lib/glibc
1
0
Fork 0
mirror of https://sourceware.org/git/glibc.git synced 2025-08-07 06:43:00 +03:00
Code Activity

libio: Add nonnull attribute for most FILE * arguments in stdio.h

Browse Source 
During the review of a GCC analyzer test case, we found most stdio
functions accepting a FILE * argument expect it to be nonnull and just
segfault when the argument is NULL.  Add nonnull attribute for them.

fflush and fflush_unlocked are well defined when __stream is NULL so
they are not touched.

For fputs, fgets, fread, fwrite, fprintf, vfprintf, and their unlocked
version, if __stream is empty but there is nothing to read or write,
they did not segfault.  But the standard disallow __stream to be empty
here, so nonnull attribute is also added for them.  Note that this may
blow up some old code already subtly broken.

Also add __nonnull for _chk variants and __fortify_function versions for
them.

Signed-off-by: Xi Ruoyao <xry111@xry111.site>
Reviewed-by: Alejandro Colomar <alx@kernel.org>
Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
This commit is contained in:
Xi Ruoyao
2023-09-25 19:53:26 +08:00
committed by Siddhesh Poyarekar
parent 6b695e5c62
commit 64b1a44183
3 changed files with 99 additions and 78 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
libio/bits/stdio2.h
View File

@@ -73,7 +73,7 @@ __NTH (vsnprintf (char *__restrict __s, size_t __n,
#if __USE_FORTIFY_LEVEL > 1
# ifdef __va_arg_pack
__fortify_function int
__fortify_function __nonnull ((1)) int
fprintf (FILE *__restrict __stream, const char *__restrict __fmt, ...)
{
return __fprintf_chk (__stream, __USE_FORTIFY_LEVEL - 1, __fmt,
@@ -102,7 +102,7 @@ vprintf (const char *__restrict __fmt, __gnuc_va_list __ap)
#endif
}
__fortify_function int
__fortify_function __nonnull ((1)) int
vfprintf (FILE *__restrict __stream,
const char *__restrict __fmt, __gnuc_va_list __ap)
{
@@ -191,7 +191,8 @@ gets (char *__str)
}
#endif
__fortify_function __wur __fortified_attr_access (__write_only__, 1, 2) char *
__fortify_function __wur __fortified_attr_access (__write_only__, 1, 2)
__nonnull ((3)) char *
fgets (char *__restrict __s, int __n, FILE *__restrict __stream)
{
size_t sz = __glibc_objsize (__s);
@@ -202,7 +203,7 @@ fgets (char *__restrict __s, int __n, FILE *__restrict __stream)
return __fgets_chk (__s, sz, __n, __stream);
}
__fortify_function __wur size_t
__fortify_function __wur __nonnull ((4)) size_t
fread (void *__restrict __ptr, size_t __size, size_t __n,
FILE *__restrict __stream)
{
@@ -215,7 +216,8 @@ fread (void *__restrict __ptr, size_t __size, size_t __n,
}
#ifdef __USE_GNU
__fortify_function __wur __fortified_attr_access (__write_only__, 1, 2) char *
__fortify_function __wur __fortified_attr_access (__write_only__, 1, 2)
__nonnull ((3)) char *
fgets_unlocked (char *__restrict __s, int __n, FILE *__restrict __stream)
{
size_t sz = __glibc_objsize (__s);
@@ -229,7 +231,7 @@ fgets_unlocked (char *__restrict __s, int __n, FILE *__restrict __stream)
#ifdef __USE_MISC
# undef fread_unlocked
__fortify_function __wur size_t
__fortify_function __wur __nonnull ((4)) size_t
fread_unlocked (void *__restrict __ptr, size_t __size, size_t __n,
FILE *__restrict __stream)
{