picnoir/glibc
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity
glibc/socket/bits/socket2.h
Siddhesh Poyarekar a643f60c53 Make sure that the fortified function conditionals are constant 
In _FORTIFY_SOURCE=3, the size expression may be non-constant,
resulting in branches in the inline functions remaining intact and
causing a tiny overhead.  Clang (and in future, gcc) make sure that
the -1 case is always safe, i.e. any comparison of the generated
expression with (size_t)-1 is always false so that bit is taken care
of.  The rest is avoidable since we want the _chk variant whenever we
have a size expression and it's not -1.

Rework the conditionals in a uniform way to clearly indicate two
conditions at compile time:

- Either the size is unknown (-1) or we know at compile time that the
  operation length is less than the object size.  We can call the
  original function in this case.  It could be that either the length,
  object size or both are non-constant, but the compiler, through
  range analysis, is able to fold the *comparison* to a constant.

- The size and length are known and the compiler can see at compile
  time that operation length > object size.  This is valid grounds for
  a warning at compile time, followed by emitting the _chk variant.

For everything else, emit the _chk variant.

This simplifies most of the fortified function implementations and at
the same time, ensures that only one call from _chk or the regular
function is emitted.

Signed-off-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
2021-10-20 18:12:41 +05:30

72 lines
3 KiB
C
Raw Blame History

/* Checking macros for socket functions.
Copyright (C) 2005-2021 Free Software Foundation, Inc.
This file is part of the GNU C Library.
The GNU C Library is free software; you can redistribute it and/or
modify it under the terms of the GNU Lesser General Public
License as published by the Free Software Foundation; either
version 2.1 of the License, or (at your option) any later version.
The GNU C Library is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
Lesser General Public License for more details.
You should have received a copy of the GNU Lesser General Public
License along with the GNU C Library; if not, see
<https://www.gnu.org/licenses/>. */
#ifndef _SYS_SOCKET_H
# error "Never include <bits/socket2.h> directly; use <sys/socket.h> instead."
#endif
extern ssize_t __recv_chk (int __fd, void *__buf, size_t __n, size_t __buflen,
int __flags);
extern ssize_t __REDIRECT (__recv_alias, (int __fd, void *__buf, size_t __n,
int __flags), recv);
extern ssize_t __REDIRECT (__recv_chk_warn,
(int __fd, void *__buf, size_t __n, size_t __buflen,
int __flags), __recv_chk)
__warnattr ("recv called with bigger length than size of destination "
"buffer");
__fortify_function ssize_t
recv (int __fd, void *__buf, size_t __n, int __flags)
{
size_t sz = __glibc_objsize0 (__buf);
if (__glibc_safe_or_unknown_len (__n, sizeof (char), sz))
return __recv_alias (__fd, __buf, __n, __flags);
if (__glibc_unsafe_len (__n, sizeof (char), sz))
return __recv_chk_warn (__fd, __buf, __n, sz, __flags);
return __recv_chk (__fd, __buf, __n, sz, __flags);
}
extern ssize_t __recvfrom_chk (int __fd, void *__restrict __buf, size_t __n,
size_t __buflen, int __flags,
__SOCKADDR_ARG __addr,
socklen_t *__restrict __addr_len);
extern ssize_t __REDIRECT (__recvfrom_alias,
(int __fd, void *__restrict __buf, size_t __n,
int __flags, __SOCKADDR_ARG __addr,
socklen_t *__restrict __addr_len), recvfrom);
extern ssize_t __REDIRECT (__recvfrom_chk_warn,
(int __fd, void *__restrict __buf, size_t __n,
size_t __buflen, int __flags,
__SOCKADDR_ARG __addr,
socklen_t *__restrict __addr_len), __recvfrom_chk)
__warnattr ("recvfrom called with bigger length than size of "
"destination buffer");
__fortify_function ssize_t
recvfrom (int __fd, void *__restrict __buf, size_t __n, int __flags,
__SOCKADDR_ARG __addr, socklen_t *__restrict __addr_len)
{
size_t sz = __glibc_objsize0 (__buf);
if (__glibc_safe_or_unknown_len (__n, sizeof (char), sz))
return __recvfrom_alias (__fd, __buf, __n, __flags, __addr, __addr_len);
if (__glibc_unsafe_len (__n, sizeof (char), sz))
return __recvfrom_chk_warn (__fd, __buf, __n, sz, __flags, __addr,
__addr_len);
return __recvfrom_chk (__fd, __buf, __n, sz, __flags, __addr, __addr_len);
}
Reference in a new issue View git blame Copy permalink