+/* Describes a char array whose address can safely be passed as the first
+ argument to strncpy and strncat, as the char array is not necessarily
+ a NUL-terminated string. */
+# define __attribute_nonstring__ __attribute__ ((__nonstring__))
+#else
+# define __attribute_nonstring__
+#endif
+
#include <bits/wordsize.h>
#if defined __LONG_DOUBLE_MATH_OPTIONAL && defined __NO_LONG_DOUBLE_MATH
--- a/sysdeps/gnu/bits/utmp.h
+++ b/sysdeps/gnu/bits/utmp.h
@@ -59,10 +59,13 @@
{
short int ut_type; /* Type of login. */
pid_t ut_pid; /* Process ID of login process. */
- char ut_line[UT_LINESIZE]; /* Devicename. */
+ char ut_line[UT_LINESIZE]
+ __attribute_nonstring__; /* Devicename. */
char ut_id[4]; /* Inittab ID. */
- char ut_user[UT_NAMESIZE]; /* Username. */
- char ut_host[UT_HOSTSIZE]; /* Hostname for remote login. */
+ char ut_user[UT_NAMESIZE]
+ __attribute_nonstring__; /* Username. */
+ char ut_host[UT_HOSTSIZE]
+ __attribute_nonstring__; /* Hostname for remote login. */
struct exit_status ut_exit; /* Exit status of a process marked
as DEAD_PROCESS. */
/* The ut_session and ut_tv fields must be the same size when compiled
--- a/sysdeps/unix/sysv/linux/s390/bits/utmp.h
+++ b/sysdeps/unix/sysv/linux/s390/bits/utmp.h
@@ -59,10 +59,13 @@
{
short int ut_type; /* Type of login. */
pid_t ut_pid; /* Process ID of login process. */
- char ut_line[UT_LINESIZE]; /* Devicename. */
+ char ut_line[UT_LINESIZE]
+ __attribute_nonstring__; /* Devicename. */
char ut_id[4]; /* Inittab ID. */
- char ut_user[UT_NAMESIZE]; /* Username. */
- char ut_host[UT_HOSTSIZE]; /* Hostname for remote login. */
+ char ut_user[UT_NAMESIZE]
+ __attribute_nonstring__; /* Username. */
+ char ut_host[UT_HOSTSIZE]
+ __attribute_nonstring__; /* Hostname for remote login. */
struct exit_status ut_exit; /* Exit status of a process marked
as DEAD_PROCESS. */
/* The ut_session and ut_tv fields must be the same size when compiled

View File

@ -0,0 +1,47 @@
commit 4bae615022cb5a5da79ccda83cc6c9ba9f2d479c
Author: Joseph Myers <joseph@codesourcery.com>
Date: Wed Nov 22 18:44:23 2017 +0000
Avoid use of strlen in getlogin_r (bug 22447).
Building glibc with current mainline GCC fails, among other reasons,
because of an error for use of strlen on the nonstring ut_user field.
This patch changes the problem code in getlogin_r to use __strnlen
instead. It also needs to set the trailing NUL byte of the result
explicitly, because of the case where ut_user does not have such a
trailing NUL byte (but the result should always have one).
Tested for x86_64. Also tested that, in conjunction with
<https://sourceware.org/ml/libc-alpha/2017-11/msg00797.html>, it fixes
the build for arm with mainline GCC.
[BZ #22447]
* sysdeps/unix/getlogin_r.c (__getlogin_r): Use __strnlen not
strlen to compute length of ut_user and set trailing NUL byte of
result explicitly.
---
sysdeps/unix/getlogin_r.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
--- a/sysdeps/unix/getlogin_r.c
+++ b/sysdeps/unix/getlogin_r.c
@@ -82,7 +82,7 @@
if (result == 0)
{
- size_t needed = strlen (ut->ut_user) + 1;
+ size_t needed = __strnlen (ut->ut_user, UT_NAMESIZE) + 1;
if (needed > name_len)
{
@@ -91,7 +91,8 @@
}
else
{
- memcpy (name, ut->ut_user, needed);
+ memcpy (name, ut->ut_user, needed - 1);
+ name[needed - 1] = 0;
result = 0;
}
}

View File

@ -0,0 +1,25 @@
commit e69897bf202e18034cbef26f363bae64de70a196
Author: Paul Eggert <eggert@cs.ucla.edu>
Date: Sun Nov 12 22:00:28 2017 -0800
timezone: pacify GCC -Wstringop-truncation
Problem reported by Martin Sebor in:
https://sourceware.org/ml/libc-alpha/2017-11/msg00336.html
* timezone/zic.c (writezone): Use memcpy, not strncpy.
---
timezone/zic.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/timezone/zic.c
+++ b/timezone/zic.c
@@ -1713,7 +1713,7 @@
}
#define DO(field) ((void) fwrite(tzh.field, sizeof tzh.field, 1, fp))
tzh = tzh0;
- (void) strncpy(tzh.tzh_magic, TZ_MAGIC, sizeof tzh.tzh_magic);
+ memcpy(tzh.tzh_magic, TZ_MAGIC, sizeof tzh.tzh_magic);
tzh.tzh_version[0] = version;
convert(thistypecnt, tzh.tzh_ttisgmtcnt);
convert(thistypecnt, tzh.tzh_ttisstdcnt);

View File

@ -0,0 +1,73 @@
commit e4043b84c49e1cf9bcf1e8320233343ecc34f8eb
Author: Joseph Myers <joseph@codesourcery.com>
Date: Tue Jun 27 17:12:13 2017 +0000
Fix strftime build with GCC 8.
Building with current GCC mainline fails with:
strftime_l.c: In function '__strftime_internal':
strftime_l.c:719:4: error: macro expands to multiple statements [-Werror=multistatement-macros]
digits = d > width ? d : width; \
^
strftime_l.c:1260:6: note: in expansion of macro 'DO_NUMBER'
DO_NUMBER (1, tp->tm_year + TM_YEAR_BASE);
^~~~~~~~~
strftime_l.c:1259:4: note: some parts of macro expansion are not guarded by this 'else' clause
else
^~~~
In fact this particular instance is harmless; the code looks like:
if (modifier == L_('O'))
goto bad_format;
else
DO_NUMBER (1, tp->tm_year + TM_YEAR_BASE);
and because of the goto, it doesn't matter that part of the expansion
isn't under the "else" conditional. But it's also clearly bad style
to rely on that. This patch changes DO_NUMBER and DO_NUMBER_SPACEPAD
to use do { } while (0) to avoid such problems.
Tested (full testsuite) for x86_64 (GCC 6), and with
build-many-glibcs.py with GCC mainline, in conjunction with my libgcc
patch <https://gcc.gnu.org/ml/gcc-patches/2017-06/msg02032.html>.
* time/strftime_l.c (DO_NUMBER): Define using do { } while (0).
(DO_NUMBER_SPACEPAD): Likewise.
---
time/strftime_l.c | 22 ++++++++++++++++------
1 file changed, 16 insertions(+), 6 deletions(-)
--- a/time/strftime_l.c
+++ b/time/strftime_l.c
@@ -738,12 +738,22 @@
format_char = *f;
switch (format_char)
{
-#define DO_NUMBER(d, v) \
- digits = d > width ? d : width; \
- number_value = v; goto do_number
-#define DO_NUMBER_SPACEPAD(d, v) \
- digits = d > width ? d : width; \
- number_value = v; goto do_number_spacepad
+#define DO_NUMBER(d, v) \
+ do \
+ { \
+ digits = d > width ? d : width; \
+ number_value = v; \
+ goto do_number; \
+ } \
+ while (0)
+#define DO_NUMBER_SPACEPAD(d, v) \
+ do \
+ { \
+ digits = d > width ? d : width; \
+ number_value = v; \
+ goto do_number_spacepad; \
+ } \
+ while (0)
case L_('%'):
if (modifier != 0)

View File

@ -0,0 +1,29 @@
commit 2180fee114b778515b3f560e5ff1e795282e60b0
Author: Steve Ellcey <sellcey@caviumnetworks.com>
Date: Wed Nov 15 08:58:48 2017 -0800
Check length of ifname before copying it into to ifreq structure.
[BZ #22442]
* sysdeps/unix/sysv/linux/if_index.c (__if_nametoindex):
Check if ifname is too long.
---
sysdeps/unix/sysv/linux/if_index.c | 6 ++++++
1 file changed, 6 insertions(+)
--- a/sysdeps/unix/sysv/linux/if_index.c
+++ b/sysdeps/unix/sysv/linux/if_index.c
@@ -43,6 +43,12 @@
if (fd < 0)
return 0;
+ if (strlen (ifname) >= IFNAMSIZ)
+ {
+ __set_errno (ENODEV);
+ return 0;
+ }
+
strncpy (ifr.ifr_name, ifname, sizeof (ifr.ifr_name));
if (__ioctl (fd, SIOCGIFINDEX, &ifr) < 0)
{

View File

@ -0,0 +1,80 @@
commit 7532837d7b03b3ca5b9a63d77a5bd81dd23f3d9c
Author: Martin Sebor <msebor@redhat.com>
Date: Wed Nov 15 17:39:59 2017 -0700
The -Wstringop-truncation option new in GCC 8 detects common misuses
of the strncat and strncpy function that may result in truncating
the copied string before the terminating NUL. To avoid false positive
warnings for correct code that intentionally creates sequences of
characters that aren't guaranteed to be NUL-terminated, arrays that
are intended to store such sequences should be decorated with a new
nonstring attribute. This change add this attribute to Glibc and
uses it to suppress such false positives.
ChangeLog:
* misc/sys/cdefs.h (__attribute_nonstring__): New macro.
* sysdeps/gnu/bits/utmp.h (struct utmp): Use it.
* sysdeps/unix/sysv/linux/s390/bits/utmp.h (struct utmp): Same.
---
misc/sys/cdefs.h | 9 +++++++++
sysdeps/gnu/bits/utmp.h | 9 ++++++---
sysdeps/unix/sysv/linux/s390/bits/utmp.h | 9 ++++++---
3 files changed, 21 insertions(+), 6 deletions(-)
--- a/misc/sys/cdefs.h
+++ b/misc/sys/cdefs.h
@@ -399,6 +399,15 @@
# endif
#endif
+#if __GNUC_PREREQ (8, 0)
+/* Describes a char array whose address can safely be passed as the first
+ argument to strncpy and strncat, as the char array is not necessarily
+ a NUL-terminated string. */
+# define __attribute_nonstring__ __attribute__ ((__nonstring__))
+#else
+# define __attribute_nonstring__
+#endif
+
#if (!defined _Static_assert && !defined __cplusplus \
&& (defined __STDC_VERSION__ ? __STDC_VERSION__ : 0) < 201112 \
&& (!__GNUC_PREREQ (4, 6) || defined __STRICT_ANSI__))
--- a/sysdeps/gnu/bits/utmp.h
+++ b/sysdeps/gnu/bits/utmp.h
@@ -59,10 +59,13 @@
{
short int ut_type; /* Type of login. */
pid_t ut_pid; /* Process ID of login process. */
- char ut_line[UT_LINESIZE]; /* Devicename. */
+ char ut_line[UT_LINESIZE]
+ __attribute_nonstring__; /* Devicename. */
char ut_id[4]; /* Inittab ID. */
- char ut_user[UT_NAMESIZE]; /* Username. */
- char ut_host[UT_HOSTSIZE]; /* Hostname for remote login. */
+ char ut_user[UT_NAMESIZE]
+ __attribute_nonstring__; /* Username. */
+ char ut_host[UT_HOSTSIZE]
+ __attribute_nonstring__; /* Hostname for remote login. */
struct exit_status ut_exit; /* Exit status of a process marked
as DEAD_PROCESS. */
/* The ut_session and ut_tv fields must be the same size when compiled
--- a/sysdeps/unix/sysv/linux/s390/bits/utmp.h
+++ b/sysdeps/unix/sysv/linux/s390/bits/utmp.h
@@ -59,10 +59,13 @@
{
short int ut_type; /* Type of login. */
pid_t ut_pid; /* Process ID of login process. */
- char ut_line[UT_LINESIZE]; /* Devicename. */
+ char ut_line[UT_LINESIZE]
+ __attribute_nonstring__; /* Devicename. */
char ut_id[4]; /* Inittab ID. */
- char ut_user[UT_NAMESIZE]; /* Username. */
- char ut_host[UT_HOSTSIZE]; /* Hostname for remote login. */
+ char ut_user[UT_NAMESIZE]
+ __attribute_nonstring__; /* Username. */
+ char ut_host[UT_HOSTSIZE]
+ __attribute_nonstring__; /* Hostname for remote login. */
struct exit_status ut_exit; /* Exit status of a process marked
as DEAD_PROCESS. */
/* The ut_session and ut_tv fields must be the same size when compiled

View File

@ -0,0 +1,47 @@
commit 4bae615022cb5a5da79ccda83cc6c9ba9f2d479c
Author: Joseph Myers <joseph@codesourcery.com>
Date: Wed Nov 22 18:44:23 2017 +0000
Avoid use of strlen in getlogin_r (bug 22447).
Building glibc with current mainline GCC fails, among other reasons,
because of an error for use of strlen on the nonstring ut_user field.
This patch changes the problem code in getlogin_r to use __strnlen
instead. It also needs to set the trailing NUL byte of the result
explicitly, because of the case where ut_user does not have such a
trailing NUL byte (but the result should always have one).
Tested for x86_64. Also tested that, in conjunction with
<https://sourceware.org/ml/libc-alpha/2017-11/msg00797.html>, it fixes
the build for arm with mainline GCC.
[BZ #22447]
* sysdeps/unix/getlogin_r.c (__getlogin_r): Use __strnlen not
strlen to compute length of ut_user and set trailing NUL byte of
result explicitly.
---
sysdeps/unix/getlogin_r.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
--- a/sysdeps/unix/getlogin_r.c
+++ b/sysdeps/unix/getlogin_r.c
@@ -82,7 +82,7 @@
if (result == 0)
{
- size_t needed = strlen (ut->ut_user) + 1;
+ size_t needed = __strnlen (ut->ut_user, UT_NAMESIZE) + 1;
if (needed > name_len)
{
@@ -91,7 +91,8 @@
}
else
{
- memcpy (name, ut->ut_user, needed);
+ memcpy (name, ut->ut_user, needed - 1);
+ name[needed - 1] = 0;
result = 0;
}
}

View File

@ -0,0 +1,25 @@
commit e69897bf202e18034cbef26f363bae64de70a196
Author: Paul Eggert <eggert@cs.ucla.edu>
Date: Sun Nov 12 22:00:28 2017 -0800
timezone: pacify GCC -Wstringop-truncation
Problem reported by Martin Sebor in:
https://sourceware.org/ml/libc-alpha/2017-11/msg00336.html
* timezone/zic.c (writezone): Use memcpy, not strncpy.
---
timezone/zic.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/timezone/zic.c
+++ b/timezone/zic.c
@@ -1713,7 +1713,7 @@
}
#define DO(field) ((void) fwrite(tzh.field, sizeof tzh.field, 1, fp))
tzh = tzh0;
- (void) strncpy(tzh.tzh_magic, TZ_MAGIC, sizeof tzh.tzh_magic);
+ memcpy(tzh.tzh_magic, TZ_MAGIC, sizeof tzh.tzh_magic);
tzh.tzh_version[0] = version;
convert(thistypecnt, tzh.tzh_ttisgmtcnt);
convert(thistypecnt, tzh.tzh_ttisstdcnt);

View File

@ -0,0 +1,73 @@
commit e4043b84c49e1cf9bcf1e8320233343ecc34f8eb
Author: Joseph Myers <joseph@codesourcery.com>
Date: Tue Jun 27 17:12:13 2017 +0000
Fix strftime build with GCC 8.
Building with current GCC mainline fails with:
strftime_l.c: In function '__strftime_internal':
strftime_l.c:719:4: error: macro expands to multiple statements [-Werror=multistatement-macros]
digits = d > width ? d : width; \
^
strftime_l.c:1260:6: note: in expansion of macro 'DO_NUMBER'
DO_NUMBER (1, tp->tm_year + TM_YEAR_BASE);
^~~~~~~~~
strftime_l.c:1259:4: note: some parts of macro expansion are not guarded by this 'else' clause
else
^~~~
In fact this particular instance is harmless; the code looks like:
if (modifier == L_('O'))
goto bad_format;
else
DO_NUMBER (1, tp->tm_year + TM_YEAR_BASE);
and because of the goto, it doesn't matter that part of the expansion
isn't under the "else" conditional. But it's also clearly bad style
to rely on that. This patch changes DO_NUMBER and DO_NUMBER_SPACEPAD
to use do { } while (0) to avoid such problems.
Tested (full testsuite) for x86_64 (GCC 6), and with
build-many-glibcs.py with GCC mainline, in conjunction with my libgcc
patch <https://gcc.gnu.org/ml/gcc-patches/2017-06/msg02032.html>.
* time/strftime_l.c (DO_NUMBER): Define using do { } while (0).
(DO_NUMBER_SPACEPAD): Likewise.
---
time/strftime_l.c | 22 ++++++++++++++++------
1 file changed, 16 insertions(+), 6 deletions(-)
--- a/time/strftime_l.c
+++ b/time/strftime_l.c
@@ -715,12 +715,22 @@
format_char = *f;
switch (format_char)
{
-#define DO_NUMBER(d, v) \
- digits = d > width ? d : width; \
- number_value = v; goto do_number
-#define DO_NUMBER_SPACEPAD(d, v) \
- digits = d > width ? d : width; \
- number_value = v; goto do_number_spacepad
+#define DO_NUMBER(d, v) \
+ do \
+ { \
+ digits = d > width ? d : width; \
+ number_value = v; \
+ goto do_number; \
+ } \
+ while (0)
+#define DO_NUMBER_SPACEPAD(d, v) \
+ do \
+ { \
+ digits = d > width ? d : width; \
+ number_value = v; \
+ goto do_number_spacepad; \
+ } \
+ while (0)
case L_('%'):
if (modifier != 0)

View File

@ -0,0 +1,29 @@
commit 2180fee114b778515b3f560e5ff1e795282e60b0
Author: Steve Ellcey <sellcey@caviumnetworks.com>
Date: Wed Nov 15 08:58:48 2017 -0800
Check length of ifname before copying it into to ifreq structure.
[BZ #22442]
* sysdeps/unix/sysv/linux/if_index.c (__if_nametoindex):
Check if ifname is too long.
---
sysdeps/unix/sysv/linux/if_index.c | 6 ++++++
1 file changed, 6 insertions(+)
--- a/sysdeps/unix/sysv/linux/if_index.c
+++ b/sysdeps/unix/sysv/linux/if_index.c
@@ -43,6 +43,12 @@
if (fd < 0)
return 0;
+ if (strlen (ifname) >= IFNAMSIZ)
+ {
+ __set_errno (ENODEV);
+ return 0;
+ }
+
strncpy (ifr.ifr_name, ifname, sizeof (ifr.ifr_name));
if (__ioctl (fd, SIOCGIFINDEX, &ifr) < 0)
{

View File

@ -0,0 +1,80 @@
commit 7532837d7b03b3ca5b9a63d77a5bd81dd23f3d9c
Author: Martin Sebor <msebor@redhat.com>
Date: Wed Nov 15 17:39:59 2017 -0700
The -Wstringop-truncation option new in GCC 8 detects common misuses
of the strncat and strncpy function that may result in truncating
the copied string before the terminating NUL. To avoid false positive
warnings for correct code that intentionally creates sequences of
characters that aren't guaranteed to be NUL-terminated, arrays that
are intended to store such sequences should be decorated with a new
nonstring attribute. This change add this attribute to Glibc and
uses it to suppress such false positives.
ChangeLog:
* misc/sys/cdefs.h (__attribute_nonstring__): New macro.
* sysdeps/gnu/bits/utmp.h (struct utmp): Use it.
* sysdeps/unix/sysv/linux/s390/bits/utmp.h (struct utmp): Same.
---
misc/sys/cdefs.h | 9 +++++++++
sysdeps/gnu/bits/utmp.h | 9 ++++++---
sysdeps/unix/sysv/linux/s390/bits/utmp.h | 9 ++++++---
3 files changed, 21 insertions(+), 6 deletions(-)
--- a/misc/sys/cdefs.h
+++ b/misc/sys/cdefs.h
@@ -399,6 +399,15 @@
# endif
#endif
+#if __GNUC_PREREQ (8, 0)
+/* Describes a char array whose address can safely be passed as the first
+ argument to strncpy and strncat, as the char array is not necessarily
+ a NUL-terminated string. */
+# define __attribute_nonstring__ __attribute__ ((__nonstring__))
+#else
+# define __attribute_nonstring__
+#endif
+
#if (!defined _Static_assert && !defined __cplusplus \
&& (defined __STDC_VERSION__ ? __STDC_VERSION__ : 0) < 201112 \
&& (!__GNUC_PREREQ (4, 6) || defined __STRICT_ANSI__))
--- a/sysdeps/gnu/bits/utmp.h
+++ b/sysdeps/gnu/bits/utmp.h
@@ -59,10 +59,13 @@
{
short int ut_type; /* Type of login. */
pid_t ut_pid; /* Process ID of login process. */
- char ut_line[UT_LINESIZE]; /* Devicename. */
+ char ut_line[UT_LINESIZE]
+ __attribute_nonstring__; /* Devicename. */
char ut_id[4]; /* Inittab ID. */
- char ut_user[UT_NAMESIZE]; /* Username. */
- char ut_host[UT_HOSTSIZE]; /* Hostname for remote login. */
+ char ut_user[UT_NAMESIZE]
+ __attribute_nonstring__; /* Username. */
+ char ut_host[UT_HOSTSIZE]
+ __attribute_nonstring__; /* Hostname for remote login. */
struct exit_status ut_exit; /* Exit status of a process marked
as DEAD_PROCESS. */
/* The ut_session and ut_tv fields must be the same size when compiled
--- a/sysdeps/unix/sysv/linux/s390/bits/utmp.h
+++ b/sysdeps/unix/sysv/linux/s390/bits/utmp.h
@@ -59,10 +59,13 @@
{
short int ut_type; /* Type of login. */
pid_t ut_pid; /* Process ID of login process. */
- char ut_line[UT_LINESIZE]; /* Devicename. */
+ char ut_line[UT_LINESIZE]
+ __attribute_nonstring__; /* Devicename. */
char ut_id[4]; /* Inittab ID. */
- char ut_user[UT_NAMESIZE]; /* Username. */
- char ut_host[UT_HOSTSIZE]; /* Hostname for remote login. */
+ char ut_user[UT_NAMESIZE]
+ __attribute_nonstring__; /* Username. */
+ char ut_host[UT_HOSTSIZE]
+ __attribute_nonstring__; /* Hostname for remote login. */
struct exit_status ut_exit; /* Exit status of a process marked
as DEAD_PROCESS. */
/* The ut_session and ut_tv fields must be the same size when compiled

View File

@ -0,0 +1,47 @@
commit 4bae615022cb5a5da79ccda83cc6c9ba9f2d479c
Author: Joseph Myers <joseph@codesourcery.com>
Date: Wed Nov 22 18:44:23 2017 +0000
Avoid use of strlen in getlogin_r (bug 22447).
Building glibc with current mainline GCC fails, among other reasons,
because of an error for use of strlen on the nonstring ut_user field.
This patch changes the problem code in getlogin_r to use __strnlen
instead. It also needs to set the trailing NUL byte of the result
explicitly, because of the case where ut_user does not have such a
trailing NUL byte (but the result should always have one).
Tested for x86_64. Also tested that, in conjunction with
<https://sourceware.org/ml/libc-alpha/2017-11/msg00797.html>, it fixes
the build for arm with mainline GCC.
[BZ #22447]
* sysdeps/unix/getlogin_r.c (__getlogin_r): Use __strnlen not
strlen to compute length of ut_user and set trailing NUL byte of
result explicitly.
---
sysdeps/unix/getlogin_r.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
--- a/sysdeps/unix/getlogin_r.c
+++ b/sysdeps/unix/getlogin_r.c
@@ -80,7 +80,7 @@
if (result == 0)
{
- size_t needed = strlen (ut->ut_user) + 1;
+ size_t needed = __strnlen (ut->ut_user, UT_NAMESIZE) + 1;
if (needed > name_len)
{
@@ -89,7 +89,8 @@
}
else
{
- memcpy (name, ut->ut_user, needed);
+ memcpy (name, ut->ut_user, needed - 1);
+ name[needed - 1] = 0;
result = 0;
}
}

View File

@ -0,0 +1,25 @@
commit e69897bf202e18034cbef26f363bae64de70a196
Author: Paul Eggert <eggert@cs.ucla.edu>
Date: Sun Nov 12 22:00:28 2017 -0800
timezone: pacify GCC -Wstringop-truncation
Problem reported by Martin Sebor in:
https://sourceware.org/ml/libc-alpha/2017-11/msg00336.html
* timezone/zic.c (writezone): Use memcpy, not strncpy.
---
timezone/zic.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/timezone/zic.c
+++ b/timezone/zic.c
@@ -1819,7 +1819,7 @@
}
#define DO(field) fwrite(tzh.field, sizeof tzh.field, 1, fp)
tzh = tzh0;
- strncpy(tzh.tzh_magic, TZ_MAGIC, sizeof tzh.tzh_magic);
+ memcpy(tzh.tzh_magic, TZ_MAGIC, sizeof tzh.tzh_magic);
tzh.tzh_version[0] = version;
convert(thistypecnt, tzh.tzh_ttisgmtcnt);
convert(thistypecnt, tzh.tzh_ttisstdcnt);

View File

@ -0,0 +1,73 @@
commit e4043b84c49e1cf9bcf1e8320233343ecc34f8eb
Author: Joseph Myers <joseph@codesourcery.com>
Date: Tue Jun 27 17:12:13 2017 +0000
Fix strftime build with GCC 8.
Building with current GCC mainline fails with:
strftime_l.c: In function '__strftime_internal':
strftime_l.c:719:4: error: macro expands to multiple statements [-Werror=multistatement-macros]
digits = d > width ? d : width; \
^
strftime_l.c:1260:6: note: in expansion of macro 'DO_NUMBER'
DO_NUMBER (1, tp->tm_year + TM_YEAR_BASE);
^~~~~~~~~
strftime_l.c:1259:4: note: some parts of macro expansion are not guarded by this 'else' clause
else
^~~~
In fact this particular instance is harmless; the code looks like:
if (modifier == L_('O'))
goto bad_format;
else
DO_NUMBER (1, tp->tm_year + TM_YEAR_BASE);
and because of the goto, it doesn't matter that part of the expansion
isn't under the "else" conditional. But it's also clearly bad style
to rely on that. This patch changes DO_NUMBER and DO_NUMBER_SPACEPAD
to use do { } while (0) to avoid such problems.
Tested (full testsuite) for x86_64 (GCC 6), and with
build-many-glibcs.py with GCC mainline, in conjunction with my libgcc
patch <https://gcc.gnu.org/ml/gcc-patches/2017-06/msg02032.html>.
* time/strftime_l.c (DO_NUMBER): Define using do { } while (0).
(DO_NUMBER_SPACEPAD): Likewise.
---
time/strftime_l.c | 22 ++++++++++++++++------
1 file changed, 16 insertions(+), 6 deletions(-)
--- a/time/strftime_l.c
+++ b/time/strftime_l.c
@@ -715,12 +715,22 @@
format_char = *f;
switch (format_char)
{
-#define DO_NUMBER(d, v) \
- digits = d > width ? d : width; \
- number_value = v; goto do_number
-#define DO_NUMBER_SPACEPAD(d, v) \
- digits = d > width ? d : width; \
- number_value = v; goto do_number_spacepad
+#define DO_NUMBER(d, v) \
+ do \
+ { \
+ digits = d > width ? d : width; \
+ number_value = v; \
+ goto do_number; \
+ } \
+ while (0)
+#define DO_NUMBER_SPACEPAD(d, v) \
+ do \
+ { \
+ digits = d > width ? d : width; \
+ number_value = v; \
+ goto do_number_spacepad; \
+ } \
+ while (0)
case L_('%'):
if (modifier != 0)

View File

@ -0,0 +1,29 @@
commit 2180fee114b778515b3f560e5ff1e795282e60b0
Author: Steve Ellcey <sellcey@caviumnetworks.com>
Date: Wed Nov 15 08:58:48 2017 -0800
Check length of ifname before copying it into to ifreq structure.
[BZ #22442]
* sysdeps/unix/sysv/linux/if_index.c (__if_nametoindex):
Check if ifname is too long.
---
sysdeps/unix/sysv/linux/if_index.c | 6 ++++++
1 file changed, 6 insertions(+)
--- a/sysdeps/unix/sysv/linux/if_index.c
+++ b/sysdeps/unix/sysv/linux/if_index.c
@@ -43,6 +43,12 @@
if (fd < 0)
return 0;
+ if (strlen (ifname) >= IFNAMSIZ)
+ {
+ __set_errno (ENODEV);
+ return 0;
+ }
+
strncpy (ifr.ifr_name, ifname, sizeof (ifr.ifr_name));
if (__ioctl (fd, SIOCGIFINDEX, &ifr) < 0)
{

View File

@ -0,0 +1,80 @@
commit 7532837d7b03b3ca5b9a63d77a5bd81dd23f3d9c
Author: Martin Sebor <msebor@redhat.com>
Date: Wed Nov 15 17:39:59 2017 -0700
The -Wstringop-truncation option new in GCC 8 detects common misuses
of the strncat and strncpy function that may result in truncating
the copied string before the terminating NUL. To avoid false positive
warnings for correct code that intentionally creates sequences of
characters that aren't guaranteed to be NUL-terminated, arrays that
are intended to store such sequences should be decorated with a new
nonstring attribute. This change add this attribute to Glibc and
uses it to suppress such false positives.
ChangeLog:
* misc/sys/cdefs.h (__attribute_nonstring__): New macro.
* sysdeps/gnu/bits/utmp.h (struct utmp): Use it.
* sysdeps/unix/sysv/linux/s390/bits/utmp.h (struct utmp): Same.
---
misc/sys/cdefs.h | 9 +++++++++
sysdeps/gnu/bits/utmp.h | 9 ++++++---
sysdeps/unix/sysv/linux/s390/bits/utmp.h | 9 ++++++---
3 files changed, 21 insertions(+), 6 deletions(-)
--- a/misc/sys/cdefs.h
+++ b/misc/sys/cdefs.h
@@ -404,6 +404,15 @@
# endif
#endif
+#if __GNUC_PREREQ (8, 0)
+/* Describes a char array whose address can safely be passed as the first
+ argument to strncpy and strncat, as the char array is not necessarily
+ a NUL-terminated string. */
+# define __attribute_nonstring__ __attribute__ ((__nonstring__))
+#else
+# define __attribute_nonstring__
+#endif
+
#if (!defined _Static_assert && !defined __cplusplus \
&& (defined __STDC_VERSION__ ? __STDC_VERSION__ : 0) < 201112 \
&& (!__GNUC_PREREQ (4, 6) || defined __STRICT_ANSI__))
--- a/sysdeps/gnu/bits/utmp.h
+++ b/sysdeps/gnu/bits/utmp.h
@@ -59,10 +59,13 @@
{
short int ut_type; /* Type of login. */
pid_t ut_pid; /* Process ID of login process. */
- char ut_line[UT_LINESIZE]; /* Devicename. */
+ char ut_line[UT_LINESIZE]
+ __attribute_nonstring__; /* Devicename. */
char ut_id[4]; /* Inittab ID. */
- char ut_user[UT_NAMESIZE]; /* Username. */
- char ut_host[UT_HOSTSIZE]; /* Hostname for remote login. */
+ char ut_user[UT_NAMESIZE]
+ __attribute_nonstring__; /* Username. */
+ char ut_host[UT_HOSTSIZE]
+ __attribute_nonstring__; /* Hostname for remote login. */
struct exit_status ut_exit; /* Exit status of a process marked
as DEAD_PROCESS. */
/* The ut_session and ut_tv fields must be the same size when compiled
--- a/sysdeps/unix/sysv/linux/s390/bits/utmp.h
+++ b/sysdeps/unix/sysv/linux/s390/bits/utmp.h
@@ -59,10 +59,13 @@
{
short int ut_type; /* Type of login. */
pid_t ut_pid; /* Process ID of login process. */
- char ut_line[UT_LINESIZE]; /* Devicename. */
+ char ut_line[UT_LINESIZE]
+ __attribute_nonstring__; /* Devicename. */
char ut_id[4]; /* Inittab ID. */
- char ut_user[UT_NAMESIZE]; /* Username. */
- char ut_host[UT_HOSTSIZE]; /* Hostname for remote login. */
+ char ut_user[UT_NAMESIZE]
+ __attribute_nonstring__; /* Username. */
+ char ut_host[UT_HOSTSIZE]
+ __attribute_nonstring__; /* Hostname for remote login. */
struct exit_status ut_exit; /* Exit status of a process marked
as DEAD_PROCESS. */
/* The ut_session and ut_tv fields must be the same size when compiled

View File

@ -0,0 +1,47 @@
commit 4bae615022cb5a5da79ccda83cc6c9ba9f2d479c
Author: Joseph Myers <joseph@codesourcery.com>
Date: Wed Nov 22 18:44:23 2017 +0000
Avoid use of strlen in getlogin_r (bug 22447).
Building glibc with current mainline GCC fails, among other reasons,
because of an error for use of strlen on the nonstring ut_user field.
This patch changes the problem code in getlogin_r to use __strnlen
instead. It also needs to set the trailing NUL byte of the result
explicitly, because of the case where ut_user does not have such a
trailing NUL byte (but the result should always have one).
Tested for x86_64. Also tested that, in conjunction with
<https://sourceware.org/ml/libc-alpha/2017-11/msg00797.html>, it fixes
the build for arm with mainline GCC.
[BZ #22447]
* sysdeps/unix/getlogin_r.c (__getlogin_r): Use __strnlen not
strlen to compute length of ut_user and set trailing NUL byte of
result explicitly.
---
sysdeps/unix/getlogin_r.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
--- a/sysdeps/unix/getlogin_r.c
+++ b/sysdeps/unix/getlogin_r.c
@@ -80,7 +80,7 @@
if (result == 0)
{
- size_t needed = strlen (ut->ut_user) + 1;
+ size_t needed = __strnlen (ut->ut_user, UT_NAMESIZE) + 1;
if (needed > name_len)
{
@@ -89,7 +89,8 @@
}
else
{
- memcpy (name, ut->ut_user, needed);
+ memcpy (name, ut->ut_user, needed - 1);
+ name[needed - 1] = 0;
result = 0;
}
}

View File

@ -0,0 +1,25 @@
commit e69897bf202e18034cbef26f363bae64de70a196
Author: Paul Eggert <eggert@cs.ucla.edu>
Date: Sun Nov 12 22:00:28 2017 -0800
timezone: pacify GCC -Wstringop-truncation
Problem reported by Martin Sebor in:
https://sourceware.org/ml/libc-alpha/2017-11/msg00336.html
* timezone/zic.c (writezone): Use memcpy, not strncpy.
---
timezone/zic.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/timezone/zic.c
+++ b/timezone/zic.c
@@ -1819,7 +1819,7 @@
}
#define DO(field) fwrite(tzh.field, sizeof tzh.field, 1, fp)
tzh = tzh0;
- strncpy(tzh.tzh_magic, TZ_MAGIC, sizeof tzh.tzh_magic);
+ memcpy(tzh.tzh_magic, TZ_MAGIC, sizeof tzh.tzh_magic);
tzh.tzh_version[0] = version;
convert(thistypecnt, tzh.tzh_ttisgmtcnt);
convert(thistypecnt, tzh.tzh_ttisstdcnt);

View File

@ -0,0 +1,73 @@
commit e4043b84c49e1cf9bcf1e8320233343ecc34f8eb
Author: Joseph Myers <joseph@codesourcery.com>
Date: Tue Jun 27 17:12:13 2017 +0000
Fix strftime build with GCC 8.
Building with current GCC mainline fails with:
strftime_l.c: In function '__strftime_internal':
strftime_l.c:719:4: error: macro expands to multiple statements [-Werror=multistatement-macros]
digits = d > width ? d : width; \
^
strftime_l.c:1260:6: note: in expansion of macro 'DO_NUMBER'
DO_NUMBER (1, tp->tm_year + TM_YEAR_BASE);
^~~~~~~~~
strftime_l.c:1259:4: note: some parts of macro expansion are not guarded by this 'else' clause
else
^~~~
In fact this particular instance is harmless; the code looks like:
if (modifier == L_('O'))
goto bad_format;
else
DO_NUMBER (1, tp->tm_year + TM_YEAR_BASE);
and because of the goto, it doesn't matter that part of the expansion
isn't under the "else" conditional. But it's also clearly bad style
to rely on that. This patch changes DO_NUMBER and DO_NUMBER_SPACEPAD
to use do { } while (0) to avoid such problems.
Tested (full testsuite) for x86_64 (GCC 6), and with
build-many-glibcs.py with GCC mainline, in conjunction with my libgcc
patch <https://gcc.gnu.org/ml/gcc-patches/2017-06/msg02032.html>.
* time/strftime_l.c (DO_NUMBER): Define using do { } while (0).
(DO_NUMBER_SPACEPAD): Likewise.
---
time/strftime_l.c | 22 ++++++++++++++++------
1 file changed, 16 insertions(+), 6 deletions(-)
--- a/time/strftime_l.c
+++ b/time/strftime_l.c
@@ -715,12 +715,22 @@
format_char = *f;
switch (format_char)
{
-#define DO_NUMBER(d, v) \
- digits = d > width ? d : width; \
- number_value = v; goto do_number
-#define DO_NUMBER_SPACEPAD(d, v) \
- digits = d > width ? d : width; \
- number_value = v; goto do_number_spacepad
+#define DO_NUMBER(d, v) \
+ do \
+ { \
+ digits = d > width ? d : width; \
+ number_value = v; \
+ goto do_number; \
+ } \
+ while (0)
+#define DO_NUMBER_SPACEPAD(d, v) \
+ do \
+ { \
+ digits = d > width ? d : width; \
+ number_value = v; \
+ goto do_number_spacepad; \
+ } \
+ while (0)
case L_('%'):
if (modifier != 0)

View File

@ -0,0 +1,29 @@
commit 2180fee114b778515b3f560e5ff1e795282e60b0
Author: Steve Ellcey <sellcey@caviumnetworks.com>
Date: Wed Nov 15 08:58:48 2017 -0800
Check length of ifname before copying it into to ifreq structure.
[BZ #22442]
* sysdeps/unix/sysv/linux/if_index.c (__if_nametoindex):
Check if ifname is too long.
---
sysdeps/unix/sysv/linux/if_index.c | 6 ++++++
1 file changed, 6 insertions(+)
--- a/sysdeps/unix/sysv/linux/if_index.c
+++ b/sysdeps/unix/sysv/linux/if_index.c
@@ -43,6 +43,12 @@
if (fd < 0)
return 0;
+ if (strlen (ifname) >= IFNAMSIZ)
+ {
+ __set_errno (ENODEV);
+ return 0;
+ }
+
strncpy (ifr.ifr_name, ifname, sizeof (ifr.ifr_name));
if (__ioctl (fd, SIOCGIFINDEX, &ifr) < 0)
{

View File

@ -0,0 +1,80 @@
commit 7532837d7b03b3ca5b9a63d77a5bd81dd23f3d9c
Author: Martin Sebor <msebor@redhat.com>
Date: Wed Nov 15 17:39:59 2017 -0700
The -Wstringop-truncation option new in GCC 8 detects common misuses
of the strncat and strncpy function that may result in truncating
the copied string before the terminating NUL. To avoid false positive
warnings for correct code that intentionally creates sequences of
characters that aren't guaranteed to be NUL-terminated, arrays that
are intended to store such sequences should be decorated with a new
nonstring attribute. This change add this attribute to Glibc and
uses it to suppress such false positives.
ChangeLog:
* misc/sys/cdefs.h (__attribute_nonstring__): New macro.
* sysdeps/gnu/bits/utmp.h (struct utmp): Use it.
* sysdeps/unix/sysv/linux/s390/bits/utmp.h (struct utmp): Same.
---
misc/sys/cdefs.h | 9 +++++++++
sysdeps/gnu/bits/utmp.h | 9 ++++++---
sysdeps/unix/sysv/linux/s390/bits/utmp.h | 9 ++++++---
3 files changed, 21 insertions(+), 6 deletions(-)
--- a/misc/sys/cdefs.h
+++ b/misc/sys/cdefs.h
@@ -430,6 +430,15 @@
# endif
#endif
+#if __GNUC_PREREQ (8, 0)
+/* Describes a char array whose address can safely be passed as the first
+ argument to strncpy and strncat, as the char array is not necessarily
+ a NUL-terminated string. */
+# define __attribute_nonstring__ __attribute__ ((__nonstring__))
+#else
+# define __attribute_nonstring__
+#endif
+
#if (!defined _Static_assert && !defined __cplusplus \
&& (defined __STDC_VERSION__ ? __STDC_VERSION__ : 0) < 201112 \
&& (!__GNUC_PREREQ (4, 6) || defined __STRICT_ANSI__))
--- a/sysdeps/gnu/bits/utmp.h
+++ b/sysdeps/gnu/bits/utmp.h
@@ -59,10 +59,13 @@
{
short int ut_type; /* Type of login. */
pid_t ut_pid; /* Process ID of login process. */
- char ut_line[UT_LINESIZE]; /* Devicename. */
+ char ut_line[UT_LINESIZE]
+ __attribute_nonstring__; /* Devicename. */
char ut_id[4]; /* Inittab ID. */
- char ut_user[UT_NAMESIZE]; /* Username. */
- char ut_host[UT_HOSTSIZE]; /* Hostname for remote login. */
+ char ut_user[UT_NAMESIZE]
+ __attribute_nonstring__; /* Username. */
+ char ut_host[UT_HOSTSIZE]
+ __attribute_nonstring__; /* Hostname for remote login. */
struct exit_status ut_exit; /* Exit status of a process marked
as DEAD_PROCESS. */
/* The ut_session and ut_tv fields must be the same size when compiled
--- a/sysdeps/unix/sysv/linux/s390/bits/utmp.h
+++ b/sysdeps/unix/sysv/linux/s390/bits/utmp.h
@@ -59,10 +59,13 @@
{
short int ut_type; /* Type of login. */
pid_t ut_pid; /* Process ID of login process. */
- char ut_line[UT_LINESIZE]; /* Devicename. */
+ char ut_line[UT_LINESIZE]
+ __attribute_nonstring__; /* Devicename. */
char ut_id[4]; /* Inittab ID. */
- char ut_user[UT_NAMESIZE]; /* Username. */
- char ut_host[UT_HOSTSIZE]; /* Hostname for remote login. */
+ char ut_user[UT_NAMESIZE]
+ __attribute_nonstring__; /* Username. */
+ char ut_host[UT_HOSTSIZE]
+ __attribute_nonstring__; /* Hostname for remote login. */
struct exit_status ut_exit; /* Exit status of a process marked
as DEAD_PROCESS. */
/* The ut_session and ut_tv fields must be the same size when compiled

View File

@ -0,0 +1,47 @@
commit 4bae615022cb5a5da79ccda83cc6c9ba9f2d479c
Author: Joseph Myers <joseph@codesourcery.com>
Date: Wed Nov 22 18:44:23 2017 +0000
Avoid use of strlen in getlogin_r (bug 22447).
Building glibc with current mainline GCC fails, among other reasons,
because of an error for use of strlen on the nonstring ut_user field.
This patch changes the problem code in getlogin_r to use __strnlen
instead. It also needs to set the trailing NUL byte of the result
explicitly, because of the case where ut_user does not have such a
trailing NUL byte (but the result should always have one).
Tested for x86_64. Also tested that, in conjunction with
<https://sourceware.org/ml/libc-alpha/2017-11/msg00797.html>, it fixes
the build for arm with mainline GCC.
[BZ #22447]
* sysdeps/unix/getlogin_r.c (__getlogin_r): Use __strnlen not
strlen to compute length of ut_user and set trailing NUL byte of
result explicitly.
---
sysdeps/unix/getlogin_r.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
--- a/sysdeps/unix/getlogin_r.c
+++ b/sysdeps/unix/getlogin_r.c
@@ -80,7 +80,7 @@
if (result == 0)
{
- size_t needed = strlen (ut->ut_user) + 1;
+ size_t needed = __strnlen (ut->ut_user, UT_NAMESIZE) + 1;
if (needed > name_len)
{
@@ -89,7 +89,8 @@
}
else
{
- memcpy (name, ut->ut_user, needed);
+ memcpy (name, ut->ut_user, needed - 1);
+ name[needed - 1] = 0;
result = 0;
}
}

View File

@ -0,0 +1,25 @@
commit e69897bf202e18034cbef26f363bae64de70a196
Author: Paul Eggert <eggert@cs.ucla.edu>
Date: Sun Nov 12 22:00:28 2017 -0800
timezone: pacify GCC -Wstringop-truncation
Problem reported by Martin Sebor in:
https://sourceware.org/ml/libc-alpha/2017-11/msg00336.html
* timezone/zic.c (writezone): Use memcpy, not strncpy.
---
timezone/zic.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/timezone/zic.c
+++ b/timezone/zic.c
@@ -1819,7 +1819,7 @@
}
#define DO(field) fwrite(tzh.field, sizeof tzh.field, 1, fp)
tzh = tzh0;
- strncpy(tzh.tzh_magic, TZ_MAGIC, sizeof tzh.tzh_magic);
+ memcpy(tzh.tzh_magic, TZ_MAGIC, sizeof tzh.tzh_magic);
tzh.tzh_version[0] = version;
convert(thistypecnt, tzh.tzh_ttisgmtcnt);
convert(thistypecnt, tzh.tzh_ttisstdcnt);

View File

@ -0,0 +1,29 @@
commit 2180fee114b778515b3f560e5ff1e795282e60b0
Author: Steve Ellcey <sellcey@caviumnetworks.com>
Date: Wed Nov 15 08:58:48 2017 -0800
Check length of ifname before copying it into to ifreq structure.
[BZ #22442]
* sysdeps/unix/sysv/linux/if_index.c (__if_nametoindex):
Check if ifname is too long.
---
sysdeps/unix/sysv/linux/if_index.c | 6 ++++++
1 file changed, 6 insertions(+)
--- a/sysdeps/unix/sysv/linux/if_index.c
+++ b/sysdeps/unix/sysv/linux/if_index.c
@@ -43,6 +43,12 @@
if (fd < 0)
return 0;
+ if (strlen (ifname) >= IFNAMSIZ)
+ {
+ __set_errno (ENODEV);
+ return 0;
+ }
+
strncpy (ifr.ifr_name, ifname, sizeof (ifr.ifr_name));
if (__ioctl (fd, SIOCGIFINDEX, &ifr) < 0)
{

View File

@ -0,0 +1,80 @@
commit 7532837d7b03b3ca5b9a63d77a5bd81dd23f3d9c
Author: Martin Sebor <msebor@redhat.com>
Date: Wed Nov 15 17:39:59 2017 -0700
The -Wstringop-truncation option new in GCC 8 detects common misuses
of the strncat and strncpy function that may result in truncating
the copied string before the terminating NUL. To avoid false positive
warnings for correct code that intentionally creates sequences of
characters that aren't guaranteed to be NUL-terminated, arrays that
are intended to store such sequences should be decorated with a new
nonstring attribute. This change add this attribute to Glibc and
uses it to suppress such false positives.
ChangeLog:
* misc/sys/cdefs.h (__attribute_nonstring__): New macro.
* sysdeps/gnu/bits/utmp.h (struct utmp): Use it.
* sysdeps/unix/sysv/linux/s390/bits/utmp.h (struct utmp): Same.
---
misc/sys/cdefs.h | 9 +++++++++
sysdeps/gnu/bits/utmp.h | 9 ++++++---
sysdeps/unix/sysv/linux/s390/bits/utmp.h | 9 ++++++---
3 files changed, 21 insertions(+), 6 deletions(-)
--- a/misc/sys/cdefs.h
+++ b/misc/sys/cdefs.h
@@ -408,6 +408,15 @@
# endif
#endif
+#if __GNUC_PREREQ (8, 0)
+/* Describes a char array whose address can safely be passed as the first
+ argument to strncpy and strncat, as the char array is not necessarily
+ a NUL-terminated string. */
+# define __attribute_nonstring__ __attribute__ ((__nonstring__))
+#else
+# define __attribute_nonstring__
+#endif
+
#if (!defined _Static_assert && !defined __cplusplus \
&& (defined __STDC_VERSION__ ? __STDC_VERSION__ : 0) < 201112 \
&& (!__GNUC_PREREQ (4, 6) || defined __STRICT_ANSI__))
--- a/sysdeps/gnu/bits/utmp.h
+++ b/sysdeps/gnu/bits/utmp.h
@@ -59,10 +59,13 @@
{
short int ut_type; /* Type of login. */
pid_t ut_pid; /* Process ID of login process. */
- char ut_line[UT_LINESIZE]; /* Devicename. */
+ char ut_line[UT_LINESIZE]
+ __attribute_nonstring__; /* Devicename. */
char ut_id[4]; /* Inittab ID. */
- char ut_user[UT_NAMESIZE]; /* Username. */
- char ut_host[UT_HOSTSIZE]; /* Hostname for remote login. */
+ char ut_user[UT_NAMESIZE]
+ __attribute_nonstring__; /* Username. */
+ char ut_host[UT_HOSTSIZE]
+ __attribute_nonstring__; /* Hostname for remote login. */
struct exit_status ut_exit; /* Exit status of a process marked
as DEAD_PROCESS. */
/* The ut_session and ut_tv fields must be the same size when compiled
--- a/sysdeps/unix/sysv/linux/s390/bits/utmp.h
+++ b/sysdeps/unix/sysv/linux/s390/bits/utmp.h
@@ -59,10 +59,13 @@
{
short int ut_type; /* Type of login. */
pid_t ut_pid; /* Process ID of login process. */
- char ut_line[UT_LINESIZE]; /* Devicename. */
+ char ut_line[UT_LINESIZE]
+ __attribute_nonstring__; /* Devicename. */
char ut_id[4]; /* Inittab ID. */
- char ut_user[UT_NAMESIZE]; /* Username. */
- char ut_host[UT_HOSTSIZE]; /* Hostname for remote login. */
+ char ut_user[UT_NAMESIZE]
+ __attribute_nonstring__; /* Username. */
+ char ut_host[UT_HOSTSIZE]
+ __attribute_nonstring__; /* Hostname for remote login. */
struct exit_status ut_exit; /* Exit status of a process marked
as DEAD_PROCESS. */
/* The ut_session and ut_tv fields must be the same size when compiled

View File

@ -0,0 +1,47 @@
commit 4bae615022cb5a5da79ccda83cc6c9ba9f2d479c
Author: Joseph Myers <joseph@codesourcery.com>
Date: Wed Nov 22 18:44:23 2017 +0000
Avoid use of strlen in getlogin_r (bug 22447).
Building glibc with current mainline GCC fails, among other reasons,
because of an error for use of strlen on the nonstring ut_user field.
This patch changes the problem code in getlogin_r to use __strnlen
instead. It also needs to set the trailing NUL byte of the result
explicitly, because of the case where ut_user does not have such a
trailing NUL byte (but the result should always have one).
Tested for x86_64. Also tested that, in conjunction with
<https://sourceware.org/ml/libc-alpha/2017-11/msg00797.html>, it fixes
the build for arm with mainline GCC.
[BZ #22447]
* sysdeps/unix/getlogin_r.c (__getlogin_r): Use __strnlen not
strlen to compute length of ut_user and set trailing NUL byte of
result explicitly.
---
sysdeps/unix/getlogin_r.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
--- a/sysdeps/unix/getlogin_r.c
+++ b/sysdeps/unix/getlogin_r.c
@@ -80,7 +80,7 @@
if (result == 0)
{
- size_t needed = strlen (ut->ut_user) + 1;
+ size_t needed = __strnlen (ut->ut_user, UT_NAMESIZE) + 1;
if (needed > name_len)
{
@@ -89,7 +89,8 @@
}
else
{
- memcpy (name, ut->ut_user, needed);
+ memcpy (name, ut->ut_user, needed - 1);
+ name[needed - 1] = 0;
result = 0;
}
}

View File

@ -0,0 +1,25 @@
commit e69897bf202e18034cbef26f363bae64de70a196
Author: Paul Eggert <eggert@cs.ucla.edu>
Date: Sun Nov 12 22:00:28 2017 -0800
timezone: pacify GCC -Wstringop-truncation
Problem reported by Martin Sebor in:
https://sourceware.org/ml/libc-alpha/2017-11/msg00336.html
* timezone/zic.c (writezone): Use memcpy, not strncpy.
---
timezone/zic.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/timezone/zic.c
+++ b/timezone/zic.c
@@ -1949,7 +1949,7 @@
}
#define DO(field) fwrite(tzh.field, sizeof tzh.field, 1, fp)
tzh = tzh0;
- strncpy(tzh.tzh_magic, TZ_MAGIC, sizeof tzh.tzh_magic);
+ memcpy(tzh.tzh_magic, TZ_MAGIC, sizeof tzh.tzh_magic);
tzh.tzh_version[0] = version;
convert(thistypecnt, tzh.tzh_ttisgmtcnt);
convert(thistypecnt, tzh.tzh_ttisstdcnt);

View File

@ -1,6 +1,6 @@
origin='GNU' origin='GNU'
repository='git git://sourceware.org/git/glibc.git' repository='git git://sourceware.org/git/glibc.git'
mirrors='$(CT_Mirrors GNU glibc)' mirrors='$(CT_Mirrors GNU glibc)'
milestones='2.14 2.17 2.20 2.23 2.24 2.26' milestones='2.14 2.17 2.20 2.23 2.24 2.26 2.27'
archive_formats='.tar.xz .tar.bz2 .tar.gz' archive_formats='.tar.xz .tar.bz2 .tar.gz'
signature_format='packed/.sig' signature_format='packed/.sig'

View File

@ -171,6 +171,7 @@ do_libc_backend_once() {
*) extra_config+=("--enable-add-ons=$(do_libc_add_ons_list ,)");; *) extra_config+=("--enable-add-ons=$(do_libc_add_ons_list ,)");;
esac esac
[ "${CT_GLIBC_ENABLE_WERROR}" != "y" ] && extra_config+=("--disable-werror")
[ -n "${CT_PKGVERSION}" ] && extra_config+=("--with-pkgversion=${CT_PKGVERSION}") [ -n "${CT_PKGVERSION}" ] && extra_config+=("--with-pkgversion=${CT_PKGVERSION}")
[ -n "${CT_TOOLCHAIN_BUGURL}" ] && extra_config+=("--with-bugurl=${CT_TOOLCHAIN_BUGURL}") [ -n "${CT_TOOLCHAIN_BUGURL}" ] && extra_config+=("--with-bugurl=${CT_TOOLCHAIN_BUGURL}")