This is the mail archive of the libc-hacker@sourceware.org mailing list for the glibc project.

Note that libc-hacker is a closed list. You may look at the archives of this list, but subscription and posting are not open.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

[PATCH] Fortify {,v}{as,d}printf and obstack_{,v}printf


Hi!

The following patch fortifies these 6 functions with -D_FORTIFY_SOURCE=2
to make sure %n in format string is only used if the format string is
not writable.  Tested on x86_64-linux and ppc-linux (the latter mainly
to test the long double stuff).

2008-03-04  Jakub Jelinek  <jakub@redhat.com>

	* include/stdio.h (__asprintf_chk, __dprintf_chk,
	__obstack_printf_chk): New prototypes.
	(__vasprintf_chk, __vdprintf_chk, __obstack_vprintf_chk): Likewise.
	Add libc_hidden_proto.
	* libio/obprintf.c (_IO_obstack_jumps): No longer static, add
	attribute_hidden.
	* libio/bits/stdio-ldbl.h (__asprintf_chk, __dprintf_chk,
	__obstack_printf_chk, __vasprintf_chk, __vdprintf_chk,
	__obstack_vprintf_chk): Add __LDBL_REDIR_DECL.
	* libio/bits/stdio2.h (__asprintf_chk, __dprintf_chk,
	__obstack_printf_chk, __vasprintf_chk, __vdprintf_chk,
	__obstack_vprintf_chk): New prototypes.
	(asprintf, __asprintf, dprintf, obstack_printf, vasprintf,
	vdprintf, obstack_vprintf): New inlines.
	* debug/dprintf_chk.c: New file.
	* debug/vdprintf_chk.c: New file.
	* debug/asprintf_chk.c: New file.
	* debug/vasprintf_chk.c: New file.
	* debug/obprintf_chk.c: New file.
	* debug/tst-chk1.c (do_test): Add asprintf and obstack_printf
	tests.
	* debug/Versions (__asprintf_chk, __dprintf_chk,
	__obstack_printf_chk, __vasprintf_chk, __vdprintf_chk,
	__obstack_vprintf_chk): Export @@GLIBC_2.8.
	* debug/Makefile: Build asprintf_chk, vasprintf_chk,
	dprintf_chk, vdprintf_chk and obprintf_chk, set CFLAGS for them.
	* sysdeps/ieee754/ldbl-opt/nldbl-compat.c (__nldbl___vasprintf_chk,
	__nldbl___vdprintf_chk, __nldbl___obstack_vprintf_chk): Add
	libc_hidden_proto.
	* sysdeps/ieee754/ldbl-opt/nldbl-compat.h (__nldbl___vasprintf_chk,
	__nldbl___vdprintf_chk, __nldbl___obstack_vprintf_chk): New
	prototypes.
	* sysdeps/ieee754/ldbl-opt/Versions (__nldbl___asprintf_chk,
	__nldbl___vasprintf_chk, __nldbl___dprintf_chk,
	__nldbl___vdprintf_chk, __nldbl___obstack_printf_chk,
	__nldbl___obstack_vprintf_chk): Export @@GLIBC_2.8.
	* sysdeps/ieee754/ldbl-opt/Makefile (libnldbl-calls): Add
	asprintf_chk, vasprintf_chk, dprintf_chk, vdprintf_chk,
	obstack_printf_chk and obstack_vprintf_chk.
	* sysdeps/ieee754/ldbl-opt/nldbl-obstack_vprintf_chk.c: New file.
	* sysdeps/ieee754/ldbl-opt/nldbl-dprintf_chk.c: New file.
	* sysdeps/ieee754/ldbl-opt/nldbl-obstack_printf_chk.c: New file.
	* sysdeps/ieee754/ldbl-opt/nldbl-asprintf_chk.c: New file.
	* sysdeps/ieee754/ldbl-opt/nldbl-vdprintf_chk.c: New file.
	* sysdeps/ieee754/ldbl-opt/nldbl-vasprintf_chk.c: New file.

--- libc/include/stdio.h.jj	2007-10-16 10:20:13.000000000 +0200
+++ libc/include/stdio.h	2008-03-04 12:58:36.000000000 +0100
@@ -41,6 +41,14 @@ extern int __vprintf_chk (int, const cha
 extern int __vfprintf_chk (FILE *, int, const char *, _G_va_list);
 extern char *__fgets_unlocked_chk (char *buf, size_t size, int n, FILE *fp);
 extern char *__fgets_chk (char *buf, size_t size, int n, FILE *fp);
+extern int __asprintf_chk (char **, int, const char *, ...) __THROW;
+extern int __vasprintf_chk (char **, int, const char *, _G_va_list) __THROW;
+extern int __dprintf_chk (int, int, const char *, ...);
+extern int __vdprintf_chk (int, int, const char *, _G_va_list);
+extern int __obstack_printf_chk (struct obstack *, int, const char *, ...)
+     __THROW;
+extern int __obstack_vprintf_chk (struct obstack *, int, const char *,
+				  _G_va_list) __THROW;
 #endif
 
 extern int __isoc99_fscanf (FILE *__restrict __stream,
@@ -149,6 +157,9 @@ libc_hidden_proto (__libc_fatal)
 libc_hidden_proto (__vsprintf_chk)
 libc_hidden_proto (__vsnprintf_chk)
 libc_hidden_proto (__vfprintf_chk)
+libc_hidden_proto (__vasprintf_chk)
+libc_hidden_proto (__vdprintf_chk)
+libc_hidden_proto (__obstack_vprintf_chk)
 
 #  if !defined NOT_IN_libc && defined SHARED && defined DO_VERSIONING \
   && !defined NO_HIDDEN
--- libc/libio/obprintf.c.jj	2006-01-14 13:09:46.000000000 +0100
+++ libc/libio/obprintf.c	2008-03-04 11:56:37.000000000 +0100
@@ -1,5 +1,5 @@
 /* Print output of stream to given obstack.
-   Copyright (C) 1996,1997,1999,2000,2001,2002,2003,2004,2005,2006
+   Copyright (C) 1996,1997,1999,2000,2001,2002,2003,2004,2005,2006,2008
 	Free Software Foundation, Inc.
    This file is part of the GNU C Library.
    Contributed by Ulrich Drepper <drepper@cygnus.com>, 1996.
@@ -95,7 +95,7 @@ _IO_obstack_xsputn (_IO_FILE *fp, const 
 
 
 /* the jump table.  */
-static const struct _IO_jump_t _IO_obstack_jumps =
+const struct _IO_jump_t _IO_obstack_jumps attribute_hidden =
 {
   JUMP_INIT_DUMMY,
   JUMP_INIT(finish, NULL),
--- libc/libio/bits/stdio-ldbl.h.jj	2007-09-18 21:24:15.000000000 +0200
+++ libc/libio/bits/stdio-ldbl.h	2008-03-04 12:23:55.000000000 +0100
@@ -1,5 +1,5 @@
 /* -mlong-double-64 compatibility mode for stdio functions.
-   Copyright (C) 2006, 2007 Free Software Foundation, Inc.
+   Copyright (C) 2006, 2007, 2008 Free Software Foundation, Inc.
    This file is part of the GNU C Library.
 
    The GNU C Library is free software; you can redistribute it and/or
@@ -85,5 +85,13 @@ __LDBL_REDIR_DECL (__fprintf_chk)
 __LDBL_REDIR_DECL (__printf_chk)
 __LDBL_REDIR_DECL (__vfprintf_chk)
 __LDBL_REDIR_DECL (__vprintf_chk)
+#  ifdef __USE_GNU
+__LDBL_REDIR_DECL (__asprintf_chk)
+__LDBL_REDIR_DECL (__vasprintf_chk)
+__LDBL_REDIR_DECL (__dprintf_chk)
+__LDBL_REDIR_DECL (__vdprintf_chk)
+__LDBL_REDIR_DECL (__obstack_printf_chk)
+__LDBL_REDIR_DECL (__obstack_vprintf_chk)
+#  endif
 # endif
 #endif
--- libc/libio/bits/stdio2.h.jj	2007-09-29 20:51:56.000000000 +0200
+++ libc/libio/bits/stdio2.h	2008-03-04 14:17:02.000000000 +0100
@@ -1,5 +1,5 @@
 /* Checking macros for stdio functions.
-   Copyright (C) 2004, 2005, 2007 Free Software Foundation, Inc.
+   Copyright (C) 2004, 2005, 2007, 2008 Free Software Foundation, Inc.
    This file is part of the GNU C Library.
 
    The GNU C Library is free software; you can redistribute it and/or
@@ -128,6 +128,93 @@ vfprintf (FILE *__restrict __stream,
   return __vfprintf_chk (__stream, __USE_FORTIFY_LEVEL - 1, __fmt, __ap);
 }
 
+# ifdef __USE_GNU
+
+extern int __asprintf_chk (char **__restrict __ptr, int __flag,
+			   __const char *__restrict __fmt, ...)
+     __THROW __attribute__ ((__format__ (__printf__, 3, 4))) __wur;
+extern int __vasprintf_chk (char **__restrict __ptr, int __flag,
+			    __const char *__restrict __fmt, _G_va_list __arg)
+     __THROW __attribute__ ((__format__ (__printf__, 3, 0))) __wur;
+extern int __dprintf_chk (int __fd, int __flag, __const char *__restrict __fmt,
+			  ...) __attribute__ ((__format__ (__printf__, 3, 4)));
+extern int __vdprintf_chk (int __fd, int __flag,
+			   __const char *__restrict __fmt, _G_va_list __arg)
+     __attribute__ ((__format__ (__printf__, 3, 0)));
+extern int __obstack_printf_chk (struct obstack *__restrict __obstack,
+				 int __flag, __const char *__restrict __format,
+				 ...)
+     __THROW __attribute__ ((__format__ (__printf__, 3, 4)));
+extern int __obstack_vprintf_chk (struct obstack *__restrict __obstack,
+				  int __flag,
+				  __const char *__restrict __format,
+				  _G_va_list __args)
+     __THROW __attribute__ ((__format__ (__printf__, 3, 0)));
+
+#  ifdef __va_arg_pack
+__extern_always_inline int
+__NTH (asprintf (char **__restrict __ptr, __const char *__restrict __fmt, ...))
+{
+  return __asprintf_chk (__ptr, __USE_FORTIFY_LEVEL - 1, __fmt,
+			 __va_arg_pack ());
+}
+
+__extern_always_inline int
+__NTH (__asprintf (char **__restrict __ptr, __const char *__restrict __fmt,
+		   ...))
+{
+  return __asprintf_chk (__ptr, __USE_FORTIFY_LEVEL - 1, __fmt,
+			 __va_arg_pack ());
+}
+
+__extern_always_inline int
+dprintf (int __fd, __const char *__restrict __fmt, ...)
+{
+  return __dprintf_chk (__fd, __USE_FORTIFY_LEVEL - 1, __fmt,
+			__va_arg_pack ());
+}
+
+__extern_always_inline int
+__NTH (obstack_printf (struct obstack *__restrict __obstack,
+		       __const char *__restrict __fmt, ...))
+{
+  return __obstack_printf_chk (__obstack, __USE_FORTIFY_LEVEL - 1, __fmt,
+			       __va_arg_pack ());
+}
+#  elif !defined __cplusplus
+#   define asprintf(ptr, ...) \
+  __asprintf_chk (ptr, __USE_FORTIFY_LEVEL - 1, __VA_ARGS__)
+#   define __asprintf(ptr, ...) \
+  __asprintf_chk (ptr, __USE_FORTIFY_LEVEL - 1, __VA_ARGS__)
+#   define dprintf(fd, ...) \
+  __dprintf_chk (fd, __USE_FORTIFY_LEVEL - 1, __VA_ARGS__)
+#   define obstack_printf(obstack, ...) \
+  __obstack_printf_chk (obstack, __USE_FORTIFY_LEVEL - 1, __VA_ARGS__)
+#  endif
+
+__extern_always_inline int
+__NTH (vasprintf (char **__restrict __ptr, __const char *__restrict __fmt,
+		  _G_va_list __ap))
+{
+  return __vasprintf_chk (__ptr, __USE_FORTIFY_LEVEL - 1, __fmt, __ap);
+}
+
+__extern_always_inline int
+vdprintf (int __fd, __const char *__restrict __fmt, _G_va_list __ap)
+{
+  return __vdprintf_chk (__fd, __USE_FORTIFY_LEVEL - 1, __fmt, __ap);
+}
+
+__extern_always_inline int
+__NTH (obstack_vprintf (struct obstack *__restrict __obstack,
+			__const char *__restrict __fmt, _G_va_list __ap))
+{
+  return __obstack_vprintf_chk (__obstack, __USE_FORTIFY_LEVEL - 1, __fmt,
+				__ap);
+}
+
+# endif
+
 #endif
 
 extern char *__gets_chk (char *__str, size_t) __wur;
--- libc/debug/dprintf_chk.c.jj	2008-03-04 11:51:31.000000000 +0100
+++ libc/debug/dprintf_chk.c	2008-03-04 13:22:54.000000000 +0100
@@ -0,0 +1,37 @@
+/* Copyright (C) 1991, 1995, 1997, 1998, 2004, 2006, 2008
+   Free Software Foundation, Inc.
+   This file is part of the GNU C Library.
+
+   The GNU C Library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Lesser General Public
+   License as published by the Free Software Foundation; either
+   version 2.1 of the License, or (at your option) any later version.
+
+   The GNU C Library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Lesser General Public License for more details.
+
+   You should have received a copy of the GNU Lesser General Public
+   License along with the GNU C Library; if not, write to the Free
+   Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+   02111-1307 USA.  */
+
+#include <libioP.h>
+#include <stdarg.h>
+#include <stdio.h>
+
+
+/* Write formatted output to D, according to the format string FORMAT.  */
+int
+__dprintf_chk (int d, int flags, const char *format, ...)
+{
+  va_list arg;
+  int done;
+
+  va_start (arg, format);
+  done = __vdprintf_chk (d, flags, format, arg);
+  va_end (arg);
+
+  return done;
+}
--- libc/debug/vdprintf_chk.c.jj	2008-03-04 11:45:28.000000000 +0100
+++ libc/debug/vdprintf_chk.c	2008-03-04 14:07:43.000000000 +0100
@@ -0,0 +1,69 @@
+/* Copyright (C) 1995, 1997-2000, 2001, 2002, 2003, 2006, 2008
+   Free Software Foundation, Inc.
+   This file is part of the GNU C Library.
+
+   The GNU C Library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Lesser General Public
+   License as published by the Free Software Foundation; either
+   version 2.1 of the License, or (at your option) any later version.
+
+   The GNU C Library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Lesser General Public License for more details.
+
+   You should have received a copy of the GNU Lesser General Public
+   License along with the GNU C Library; if not, write to the Free
+   Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+   02111-1307 USA.
+
+   As a special exception, if you link the code in this file with
+   files compiled with a GNU compiler to produce an executable,
+   that does not cause the resulting executable to be covered by
+   the GNU Lesser General Public License.  This exception does not
+   however invalidate any other reasons why the executable file
+   might be covered by the GNU Lesser General Public License.
+   This exception applies to code released by its copyright holders
+   in files containing the exception.  */
+
+#include <libioP.h>
+#include <stdio_ext.h>
+
+int
+__vdprintf_chk (int d, int flags, const char *format, va_list arg)
+{
+  struct _IO_FILE_plus tmpfil;
+  struct _IO_wide_data wd;
+  int done;
+
+#ifdef _IO_MTSAFE_IO
+  tmpfil.file._lock = NULL;
+#endif
+  _IO_no_init (&tmpfil.file, _IO_USER_LOCK, 0, &wd, &_IO_wfile_jumps);
+  _IO_JUMPS (&tmpfil) = &_IO_file_jumps;
+  INTUSE(_IO_file_init) (&tmpfil);
+#if  !_IO_UNIFIED_JUMPTABLES
+  tmpfil.vtable = NULL;
+#endif
+  if (INTUSE(_IO_file_attach) (&tmpfil.file, d) == NULL)
+    {
+      INTUSE(_IO_un_link) (&tmpfil);
+      return EOF;
+    }
+  tmpfil.file._IO_file_flags =
+    (_IO_mask_flags (&tmpfil.file, _IO_NO_READS,
+		     _IO_NO_READS+_IO_NO_WRITES+_IO_IS_APPENDING)
+     | _IO_DELETE_DONT_CLOSE);
+
+  /* For flags > 0 (i.e. __USE_FORTIFY_LEVEL > 1) request that %n
+     can only come from read-only format strings.  */
+  if (flags > 0)
+    tmpfil.file._flags2 |= _IO_FLAGS2_FORTIFY;
+
+  done = INTUSE(_IO_vfprintf) (&tmpfil.file, format, arg);
+
+  _IO_FINISH (&tmpfil.file);
+
+  return done;
+}
+libc_hidden_def (__vdprintf_chk)
--- libc/debug/asprintf_chk.c.jj	2008-03-04 11:23:43.000000000 +0100
+++ libc/debug/asprintf_chk.c	2008-03-04 13:23:03.000000000 +0100
@@ -0,0 +1,38 @@
+/* Copyright (C) 1991, 1995, 1997, 1998, 2004, 2006, 2008
+   Free Software Foundation, Inc.
+   This file is part of the GNU C Library.
+
+   The GNU C Library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Lesser General Public
+   License as published by the Free Software Foundation; either
+   version 2.1 of the License, or (at your option) any later version.
+
+   The GNU C Library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Lesser General Public License for more details.
+
+   You should have received a copy of the GNU Lesser General Public
+   License along with the GNU C Library; if not, write to the Free
+   Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+   02111-1307 USA.  */
+
+#include <libioP.h>
+#include <stdarg.h>
+#include <stdio.h>
+
+
+/* Write formatted output from FORMAT to a string which is
+   allocated with malloc and stored in *STRING_PTR.  */
+int
+__asprintf_chk (char **result_ptr, int flags, const char *format, ...)
+{
+  va_list arg;
+  int done;
+
+  va_start (arg, format);
+  done = __vasprintf_chk (result_ptr, flags, format, arg);
+  va_end (arg);
+
+  return done;
+}
--- libc/debug/vasprintf_chk.c.jj	2008-03-04 11:17:47.000000000 +0100
+++ libc/debug/vasprintf_chk.c	2008-03-04 13:24:14.000000000 +0100
@@ -0,0 +1,97 @@
+/* Copyright (C) 1995,1997,1999-2002,2004,2006,2008
+   Free Software Foundation, Inc.
+   This file is part of the GNU C Library.
+
+   The GNU C Library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Lesser General Public
+   License as published by the Free Software Foundation; either
+   version 2.1 of the License, or (at your option) any later version.
+
+   The GNU C Library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Lesser General Public License for more details.
+
+   You should have received a copy of the GNU Lesser General Public
+   License along with the GNU C Library; if not, write to the Free
+   Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+   02111-1307 USA.
+
+   As a special exception, if you link the code in this file with
+   files compiled with a GNU compiler to produce an executable,
+   that does not cause the resulting executable to be covered by
+   the GNU Lesser General Public License.  This exception does not
+   however invalidate any other reasons why the executable file
+   might be covered by the GNU Lesser General Public License.
+   This exception applies to code released by its copyright holders
+   in files containing the exception.  */
+
+#include <malloc.h>
+#include <string.h>
+#include <stdio.h>
+#include <stdio_ext.h>
+#include "../libio/libioP.h"
+#include "../libio/strfile.h"
+
+int
+__vasprintf_chk (char **result_ptr, int flags, const char *format,
+		 va_list args)
+{
+  /* Initial size of the buffer to be used.  Will be doubled each time an
+     overflow occurs.  */
+  const _IO_size_t init_string_size = 100;
+  char *string;
+  _IO_strfile sf;
+  int ret;
+  _IO_size_t needed;
+  _IO_size_t allocated;
+  /* No need to clear the memory here (unlike for open_memstream) since
+     we know we will never seek on the stream.  */
+  string = (char *) malloc (init_string_size);
+  if (string == NULL)
+    return -1;
+#ifdef _IO_MTSAFE_IO
+  sf._sbf._f._lock = NULL;
+#endif
+  _IO_no_init ((_IO_FILE *) &sf._sbf, _IO_USER_LOCK, -1, NULL, NULL);
+  _IO_JUMPS ((struct _IO_FILE_plus *) &sf._sbf) = &_IO_str_jumps;
+  _IO_str_init_static_internal (&sf, string, init_string_size, string);
+  sf._sbf._f._flags &= ~_IO_USER_BUF;
+  sf._s._allocate_buffer = (_IO_alloc_type) malloc;
+  sf._s._free_buffer = (_IO_free_type) free;
+
+  /* For flags > 0 (i.e. __USE_FORTIFY_LEVEL > 1) request that %n
+     can only come from read-only format strings.  */
+  if (flags > 0)
+    sf._sbf._f._flags2 |= _IO_FLAGS2_FORTIFY;
+
+  ret = INTUSE(_IO_vfprintf) (&sf._sbf._f, format, args);
+  if (ret < 0)
+    {
+      free (sf._sbf._f._IO_buf_base);
+      return ret;
+    }
+  /* Only use realloc if the size we need is of the same (binary)
+     order of magnitude then the memory we allocated.  */
+  needed = sf._sbf._f._IO_write_ptr - sf._sbf._f._IO_write_base + 1;
+  allocated = sf._sbf._f._IO_write_end - sf._sbf._f._IO_write_base;
+  if ((allocated >> 1) <= needed)
+    *result_ptr = (char *) realloc (sf._sbf._f._IO_buf_base, needed);
+  else
+    {
+      *result_ptr = (char *) malloc (needed);
+      if (*result_ptr != NULL)
+	{
+	  memcpy (*result_ptr, sf._sbf._f._IO_buf_base, needed - 1);
+	  free (sf._sbf._f._IO_buf_base);
+	}
+      else
+	/* We have no choice, use the buffer we already have.  */
+	*result_ptr = (char *) realloc (sf._sbf._f._IO_buf_base, needed);
+    }
+  if (*result_ptr == NULL)
+    *result_ptr = sf._sbf._f._IO_buf_base;
+  (*result_ptr)[needed - 1] = '\0';
+  return ret;
+}
+libc_hidden_def (__vasprintf_chk)
--- libc/debug/obprintf_chk.c.jj	2008-03-04 11:56:57.000000000 +0100
+++ libc/debug/obprintf_chk.c	2008-03-04 14:14:31.000000000 +0100
@@ -0,0 +1,117 @@
+/* Print output of stream to given obstack.
+   Copyright (C) 1996,1997,1999,2000,2001,2002,2003,2004,2005,2006,2008
+	Free Software Foundation, Inc.
+   This file is part of the GNU C Library.
+   Contributed by Ulrich Drepper <drepper@cygnus.com>, 1996.
+
+   The GNU C Library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Lesser General Public
+   License as published by the Free Software Foundation; either
+   version 2.1 of the License, or (at your option) any later version.
+
+   The GNU C Library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Lesser General Public License for more details.
+
+   You should have received a copy of the GNU Lesser General Public
+   License along with the GNU C Library; if not, write to the Free
+   Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+   02111-1307 USA.  */
+
+
+#include <stdlib.h>
+#include <libioP.h>
+#include "../libio/strfile.h"
+#include <assert.h>
+#include <string.h>
+#include <errno.h>
+#include <obstack.h>
+#include <stdarg.h>
+#include <stdio_ext.h>
+
+
+struct _IO_obstack_file
+{
+  struct _IO_FILE_plus file;
+  struct obstack *obstack;
+};
+
+extern const struct _IO_jump_t _IO_obstack_jumps attribute_hidden;
+
+int
+__obstack_vprintf_chk (struct obstack *obstack, int flags, const char *format,
+		       va_list args)
+{
+  struct obstack_FILE
+    {
+      struct _IO_obstack_file ofile;
+    } new_f;
+  int result;
+  int size;
+  int room;
+
+#ifdef _IO_MTSAFE_IO
+  new_f.ofile.file.file._lock = NULL;
+#endif
+
+  _IO_no_init (&new_f.ofile.file.file, _IO_USER_LOCK, -1, NULL, NULL);
+  _IO_JUMPS (&new_f.ofile.file) = &_IO_obstack_jumps;
+  room = obstack_room (obstack);
+  size = obstack_object_size (obstack) + room;
+  if (size == 0)
+    {
+      /* We have to handle the allocation a bit different since the
+	 `_IO_str_init_static' function would handle a size of zero
+	 different from what we expect.  */
+
+      /* Get more memory.  */
+      obstack_make_room (obstack, 64);
+
+      /* Recompute how much room we have.  */
+      room = obstack_room (obstack);
+      size = room;
+
+      assert (size != 0);
+    }
+
+  _IO_str_init_static_internal ((struct _IO_strfile_ *) &new_f.ofile,
+				obstack_base (obstack),
+				size, obstack_next_free (obstack));
+  /* Now allocate the rest of the current chunk.  */
+  assert (size == (new_f.ofile.file.file._IO_write_end
+		   - new_f.ofile.file.file._IO_write_base));
+  assert (new_f.ofile.file.file._IO_write_ptr
+	  == (new_f.ofile.file.file._IO_write_base
+	      + obstack_object_size (obstack)));
+  obstack_blank_fast (obstack, room);
+
+  new_f.ofile.obstack = obstack;
+
+  /* For flags > 0 (i.e. __USE_FORTIFY_LEVEL > 1) request that %n
+     can only come from read-only format strings.  */
+  if (flags > 0)
+    new_f.ofile.file.file._flags2 |= _IO_FLAGS2_FORTIFY;
+
+  result = INTUSE(_IO_vfprintf) (&new_f.ofile.file.file, format, args);
+
+  /* Shrink the buffer to the space we really currently need.  */
+  obstack_blank_fast (obstack, (new_f.ofile.file.file._IO_write_ptr
+				- new_f.ofile.file.file._IO_write_end));
+
+  return result;
+}
+libc_hidden_def (__obstack_vprintf_chk)
+
+
+int
+__obstack_printf_chk (struct obstack *obstack, int flags, const char *format,
+		      ...)
+{
+  int result;
+  va_list ap;
+  va_start (ap, format);
+  result = __obstack_vprintf_chk (obstack, flags, format, ap);
+  va_end (ap);
+  return result;
+}
--- libc/debug/tst-chk1.c.jj	2007-09-29 20:51:56.000000000 +0200
+++ libc/debug/tst-chk1.c	2008-03-04 15:12:56.000000000 +0100
@@ -1,4 +1,4 @@
-/* Copyright (C) 2004, 2005, 2006, 2007 Free Software Foundation, Inc.
+/* Copyright (C) 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc.
    This file is part of the GNU C Library.
    Contributed by Jakub Jelinek <jakub@redhat.com>, 2004.
 
@@ -20,6 +20,7 @@
 #include <assert.h>
 #include <fcntl.h>
 #include <locale.h>
+#include <obstack.h>
 #include <paths.h>
 #include <setjmp.h>
 #include <signal.h>
@@ -31,6 +32,9 @@
 #include <sys/socket.h>
 #include <sys/un.h>
 
+#define obstack_chunk_alloc malloc
+#define obstack_chunk_free free
+
 char *temp_filename;
 static void do_prepare (void);
 static int do_test (void);
@@ -705,6 +709,36 @@ do_test (void)
   if (fprintf (fp, buf2 + 4, str5) != 7)
     FAIL ();
 
+  char *my_ptr = NULL;
+  strcpy (buf2 + 2, "%n%s%n");
+  /* When the format string is writable and contains %n,
+     with -D_FORTIFY_SOURCE=2 it causes __chk_fail.  */
+  CHK_FAIL2_START
+  if (asprintf (&my_ptr, buf2, str4, &n1, str5, &n1) != 14)
+    FAIL ();
+  else
+    free (my_ptr);
+  CHK_FAIL2_END
+
+  struct obstack obs;
+  obstack_init (&obs);
+  CHK_FAIL2_START
+  if (obstack_printf (&obs, buf2, str4, &n1, str5, &n1) != 14)
+    FAIL ();
+  CHK_FAIL2_END
+  obstack_free (&obs, NULL);
+
+  my_ptr = NULL;
+  if (asprintf (&my_ptr, "%s%n%s%n", str4, &n1, str5, &n1) != 14)
+    FAIL ();
+  else
+    free (my_ptr);
+
+  obstack_init (&obs);
+  if (obstack_printf (&obs, "%s%n%s%n", str4, &n1, str5, &n1) != 14)
+    FAIL ();
+  obstack_free (&obs, NULL);
+
   if (freopen (temp_filename, "r", stdin) == NULL)
     {
       puts ("could not open temporary file");
--- libc/debug/Versions.jj	2007-09-16 07:06:24.000000000 +0200
+++ libc/debug/Versions	2008-03-04 12:25:04.000000000 +0100
@@ -42,6 +42,10 @@ libc {
   GLIBC_2.7 {
     __fread_chk; __fread_unlocked_chk;
   }
+  GLIBC_2.8 {
+    __asprintf_chk; __vasprintf_chk;  __dprintf_chk; __vdprintf_chk;
+    __obstack_printf_chk; __obstack_vprintf_chk;
+  }
   GLIBC_PRIVATE {
     __fortify_fail;
   }
--- libc/debug/Makefile.jj	2007-09-15 17:18:46.000000000 +0200
+++ libc/debug/Makefile	2008-03-04 14:49:36.000000000 +0100
@@ -1,4 +1,4 @@
-# Copyright (C) 1998-2001,2004,2005,2006,2007 Free Software Foundation, Inc.
+# Copyright (C) 1998-2001,2004-2008 Free Software Foundation, Inc.
 # This file is part of the GNU C Library.
 
 # The GNU C Library is free software; you can redistribute it and/or
@@ -41,7 +41,8 @@ routines  = backtrace backtracesyms back
 	    confstr_chk getgroups_chk ttyname_r_chk getlogin_r_chk \
 	    gethostname_chk getdomainname_chk wcrtomb_chk mbsnrtowcs_chk \
 	    wcsnrtombs_chk mbsrtowcs_chk wcsrtombs_chk mbstowcs_chk \
-	    wcstombs_chk \
+	    wcstombs_chk asprintf_chk vasprintf_chk dprintf_chk \
+	    vdprintf_chk obprintf_chk \
 	    stack_chk_fail fortify_fail \
 	    $(static-only-routines)
 static-only-routines := warning-nop stack_chk_fail_local
@@ -51,6 +52,11 @@ CFLAGS-sprintf_chk.c = -D_IO_MTSAFE_IO
 CFLAGS-snprintf_chk.c = -D_IO_MTSAFE_IO
 CFLAGS-vsprintf_chk.c = -D_IO_MTSAFE_IO
 CFLAGS-vsnprintf_chk.c = -D_IO_MTSAFE_IO
+CFLAGS-asprintf_chk.c = -D_IO_MTSAFE_IO
+CFLAGS-vasprintf_chk.c = -D_IO_MTSAFE_IO
+CFLAGS-obprintf_chk.c = -D_IO_MTSAFE_IO
+CFLAGS-dprintf_chk.c = -D_IO_MTSAFE_IO $(exceptions)
+CFLAGS-vdprintf_chk.c = -D_IO_MTSAFE_IO $(exceptions)
 CFLAGS-printf_chk.c = -D_IO_MTSAFE_IO $(exceptions)
 CFLAGS-fprintf_chk.c = -D_IO_MTSAFE_IO $(exceptions)
 CFLAGS-vprintf_chk.c = -D_IO_MTSAFE_IO $(exceptions)
--- libc/sysdeps/ieee754/ldbl-opt/nldbl-compat.c.jj	2007-09-18 21:24:15.000000000 +0200
+++ libc/sysdeps/ieee754/ldbl-opt/nldbl-compat.c	2008-03-04 13:20:33.000000000 +0100
@@ -1,5 +1,5 @@
 /* *printf* family compatibility routines for IEEE double as long double
-   Copyright (C) 2006, 2007 Free Software Foundation, Inc.
+   Copyright (C) 2006, 2007, 2008 Free Software Foundation, Inc.
    This file is part of the GNU C Library.
    Contributed by Jakub Jelinek <jakub@cygnus.com>, 2006.
 
@@ -48,6 +48,9 @@ libc_hidden_proto (__nldbl___vfprintf_ch
 libc_hidden_proto (__nldbl___vsyslog_chk)
 libc_hidden_proto (__nldbl___vsprintf_chk)
 libc_hidden_proto (__nldbl___vswprintf_chk)
+libc_hidden_proto (__nldbl___vasprintf_chk)
+libc_hidden_proto (__nldbl___vdprintf_chk)
+libc_hidden_proto (__nldbl___obstack_vprintf_chk)
 libc_hidden_proto (__nldbl___vstrfmon)
 libc_hidden_proto (__nldbl___vstrfmon_l)
 libc_hidden_proto (__nldbl___isoc99_vsscanf)
@@ -667,6 +670,86 @@ __nldbl___wprintf_chk (int flag, const w
   return done;
 }
 
+int
+attribute_compat_text_section
+__nldbl___vasprintf_chk (char **ptr, int flag, const char *fmt, va_list arg)
+{
+  int res;
+  __no_long_double = 1;
+  res = __vasprintf_chk (ptr, flag, fmt, arg);
+  __no_long_double = 0;
+  return res;
+}
+libc_hidden_def (__nldbl___vasprintf_chk)
+
+int
+attribute_compat_text_section
+__nldbl___asprintf_chk (char **ptr, int flag, const char *fmt, ...)
+{
+  va_list arg;
+  int done;
+
+  va_start (arg, fmt);
+  done = __nldbl___vasprintf_chk (ptr, flag, fmt, arg);
+  va_end (arg);
+
+  return done;
+}
+
+int
+attribute_compat_text_section
+__nldbl___vdprintf_chk (int d, int flag, const char *fmt, va_list arg)
+{
+  int res;
+  set_no_long_double ();
+  res = __vdprintf_chk (d, flag, fmt, arg);
+  clear_no_long_double ();
+  return res;
+}
+libc_hidden_def (__nldbl___vdprintf_chk)
+
+int
+attribute_compat_text_section
+__nldbl___dprintf_chk (int d, int flag, const char *fmt, ...)
+{
+  va_list arg;
+  int done;
+
+  va_start (arg, fmt);
+  done = __nldbl___vdprintf_chk (d, flag, fmt, arg);
+  va_end (arg);
+
+  return done;
+}
+
+int
+attribute_compat_text_section
+__nldbl___obstack_vprintf_chk (struct obstack *obstack, int flag,
+			       const char *fmt, va_list arg)
+{
+  int res;
+  __no_long_double = 1;
+  res = __obstack_vprintf_chk (obstack, flag, fmt, arg);
+  __no_long_double = 0;
+  return res;
+}
+libc_hidden_def (__nldbl___obstack_vprintf_chk)
+
+int
+attribute_compat_text_section
+__nldbl___obstack_printf_chk (struct obstack *obstack, int flag,
+			      const char *fmt, ...)
+{
+  va_list arg;
+  int done;
+
+  va_start (arg, fmt);
+  done = __nldbl___obstack_vprintf_chk (obstack, flag, fmt, arg);
+  va_end (arg);
+
+  return done;
+}
+
 extern __typeof (printf_size) __printf_size;
 
 int
--- libc/sysdeps/ieee754/ldbl-opt/nldbl-obstack_vprintf_chk.c.jj	2008-03-04 13:45:38.000000000 +0100
+++ libc/sysdeps/ieee754/ldbl-opt/nldbl-obstack_vprintf_chk.c	2008-03-04 13:46:35.000000000 +0100
@@ -0,0 +1,9 @@
+#include "nldbl-compat.h"
+
+int
+attribute_hidden
+__obstack_vprintf_chk (struct obstack *obstack, int flag, const char *fmt,
+		       va_list ap)
+{
+  return __nldbl___obstack_vprintf_chk (obstack, flag, fmt, ap);
+}
--- libc/sysdeps/ieee754/ldbl-opt/nldbl-dprintf_chk.c.jj	2008-03-04 13:40:09.000000000 +0100
+++ libc/sysdeps/ieee754/ldbl-opt/nldbl-dprintf_chk.c	2008-03-04 13:40:32.000000000 +0100
@@ -0,0 +1,15 @@
+#include "nldbl-compat.h"
+
+attribute_hidden
+int
+__dprintf_chk (int d, int flag, const char *fmt, ...)
+{
+  va_list arg;
+  int done;
+
+  va_start (arg, fmt);
+  done = __nldbl___vdprintf_chk (d, flag, fmt, arg);
+  va_end (arg);
+
+  return done;
+}
--- libc/sysdeps/ieee754/ldbl-opt/nldbl-compat.h.jj	2007-09-18 21:24:15.000000000 +0200
+++ libc/sysdeps/ieee754/ldbl-opt/nldbl-compat.h	2008-03-04 13:06:31.000000000 +0100
@@ -93,6 +93,11 @@ extern int __nldbl___vsnprintf_chk (char
 extern int __nldbl___vswprintf_chk (wchar_t *__restrict, size_t, int, size_t,
 				    const wchar_t *__restrict, __gnuc_va_list)
   __THROW;
+extern int __nldbl___vasprintf_chk (char **, int, const char *, _G_va_list)
+  __THROW;
+extern int __nldbl___vdprintf_chk (int, int, const char *, _G_va_list);
+extern int __nldbl___obstack_vprintf_chk (struct obstack *, int, const char *,
+					  _G_va_list) __THROW;
 extern void __nldbl___vsyslog_chk (int, int, const char *, va_list);
 
 
--- libc/sysdeps/ieee754/ldbl-opt/Versions.jj	2007-09-18 21:24:15.000000000 +0200
+++ libc/sysdeps/ieee754/ldbl-opt/Versions	2008-03-04 13:39:25.000000000 +0100
@@ -73,6 +73,11 @@ libc {
     __nldbl___isoc99_swscanf; __nldbl___isoc99_vwscanf;
     __nldbl___isoc99_vfwscanf; __nldbl___isoc99_vswscanf;
   }
+  GLIBC_2.8 {
+    __nldbl___asprintf_chk; __nldbl___vasprintf_chk;
+    __nldbl___dprintf_chk; __nldbl___vdprintf_chk;
+    __nldbl___obstack_printf_chk; __nldbl___obstack_vprintf_chk;
+  }
 }
 libm {
   NLDBL_VERSION {
--- libc/sysdeps/ieee754/ldbl-opt/nldbl-obstack_printf_chk.c.jj	2008-03-04 13:45:35.000000000 +0100
+++ libc/sysdeps/ieee754/ldbl-opt/nldbl-obstack_printf_chk.c	2008-03-04 13:46:02.000000000 +0100
@@ -0,0 +1,13 @@
+#include "nldbl-compat.h"
+
+int
+attribute_hidden
+__obstack_printf_chk (struct obstack *obstack, int flag, const char *fmt, ...)
+{
+  int result;
+  va_list ap;
+  va_start (ap, fmt);
+  result = __nldbl___obstack_vprintf_chk (obstack, flag, fmt, ap);
+  va_end (ap);
+  return result;
+}
--- libc/sysdeps/ieee754/ldbl-opt/nldbl-asprintf_chk.c.jj	2008-03-04 13:42:32.000000000 +0100
+++ libc/sysdeps/ieee754/ldbl-opt/nldbl-asprintf_chk.c	2008-03-04 13:42:58.000000000 +0100
@@ -0,0 +1,15 @@
+#include "nldbl-compat.h"
+
+attribute_hidden
+int
+__asprintf_chk (char **string_ptr, int flag, const char *fmt, ...)
+{
+  va_list arg;
+  int done;
+
+  va_start (arg, fmt);
+  done = __nldbl___vasprintf_chk (string_ptr, flag, fmt, arg);
+  va_end (arg);
+
+  return done;
+}
--- libc/sysdeps/ieee754/ldbl-opt/nldbl-vdprintf_chk.c.jj	2008-03-04 13:40:52.000000000 +0100
+++ libc/sysdeps/ieee754/ldbl-opt/nldbl-vdprintf_chk.c	2008-03-04 13:41:11.000000000 +0100
@@ -0,0 +1,8 @@
+#include "nldbl-compat.h"
+
+int
+attribute_hidden
+__vdprintf_chk (int d, int flag, const char *fmt, va_list arg)
+{
+  return __nldbl___vdprintf_chk (d, flag, fmt, arg);
+}
--- libc/sysdeps/ieee754/ldbl-opt/Makefile.jj	2007-09-18 21:24:15.000000000 +0200
+++ libc/sysdeps/ieee754/ldbl-opt/Makefile	2008-03-04 13:48:05.000000000 +0100
@@ -20,7 +20,8 @@ libnldbl-calls = asprintf dprintf fprint
 		 fprintf_chk fwprintf_chk printf_chk snprintf_chk sprintf_chk \
 		 swprintf_chk vfprintf_chk vfwprintf_chk vprintf_chk \
 		 vsnprintf_chk vsprintf_chk vswprintf_chk vwprintf_chk \
-		 wprintf_chk \
+		 wprintf_chk asprintf_chk vasprintf_chk dprintf_chk \
+		 vdprintf_chk obstack_printf_chk obstack_vprintf_chk \
 		 syslog syslog_chk vsyslog vsyslog_chk \
 		 strfmon strfmon_l \
 		 strtold strtold_l strtoldint wcstold wcstold_l wcstoldint \
--- libc/sysdeps/ieee754/ldbl-opt/nldbl-vasprintf_chk.c.jj	2008-03-04 13:46:58.000000000 +0100
+++ libc/sysdeps/ieee754/ldbl-opt/nldbl-vasprintf_chk.c	2008-03-04 13:47:22.000000000 +0100
@@ -0,0 +1,8 @@
+#include "nldbl-compat.h"
+
+int
+attribute_hidden
+__vasprintf_chk (char **result_ptr, int flag, const char *fmt, va_list ap)
+{
+  return __nldbl___vasprintf_chk (result_ptr, flag, fmt, ap);
+}

	Jakub


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]