cdefs: Drop access attribute for _FORTIFY_SOURCE=3 (BZ #31383)

When passed a pointer to a zero-sized struct, the access attribute
without the third argument misleads -Wstringop-overflow diagnostics to
think that a function is writing 1 byte into the zero-sized structs.
The attribute doesn't add that much value in this context, so drop it
completely for _FORTIFY_SOURCE=3.

Resolves: BZ #31383
Signed-off-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>

diff --git a/io/Makefile b/io/Makefile
index 54d950d51f31758bc2e69d78eb48cdb29ed6313c..19932d50f7e955e65867509e211dafccd424ca08 100644 (file)
--- a/io/Makefile
+++ b/io/Makefile
@@ -215,6 +215,7 @@ tests := \
   tst-openat \
   tst-posix_fallocate \
   tst-posix_fallocate64 \
+  tst-read-zero \
   tst-readlinkat \
   tst-renameat \
   tst-stat \
@@ -290,6 +291,7 @@ CFLAGS-read.c += -fexceptions -fasynchronous-unwind-tables $(config-cflags-wno-i
 CFLAGS-write.c += -fexceptions -fasynchronous-unwind-tables $(config-cflags-wno-ignored-attributes)
 CFLAGS-close.c += -fexceptions -fasynchronous-unwind-tables
 CFLAGS-lseek64.c += $(config-cflags-wno-ignored-attributes)
+CFLAGS-tst-read-zero.c += $(no-fortify-source),-D_FORTIFY_SOURCE=$(supported-fortify)
 
 CFLAGS-test-stat.c += -D_FILE_OFFSET_BITS=64 -D_LARGEFILE64_SOURCE
 CFLAGS-test-lfs.c += -D_LARGEFILE64_SOURCE

diff --git a/io/tst-read-zero.c b/io/tst-read-zero.c
new file mode 100644 (file)
index 0000000..8d1d30a
--- /dev/null
+++ b/io/tst-read-zero.c
@@ -0,0 +1,39 @@
+/* read smoke test for 0-sized structures.
+   Copyright The GNU Toolchain Authors.
+   This file is part of the GNU C Library.
+
+   The GNU C Library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Lesser General Public
+   License as published by the Free Software Foundation; either
+   version 2.1 of the License, or (at your option) any later version.
+
+   The GNU C Library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Lesser General Public License for more details.
+
+   You should have received a copy of the GNU Lesser General Public
+   License along with the GNU C Library; if not, see
+   <https://www.gnu.org/licenses/>.  */
+
+/* Zero-sized structures should not result in any overflow warnings or
+   errors when fortification is enabled.  */
+#include <fcntl.h>
+#include <stdio.h>
+#include <unistd.h>
+#include <support/check.h>
+
+int
+do_test (void)
+{
+  struct test_st {} test_info[16];
+  int fd = open ("/dev/zero", O_RDONLY, 0);
+
+  if (fd == -1)
+    FAIL_UNSUPPORTED ("Unable to open /dev/zero: %m");
+
+  TEST_VERIFY_EXIT (read (fd, test_info, sizeof(test_info)) == 0);
+  return 0;
+}
+
+#include <support/test-driver.c>

diff --git a/misc/sys/cdefs.h b/misc/sys/cdefs.h
index 6b03417453629e42baf2f5e5b35092ca4cdbe86b..2e8279a2c794eec268886190c95bbfd8f7701272 100644 (file)
--- a/misc/sys/cdefs.h
+++ b/misc/sys/cdefs.h
@@ -837,10 +837,10 @@ _Static_assert (0, "IEEE 128-bits long double requires redirection on this platf
 #  define __attr_access(x) __attribute__ ((__access__ x))
 /* For _FORTIFY_SOURCE == 3 we use __builtin_dynamic_object_size, which may
    use the access attribute to get object sizes from function definition
-   arguments, so we can't use them on functions we fortify.  Drop the object
-   size hints for such functions.  */
+   arguments, so we can't use them on functions we fortify.  Drop the access
+   attribute for such functions.  */
 #  if __USE_FORTIFY_LEVEL == 3
-#    define __fortified_attr_access(a, o, s) __attribute__ ((__access__ (a, o)))
+#    define __fortified_attr_access(a, o, s)
 #  else
 #    define __fortified_attr_access(a, o, s) __attr_access ((a, o, s))
 #  endif