[cfe-dev] clang and -D_FORTIFY_SOURCE=1

Eli Friedman via cfe-dev cfe-dev at lists.llvm.org
Tue Dec 3 11:38:59 PST 2019


Are you sure you've diagnosed the issue correctly? __builtin___memcpy_chk works correctly, as far as I know.

-Eli

> -----Original Message-----
> From: cfe-dev <cfe-dev-bounces at lists.llvm.org> On Behalf Of Serge Guelton via
> cfe-dev
> Sent: Tuesday, December 3, 2019 2:07 AM
> To: cfe-dev at lists.llvm.org
> Cc: llvm-dev at lists.llvm.org
> Subject: [EXT] [cfe-dev] clang and -D_FORTIFY_SOURCE=1
>
> Hi folks (CCing llvm-dev, but that's probably more of a cfe-dev topic),
>
> As a follow-up to that old thread about -D_FORTIFY_SOURCE=n
>
>     http://lists.llvm.org/pipermail/cfe-dev/2015-November/045845.html
>
> And, more recently, to this fedora thread where clang/llvm -
> D_FORTIFY_SOURCE
> support is claimed to be only partial:
>
>     https://pagure.io/fesco/issue/2020
>
> I dig into the glibc headers in order to have a better understanding of what's
> going on, and wrote my notes here:
>
>     https://sergesanspaille.fedorapeople.org/fortify_source_requirements.rst
>
> TL;DR: clang does provide a similar compile-time checking as gcc, but no
> runtime
> checking. To assert that I wrote a small test suite:
>
>     https://github.com/serge-sans-paille/fortify-test-suite
>
> And indeed, clang doesn't pass it, mostly because it turns call to
> __builtin__(.*)_chk into calls to __builtin__\1.
>
> We need to support the runtime behavior of the following builtins:
>
> - __builtin___memcpy_chk
> - __builtin___memmove_chk
> - __builtin___mempcpy_chk
> - __builtin___memset_chk
> - __builtin___snprintf_chk
> - __builtin___sprintf_chk
> - __builtin___stpcpy_chk
> - __builtin___strcat_chk
> - __builtin___strcpy_chk
> - __builtin___strncat_chk
> - __builtin___strncpy_chk
> - __builtin___vsnprintf_chk
> - __builtin___vsprintf_chk
>
> And I'd like to implement them at clang level, leveraging their existing
> implementation. Is that the right way to go / any comments / issue with that
> approach ?
> _______________________________________________
> cfe-dev mailing list
> cfe-dev at lists.llvm.org
> https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-dev


More information about the cfe-dev mailing list