This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
[PATCH] no-alloca.h: Support poisoning alloca
- From: fweimer at redhat dot com (Florian Weimer)
- To: libc-alpha at sourceware dot org
- Date: Mon, 19 Jun 2017 18:16:55 +0200
- Subject: [PATCH] no-alloca.h: Support poisoning alloca
- Authentication-results: sourceware.org; auth=none
- Authentication-results: ext-mx06.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=redhat.com
- Authentication-results: ext-mx06.extmail.prod.ext.phx2.redhat.com; spf=pass smtp.mailfrom=fweimer at redhat dot com
- Dkim-filter: OpenDKIM Filter v2.11.0 mx1.redhat.com 4C10343A47
- Dmarc-filter: OpenDMARC Filter v1.3.2 mx1.redhat.com 4C10343A47
2017-06-19 Florian Weimer <fweimer@redhat.com>
Support blocking VLAs and alloca at compile time.
* Makeconfig (CFLAGS-no-alloca): Define.
* include/no-alloca.h: New file.
diff --git a/Makeconfig b/Makeconfig
index 80aed2a..3b7caaf 100644
--- a/Makeconfig
+++ b/Makeconfig
@@ -508,6 +508,9 @@ endif # +link
# tell gcc to define IS_IN_build.
CFLAGS-printers-tests := -O0 -ggdb3 -DIS_IN_build
+# CFLAGS setting to block VLAs and alloca for select source files.
+CFLAGS-no-alloca = -Werror=vla -include $(..)include/no-alloca.h
+
ifeq (yes,$(build-shared))
# These indicate whether to link using the built ld.so or the installed one.
installed-rtld-LDFLAGS = -Wl,-dynamic-linker=$(rtlddir)/$(rtld-installed-name)
diff --git a/include/no-alloca.h b/include/no-alloca.h
new file mode 100644
index 0000000..b9d3ae6
--- /dev/null
+++ b/include/no-alloca.h
@@ -0,0 +1,25 @@
+/* Prevent the use of alloca.
+ Copyright (C) 2017 Free Software Foundation, Inc.
+ This file is part of the GNU C Library.
+
+ The GNU C Library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+
+ The GNU C Library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with the GNU C Library; if not, see
+ <http://www.gnu.org/licenses/>. */
+
+#pragma GCC poison alloca
+#pragma GCC poison __alloca
+#pragma GCC poison __builtin_alloca
+#pragma GCC poison __builtin_alloca_with_align
+#pragma GCC poison extend_alloca
+
+#define __GLIBC_NO_ALLOCA 1
diff --git a/include/string.h b/include/string.h
index 2bf2944..ce4845e 100644
--- a/include/string.h
+++ b/include/string.h
@@ -62,7 +62,7 @@ extern __typeof (strcasecmp_l) __strcasecmp_l;
extern __typeof (strncasecmp_l) __strncasecmp_l;
/* Alternative version which doesn't pollute glibc's namespace. */
-#if IS_IN (libc)
+#if IS_IN (libc) && !defined (__GLIBC_NO_ALLOCA)
# undef strndupa
# define strndupa(s, n) \
(__extension__ \
diff --git a/stdlib/stdlib.h b/stdlib/stdlib.h
index 6f1e70e..0f6b5e2 100644
--- a/stdlib/stdlib.h
+++ b/stdlib/stdlib.h
@@ -459,7 +459,7 @@ extern void *reallocarray (void *__ptr, size_t __nmemb, size_t __size)
/* Free a block allocated by `malloc', `realloc' or `calloc'. */
extern void free (void *__ptr) __THROW;
-#ifdef __USE_MISC
+#if defined (__USE_MISC) && !defined (__GLIBC_NO_ALLOCA)
# include <alloca.h>
#endif /* Use misc. */
diff --git a/string/string.h b/string/string.h
index d1a2746..cb28941 100644
--- a/string/string.h
+++ b/string/string.h
@@ -174,7 +174,7 @@ extern char *strndup (const char *__string, size_t __n)
__THROW __attribute_malloc__ __nonnull ((1));
#endif
-#if defined __USE_GNU && defined __GNUC__
+#if defined __USE_GNU && defined __GNUC__ && !defined (__GLIBC_NO_ALLOCA)
/* Duplicate S, returning an identical alloca'd string. */
# define strdupa(s) \
(__extension__ \