improve out-of-bounds checking with GCC 10 attribute access [BZ #25219]

Adds the access attribute newly introduced in GCC 10 to the subset of function declarations that are already covered by _FORTIFY_SOURCE and that don't have corresponding GCC built-in equivalents. Reviewed-by: DJ Delorie <dj@redhat.com>
2025-08-07 06:43:00 +03:00 · 2020-05-04 11:21:50 -06:00
parent 38c6788818
commit 06febd8c67
9 changed files with 146 additions and 82 deletions
--- a/libio/bits/stdio2.h
+++ b/libio/bits/stdio2.h
@@ -24,10 +24,12 @@
 #endif

 extern int __sprintf_chk (char *__restrict __s, int __flag, size_t __slen,
-			  const char *__restrict __format, ...) __THROW;
+			  const char *__restrict __format, ...) __THROW
+    __attr_access ((__write_only__, 1, 3));
 extern int __vsprintf_chk (char *__restrict __s, int __flag, size_t __slen,
 			   const char *__restrict __format,
-			   __gnuc_va_list __ap) __THROW;
+			   __gnuc_va_list __ap) __THROW
+    __attr_access ((__write_only__, 1, 3));

 #ifdef __va_arg_pack
 __fortify_function int
@@ -54,7 +56,8 @@ __NTH (vsprintf (char *__restrict __s, const char *__restrict __fmt,

 extern int __snprintf_chk (char *__restrict __s, size_t __n, int __flag,
 			   size_t __slen, const char *__restrict __format,
-			   ...) __THROW;
+			   ...) __THROW
+    __attr_access ((__write_only__, 1, 2));
 extern int __vsnprintf_chk (char *__restrict __s, size_t __n, int __flag,
 			    size_t __slen, const char *__restrict __format,
 			    __gnuc_va_list __ap) __THROW;
@@ -241,17 +244,19 @@ gets (char *__str)
 #endif

 extern char *__fgets_chk (char *__restrict __s, size_t __size, int __n,
-			  FILE *__restrict __stream) __wur;
+			  FILE *__restrict __stream)
+    __wur __attr_access ((__write_only__, 1, 3));
 extern char *__REDIRECT (__fgets_alias,
 			 (char *__restrict __s, int __n,
-			  FILE *__restrict __stream), fgets) __wur;
+			  FILE *__restrict __stream), fgets)
+    __wur __attr_access ((__write_only__, 1, 2));
 extern char *__REDIRECT (__fgets_chk_warn,
 			 (char *__restrict __s, size_t __size, int __n,
 			  FILE *__restrict __stream), __fgets_chk)
     __wur __warnattr ("fgets called with bigger size than length "
 		       "of destination buffer");

-__fortify_function __wur char *
+__fortify_function __wur __attr_access ((__write_only__, 1, 2)) char *
 fgets (char *__restrict __s, int __n, FILE *__restrict __stream)
 {
  if (__bos (__s) != (size_t) -1)
@@ -299,17 +304,19 @@ fread (void *__restrict __ptr, size_t __size, size_t __n,

 #ifdef __USE_GNU
 extern char *__fgets_unlocked_chk (char *__restrict __s, size_t __size,
-				   int __n, FILE *__restrict __stream) __wur;
+				   int __n, FILE *__restrict __stream)
+    __wur __attr_access ((__write_only__, 1, 3));
 extern char *__REDIRECT (__fgets_unlocked_alias,
 			 (char *__restrict __s, int __n,
-			  FILE *__restrict __stream), fgets_unlocked) __wur;
+			  FILE *__restrict __stream), fgets_unlocked)
+    __wur __attr_access ((__write_only__, 1, 2));
 extern char *__REDIRECT (__fgets_unlocked_chk_warn,
 			 (char *__restrict __s, size_t __size, int __n,
 			  FILE *__restrict __stream), __fgets_unlocked_chk)
     __wur __warnattr ("fgets_unlocked called with bigger size than length "
 		       "of destination buffer");

-__fortify_function __wur char *
+__fortify_function __wur __attr_access ((__write_only__, 1, 2)) char *
 fgets_unlocked (char *__restrict __s, int __n, FILE *__restrict __stream)
 {
  if (__bos (__s) != (size_t) -1)